[Zope-Checkins] CVS: Packages/OFS/tests - testCopySupport.py:1.7.64.1

Tres Seaver tseaver at zope.com
Sat Aug 7 13:15:49 EDT 2004


Update of /cvs-repository/Packages/OFS/tests
In directory cvs.zope.org:/tmp/cvs-serv31145/lib/python/OFS/tests

Modified Files:
      Tag: Zope-2_7-branch
	testCopySupport.py 
Log Message:


  - Removed DWIM'y attempt to filter acquired-but-not-aceessible
    results from 'guarded_getattr'.


=== Packages/OFS/tests/testCopySupport.py 1.7 => 1.7.64.1 ===
--- Packages/OFS/tests/testCopySupport.py:1.7	Thu Aug 22 19:06:41 2002
+++ Packages/OFS/tests/testCopySupport.py	Sat Aug  7 13:15:48 2004
@@ -1,18 +1,27 @@
-import os, sys, unittest
+import unittest
+import cStringIO
+from mimetools import Message
+from multifile import MultiFile
 
-import string, cStringIO, re
-import ZODB, Acquisition
+from AccessControl import SecurityManager
+from AccessControl.SecurityManagement import newSecurityManager
+from AccessControl.SecurityManagement import noSecurityManager
+from Acquisition import Implicit
+from Acquisition import aq_base
 from OFS.Application import Application
 from OFS.Folder import manage_addFolder
 from OFS.Image import manage_addFile
 from Testing.makerequest import makerequest
 from webdav.common import rfc1123_date
-from AccessControl import SecurityManager
-from AccessControl.SecurityManagement import newSecurityManager
-from AccessControl.SecurityManagement import noSecurityManager
 
-from mimetools import Message
-from multifile import MultiFile
+
+ADD_IMAGES_AND_FILES = 'Add images and files'
+FILE_META_TYPES = ( { 'name'        : 'File'
+                    , 'action'      : 'manage_addFile'
+                    , 'permission'  : ADD_IMAGES_AND_FILES
+                    }
+                  ,
+                  )
 
 class UnitTestSecurityPolicy:
     """
@@ -35,7 +44,7 @@
     def checkPermission( self, permission, object, context) :
         return 1
 
-class UnitTestUser( Acquisition.Implicit ):
+class UnitTestUser( Implicit ):
     """
         Stubbed out manager for unit testing purposes.
     """
@@ -54,9 +63,9 @@
     s = DemoStorage(quota=(1<<20))
     return ZODB.DB( s ).open()
 
-class TestCopySupport( unittest.TestCase ):
+class CopySupportTestBase(unittest.TestCase):
 
-    def setUp( self ):
+    def _initFolders(self):
 
         self.connection = makeConnection()
         try:
@@ -71,14 +80,6 @@
             folder1 = getattr( self.app, 'folder1' )
             folder2 = getattr( self.app, 'folder2' )
 
-            folder1.all_meta_types = folder2.all_meta_types = \
-                                    ( { 'name'        : 'File'
-                                      , 'action'      : 'manage_addFile'
-                                      , 'permission'  : 'Add images and files'
-                                      }
-                                    ,
-                                    )
-
             manage_addFile( folder1, 'file'
                           , file='', content_type='text/plain')
 
@@ -90,27 +91,44 @@
             self.connection.close()
             raise
         get_transaction().begin()
-        self.folder1 = getattr( self.app, 'folder1' )
-        self.folder2 = getattr( self.app, 'folder2' )
+
+        return self.app._getOb( 'folder1' ), self.app._getOb( 'folder2' )
+
+    def _cleanApp( self ):
+
+        get_transaction().abort()
+        self.app._p_jar.sync()
+        self.connection.close()
+        del self.app
+        del self.responseOut
+        del self.root
+        del self.connection
+
+class TestCopySupport( CopySupportTestBase ):
+
+    def setUp( self ):
+
+        folder1, folder2 = self._initFolders()
+
+        folder1.all_meta_types = folder2.all_meta_types = FILE_META_TYPES
+
+        self.folder1 = folder1
+        self.folder2 = folder2
 
         self.policy = UnitTestSecurityPolicy()
         self.oldPolicy = SecurityManager.setSecurityPolicy( self.policy )
         newSecurityManager( None, UnitTestUser().__of__( self.root ) )
 
     def tearDown( self ):
+
         noSecurityManager()
         SecurityManager.setSecurityPolicy( self.oldPolicy )
         del self.oldPolicy
         del self.policy
         del self.folder2
         del self.folder1
-        get_transaction().abort()
-        self.app._p_jar.sync()
-        self.connection.close()
-        del self.app
-        del self.responseOut
-        del self.root
-        del self.connection
+
+        self._cleanApp()
 
     def testRename( self ):
         self.failUnless( 'file' in self.folder1.objectIds() )
@@ -219,10 +237,242 @@
                                     {'id':'file1', 'new_id':'copy_of_file1'},
                                     {'id':'file2', 'new_id':'copy_of_file2'}])
 
