[Zope-Checkins] CVS: Packages/OFS/tests -
testCopySupport.py:1.7.64.1
Tres Seaver
tseaver at zope.com
Sat Aug 7 13:15:49 EDT 2004
Update of /cvs-repository/Packages/OFS/tests
In directory cvs.zope.org:/tmp/cvs-serv31145/lib/python/OFS/tests
Modified Files:
Tag: Zope-2_7-branch
testCopySupport.py
Log Message:
- Removed DWIM'y attempt to filter acquired-but-not-aceessible
results from 'guarded_getattr'.
=== Packages/OFS/tests/testCopySupport.py 1.7 => 1.7.64.1 ===
--- Packages/OFS/tests/testCopySupport.py:1.7 Thu Aug 22 19:06:41 2002
+++ Packages/OFS/tests/testCopySupport.py Sat Aug 7 13:15:48 2004
@@ -1,18 +1,27 @@
-import os, sys, unittest
+import unittest
+import cStringIO
+from mimetools import Message
+from multifile import MultiFile
-import string, cStringIO, re
-import ZODB, Acquisition
+from AccessControl import SecurityManager
+from AccessControl.SecurityManagement import newSecurityManager
+from AccessControl.SecurityManagement import noSecurityManager
+from Acquisition import Implicit
+from Acquisition import aq_base
from OFS.Application import Application
from OFS.Folder import manage_addFolder
from OFS.Image import manage_addFile
from Testing.makerequest import makerequest
from webdav.common import rfc1123_date
-from AccessControl import SecurityManager
-from AccessControl.SecurityManagement import newSecurityManager
-from AccessControl.SecurityManagement import noSecurityManager
-from mimetools import Message
-from multifile import MultiFile
+
+ADD_IMAGES_AND_FILES = 'Add images and files'
+FILE_META_TYPES = ( { 'name' : 'File'
+ , 'action' : 'manage_addFile'
+ , 'permission' : ADD_IMAGES_AND_FILES
+ }
+ ,
+ )
class UnitTestSecurityPolicy:
"""
@@ -35,7 +44,7 @@
def checkPermission( self, permission, object, context) :
return 1
-class UnitTestUser( Acquisition.Implicit ):
+class UnitTestUser( Implicit ):
"""
Stubbed out manager for unit testing purposes.
"""
@@ -54,9 +63,9 @@
s = DemoStorage(quota=(1<<20))
return ZODB.DB( s ).open()
-class TestCopySupport( unittest.TestCase ):
+class CopySupportTestBase(unittest.TestCase):
- def setUp( self ):
+ def _initFolders(self):
self.connection = makeConnection()
try:
@@ -71,14 +80,6 @@
folder1 = getattr( self.app, 'folder1' )
folder2 = getattr( self.app, 'folder2' )
- folder1.all_meta_types = folder2.all_meta_types = \
- ( { 'name' : 'File'
- , 'action' : 'manage_addFile'
- , 'permission' : 'Add images and files'
- }
- ,
- )
-
manage_addFile( folder1, 'file'
, file='', content_type='text/plain')
@@ -90,27 +91,44 @@
self.connection.close()
raise
get_transaction().begin()
- self.folder1 = getattr( self.app, 'folder1' )
- self.folder2 = getattr( self.app, 'folder2' )
+
+ return self.app._getOb( 'folder1' ), self.app._getOb( 'folder2' )
+
+ def _cleanApp( self ):
+
+ get_transaction().abort()
+ self.app._p_jar.sync()
+ self.connection.close()
+ del self.app
+ del self.responseOut
+ del self.root
+ del self.connection
+
+class TestCopySupport( CopySupportTestBase ):
+
+ def setUp( self ):
+
+ folder1, folder2 = self._initFolders()
+
+ folder1.all_meta_types = folder2.all_meta_types = FILE_META_TYPES
+
+ self.folder1 = folder1
+ self.folder2 = folder2
self.policy = UnitTestSecurityPolicy()
self.oldPolicy = SecurityManager.setSecurityPolicy( self.policy )
newSecurityManager( None, UnitTestUser().__of__( self.root ) )
def tearDown( self ):
+
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
del self.oldPolicy
del self.policy
del self.folder2
del self.folder1
- get_transaction().abort()
- self.app._p_jar.sync()
- self.connection.close()
- del self.app
- del self.responseOut
- del self.root
- del self.connection
+
+ self._cleanApp()
def testRename( self ):
self.failUnless( 'file' in self.folder1.objectIds() )
@@ -219,10 +237,242 @@
{'id':'file1', 'new_id':'copy_of_file1'},
{'id':'file2', 'new_id':'copy_of_file2'}])
+class _SensitiveSecurityPolicy:
+
+ def __init__( self, validate_lambda, checkPermission_lambda ):
+ self._lambdas = ( validate_lambda, checkPermission_lambda )
+
+ def validate( self, *args, **kw ):
+ return self._lambdas[ 0 ]( *args, **kw )
+
+ def checkPermission( self, *args, **kw ) :
+ return self._lambdas[ 1 ]( *args, **kw )
+
+class _AllowedUser( UnitTestUser ):
+
+ def __init__( self, allowed_lambda ):
+ self._lambdas = ( allowed_lambda, )
+
+ def allowed( self, object, object_roles=None ):
+ return self._lambdas[ 0 ]( object, object_roles )
+
+class TestCopySupportSecurity( CopySupportTestBase ):
+
+ _old_policy = None
+
+ def setUp( self ):
+ self._scrubSecurity()
+
+ def tearDown( self ):
+
+ self._scrubSecurity()
+ self._cleanApp()
+
+ def _scrubSecurity( self ):
+
+ noSecurityManager()
+
+ if self._old_policy is not None:
+ SecurityManager.setSecurityPolicy( self._old_policy )
