[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests -
testZopeSecurityPolicy.py:1.8
Jim Fulton
cvs-admin at zope.org
Fri Nov 28 11:44:08 EST 2003
Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv3621/lib/python/AccessControl/tests
Modified Files:
testZopeSecurityPolicy.py
Log Message:
Changed the mechanism for getting object roles, based on a suggestion
by Dieter Maurer. This was to allow storing class-defined permission
requirements for class-defined attributes in classes totally
independently from the values being protected.
=== Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py 1.7 => 1.8 ===
--- Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py:1.7 Thu Oct 23 21:21:49 2003
+++ Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py Fri Nov 28 11:44:07 2003
@@ -44,6 +44,9 @@
def getOwner(self):
return None
+ def __call__(*args, **kw):
+ return args, kw
+
__roles__ = None
@@ -267,9 +270,156 @@
self.fail('Policy accepted bad __roles__')
+def test_getRoles():
+ """
+
+ >>> from AccessControl.ZopeSecurityPolicy import getRoles
+
+ >>> class C:
+ ... x = 'CRole'
+
+ >>> class V:
+ ... x = 'VRole'
+
+ >>> c = C()
+ >>> c.v = V()
+
+ >>> getRoles(c, None, c.v, 42)
+ 42
+ >>> getRoles(c, 'inabox', c.v, 42)
+ 42
+
+ >>> c.v.__roles__ = ['spam', 'eggs']
+
+ >>> getRoles(c, None, c.v, 42)
+ ['spam', 'eggs']
+
+ >>> getRoles(c, 'withafox', c.v, 42)
+ ['spam', 'eggs']
+
+ >>> del c.v.__roles__
+
+ >>> V.__roles__ = ('Manager', )
+
+ >>> getRoles(c, None, c.v, 42)
+ ('Manager',)
+ >>> getRoles(c, 'withafox', c.v, 42)
+ ('Manager',)
+
+ >>> del V.__roles__
+
+ >>> c.foo__roles__ = ('Foo', )
+
+ >>> getRoles(c, None, c.v, 42)
+ 42
+ >>> getRoles(c, 'foo', c.v, 42)
+ 42
+
+ >>> C.foo__roles__ = ('Editor', )
+
+ >>> getRoles(c, None, c.v, 42)
+ 42
+ >>> getRoles(c, 'foo', c.v, 42)
+ ('Editor',)
+
+ >>> del C.foo__roles__
+
+ >>> class ComputedRoles:
+ ... def __init__(self, roles):
+ ... self.roles = roles
+ ... def rolesForPermissionOn(self, ob):
+ ... return [ob.x] + self.roles
+
+ >>> c.v.__roles__ = ComputedRoles(['Member'])
+ >>> getRoles(c, None, c.v, 42)
+ ['VRole', 'Member']
+ >>> getRoles(c, 'foo', c.v, 42)
+ ['VRole', 'Member']
+
+ >>> c.foo__roles__ = ComputedRoles(['Admin'])
+ >>> getRoles(c, None, c.v, 42)
+ ['VRole', 'Member']
+ >>> getRoles(c, 'foo', c.v, 42)
+ ['VRole', 'Member']
+
+ >>> del c.v.__roles__
+ >>> getRoles(c, None, c.v, 42)
+ 42
+ >>> getRoles(c, 'foo', c.v, 42)
+ 42
+
+ >>> C.foo__roles__ = ComputedRoles(['Guest'])
+ >>> getRoles(c, None, c.v, 42)
+ 42
+ >>> getRoles(c, 'foo', c.v, 42)
+ ['CRole', 'Guest']
+
+ >>> V.__roles__ = ComputedRoles(['Member'])
+ >>> getRoles(c, None, c.v, 42)
+ ['VRole', 'Member']
+ >>> getRoles(c, 'foo', c.v, 42)
+ ['VRole', 'Member']
+ """
+
+
+def test_zsp_gets_right_roles_for_methods():
+ """
+ >>> zsp = ZopeSecurityPolicy()
+ >>> from ExtensionClass import Base
+ >>> class C(Base):
+ ... def foo(self):
+ ... pass
+ ... foo__roles__ = ['greeneggs', 'ham']
+ ... def bar(self):
+ ... pass
+
+ >>> class User:
+ ... def __init__(self, roles):
+ ... self.roles = roles
+ ... def allowed(self, value, roles):
+ ... for role in roles:
+ ... if role in self.roles:
+ ... return True
+ ... return False
+
+ >>> class Context:
+ ... stack = ()
+ ... def __init__(self, user):
+ ... self.user = user
+
+ >>> c = C()
+
+ >>> bool(zsp.validate(c, c, 'foo', c.foo, Context(User(['greeneggs']))))
+ True
+
+ >>> zsp.validate(c, c, 'foo', c.foo, Context(User(['spam'])))
+ Traceback (most recent call last):
+ ...
+ Unauthorized: You are not allowed to access 'foo' in this context
+
+ >>> c.__roles__ = ['spam']
+ >>> zsp.validate(c, c, 'foo', c.foo, Context(User(['spam'])))
+ Traceback (most recent call last):
+ ...
+ Unauthorized: You are not allowed to access 'foo' in this context
+
+ >>> zsp.validate(c, c, 'bar', c.bar, Context(User(['spam'])))
+ Traceback (most recent call last):
+ ...
+ Unauthorized: You are not allowed to access 'bar' in this context
+
+ >>> c.__allow_access_to_unprotected_subobjects__ = 1
+ >>> bool(zsp.validate(c, c, 'bar', c.bar, Context(User(['spam']))))
+ True
+
+ """
+
+from doctest import DocTestSuite
+
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(ZopeSecurityPolicyTests, 'test'))
+ suite.addTest(DocTestSuite())
return suite
def main():
More information about the Zope-Checkins
mailing list