+class _SensitiveSecurityPolicy:
+
+    def __init__( self, validate_lambda, checkPermission_lambda ):
+        self._lambdas = ( validate_lambda, checkPermission_lambda )
+
+    def validate( self, *args, **kw ):
+        return self._lambdas[ 0 ]( *args, **kw )
+
+    def checkPermission( self, *args, **kw ) :
+        return self._lambdas[ 1 ]( *args, **kw )
+
+class _AllowedUser( UnitTestUser ):
+
+    def __init__( self, allowed_lambda ):
+        self._lambdas = ( allowed_lambda, )
+
+    def allowed( self, object, object_roles=None ):
+        return self._lambdas[ 0 ]( object, object_roles )
+
+class TestCopySupportSecurity( CopySupportTestBase ):
+
+    _old_policy = None
+
+    def setUp( self ):
+        self._scrubSecurity()
+
+    def tearDown( self ):
+
+        self._scrubSecurity()
+        self._cleanApp()
+
+    def _scrubSecurity( self ):
+
+        noSecurityManager()
+
+        if self._old_policy is not None:
+            SecurityManager.setSecurityPolicy( self._old_policy )
+
+    def _assertCopyErrorUnauth( self, callable, *args, **kw ):
+
+        import re
+        from zExceptions import Unauthorized
+        from OFS.CopySupport import CopyError
+
+        ce_regex = kw.get( 'ce_regex' )
+        if ce_regex is not None:
+            del kw[ 'ce_regex' ]
+
+        try:
+            callable( *args, **kw )
+
+        except CopyError, e:
+
+            if ce_regex is not None:
+                
+                pattern = re.compile( ce_regex, re.DOTALL )
+                if pattern.search( e ) is None:
+                    self.fail( "Paste failed; didn't match pattern:\n%s" % e )
+
+            else:
+                self.fail( "Paste failed; no pattern:\n%s" % e )
+
+        except Unauthorized, e:
+            pass
+
+        else:
+            self.fail( "Paste allowed unexpectedly." )
+
+    def _initPolicyAndUser( self    
+                          , a_lambda=None
+                          , v_lambda=None
+                          , c_lambda=None
+                          ):
+        def _promiscuous( *args, **kw ):
+            return 1
+
+        if a_lambda is None:
+            a_lambda = _promiscuous
+
+        if v_lambda is None:
+            v_lambda = _promiscuous
+
+        if c_lambda is None:
+            c_lambda = _promiscuous
+
+        scp = _SensitiveSecurityPolicy( v_lambda, c_lambda )
+        self._old_policy = SecurityManager.setSecurityPolicy( scp )
+
+        newSecurityManager( None
+                          , _AllowedUser( a_lambda ).__of__( self.root ) )
+
+    def test_copy_baseline( self ):
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = FILE_META_TYPES
+
+        self._initPolicyAndUser()
+
+        self.failUnless( 'file' in folder1.objectIds() )
+        self.failIf( 'file' in folder2.objectIds() )
+
+        cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+        folder2.manage_pasteObjects( cookie )
+
+        self.failUnless( 'file' in folder1.objectIds() )
+        self.failUnless( 'file' in folder2.objectIds() )
+
+    def test_copy_cant_read_source( self ):
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = FILE_META_TYPES
+
+        a_file = folder1._getOb( 'file' )
+
+        def _validate( a, c, n, v, *args, **kw ):
+            return aq_base( v ) is not aq_base( a_file )
+
+        self._initPolicyAndUser( v_lambda=_validate )
+
+        cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Insufficient privileges'
+                                   )
+
+    def test_copy_cant_create_target_metatype_not_supported( self ):
+        
+        from OFS.CopySupport import CopyError
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = ()
+
+        self._initPolicyAndUser()
+
+        cookie = folder1.manage_copyObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Not Supported'
+                                   )
+
+    def test_move_baseline( self ):
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = FILE_META_TYPES
+
+        self.failUnless( 'file' in folder1.objectIds() )
+        self.failIf( 'file' in folder2.objectIds() )
+
+        self._initPolicyAndUser()
+
+        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+        folder2.manage_pasteObjects( cookie )
+
+        self.failIf( 'file' in folder1.objectIds() )
+        self.failUnless( 'file' in folder2.objectIds() )
+
+    def test_move_cant_read_source( self ):
+        
+        from OFS.CopySupport import CopyError
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = FILE_META_TYPES
+
+        a_file = folder1._getOb( 'file' )
+
+        def _validate( a, c, n, v, *args, **kw ):
+            return aq_base( v ) is not aq_base( a_file )
+
+        self._initPolicyAndUser( v_lambda=_validate )
+
+        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Insufficient privileges'
+                                   )
+
+    def test_move_cant_create_target_metatype_not_supported( self ):
+        
+        from OFS.CopySupport import CopyError
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = ()
+
+        self._initPolicyAndUser()
+
+        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Not Supported'
+                                   )
+
+    def test_move_cant_create_target_metatype_not_allowed( self ):
+        
+        from OFS.CopySupport import CopyError
+
+        folder1, folder2 = self._initFolders()
+        folder2.all_meta_types = FILE_META_TYPES
+
+        def _no_manage_addFile( a, c, n, v, *args, **kw ):
+            return n != 'manage_addFile'
+
+        self._initPolicyAndUser( v_lambda=_no_manage_addFile )
+
+        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Insufficient Privileges'
+                                             + '.*%s' % ADD_IMAGES_AND_FILES
+                                   )
+
+    def test_move_cant_delete_source( self ):
+        
+        from OFS.CopySupport import CopyError
+        from AccessControl.Permissions import delete_objects as DeleteObjects
+
+        folder1, folder2 = self._initFolders()
+        folder1.manage_permission( DeleteObjects, roles=(), acquire=0 )
+        folder2.all_meta_types = FILE_META_TYPES
+
+        def _no_delete_objects(permission, object, context):
+            return permission != DeleteObjects
+
+        self._initPolicyAndUser( c_lambda=_no_delete_objects )
+
+        cookie = folder1.manage_cutObjects( ids=( 'file', ) )
+        self._assertCopyErrorUnauth( folder2.manage_pasteObjects
+                                   , cookie
+                                   , ce_regex='Insufficient Privileges'
+                                             + '.*%s' % DeleteObjects
+                                   )
+
 
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest( unittest.makeSuite( TestCopySupport ) )
+    suite.addTest( unittest.makeSuite( TestCopySupportSecurity ) )
     return suite
 
 def main():



More information about the Zope-Checkins mailing list