+
+ def _assertCopyErrorUnauth( self, callable, *args, **kw ):
+
+ import re
+ from zExceptions import Unauthorized
+ from OFS.CopySupport import CopyError
+
+ ce_regex = kw.get( 'ce_regex' )
+ if ce_regex is not None:
+ del kw[ 'ce_regex' ]
+
+ try:
+ callable( *args, **kw )
+
+ except CopyError, e:
+
+ if ce_regex is not None:
+
+ pattern = re.compile( ce_regex, re.DOTALL )
+ if pattern.search( e ) is None:
+ self.fail( "Paste failed; didn't match pattern:\n%s" % e )
+
+ else:
+ self.fail( "Paste failed; no pattern:\n%s" % e )
+
+ except Unauthorized, e:
+ pass
+
+ else:
+ self.fail( "Paste allowed unexpectedly." )
+
+ def _initPolicyAndUser( self
+ , a_lambda=None
+ , v_lambda=None
+ , c_lambda=None
+ ):
+ def _promiscuous( *args, **kw ):
+ return 1
+
+ if a_lambda is None:
+ a_lambda = _promiscuous
+
+ if v_lambda is None:
+ v_lambda = _promiscuous
+
+ if c_lambda is None:
+ c_lambda = _promiscuous
+
+ scp = _SensitiveSecurityPolicy( v_lambda, c_lambda )
+ self._old_policy = SecurityManager.setSecurityPolicy( scp )
+
+ newSecurityManager( None
+ , _AllowedUser( a_lambda ).__of__( self.root ) )
+
+ def test_copy_baseline( self ):
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = FILE_META_TYPES
+
+ self._initPolicyAndUser()
+
+ self.failUnless( 'file' in folder1.objectIds() )
+ self.failIf( 'file' in folder2.objectIds() )
+
+ cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+ folder2.manage_pasteObjects( cookie )
+
+ self.failUnless( 'file' in folder1.objectIds() )
+ self.failUnless( 'file' in folder2.objectIds() )
+
+ def test_copy_cant_read_source( self ):
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = FILE_META_TYPES
+
+ a_file = folder1._getOb( 'file' )
+
+ def _validate( a, c, n, v, *args, **kw ):
+ return aq_base( v ) is not aq_base( a_file )
+
+ self._initPolicyAndUser( v_lambda=_validate )
+
+ cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Insufficient privileges'
+ )
+
+ def test_copy_cant_create_target_metatype_not_supported( self ):
+
+ from OFS.CopySupport import CopyError
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = ()
+
+ self._initPolicyAndUser()
+
+ cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Not Supported'
+ )
+
+ def test_move_baseline( self ):
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = FILE_META_TYPES
+
+ self.failUnless( 'file' in folder1.objectIds() )
+ self.failIf( 'file' in folder2.objectIds() )
+
+ self._initPolicyAndUser()
+
+ cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+ folder2.manage_pasteObjects( cookie )
+
+ self.failIf( 'file' in folder1.objectIds() )
+ self.failUnless( 'file' in folder2.objectIds() )
+
+ def test_move_cant_read_source( self ):
+
+ from OFS.CopySupport import CopyError
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = FILE_META_TYPES
+
+ a_file = folder1._getOb( 'file' )
+
+ def _validate( a, c, n, v, *args, **kw ):
+ return aq_base( v ) is not aq_base( a_file )
+
+ self._initPolicyAndUser( v_lambda=_validate )
+
+ cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Insufficient privileges'
+ )
+
+ def test_move_cant_create_target_metatype_not_supported( self ):
+
+ from OFS.CopySupport import CopyError
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = ()
+
+ self._initPolicyAndUser()
+
+ cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Not Supported'
+ )
+
+ def test_move_cant_create_target_metatype_not_allowed( self ):
+
+ from OFS.CopySupport import CopyError
+
+ folder1, folder2 = self._initFolders()
+ folder2.all_meta_types = FILE_META_TYPES
+
+ def _no_manage_addFile( a, c, n, v, *args, **kw ):
+ return n != 'manage_addFile'
+
+ self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+
+ cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Insufficient Privileges'
+ + '.*%s' % ADD_IMAGES_AND_FILES
+ )
+
+ def test_move_cant_delete_source( self ):
+
+ from OFS.CopySupport import CopyError
+ from AccessControl.Permissions import delete_objects as DeleteObjects
+
+ folder1, folder2 = self._initFolders()
+ folder1.manage_permission( DeleteObjects, roles=(), acquire=0 )
+ folder2.all_meta_types = FILE_META_TYPES
+
+ def _no_delete_objects(permission, object, context):
+ return permission != DeleteObjects
+
+ self._initPolicyAndUser( c_lambda=_no_delete_objects )
+
+ cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+ self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+ , cookie
+ , ce_regex='Insufficient Privileges'
+ + '.*%s' % DeleteObjects
+ )
+
def test_suite():
suite = unittest.TestSuite()
suite.addTest( unittest.makeSuite( TestCopySupport ) )
+ suite.addTest( unittest.makeSuite( TestCopySupportSecurity ) )
return suite
def main():
More information about the Zope-Checkins
mailing list