[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests -
testBindings.py:1.3
Brian Lloyd
brian at zope.com
Wed Jan 21 14:05:34 EST 2004
Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv20511/lib/python/AccessControl/tests
Modified Files:
testBindings.py
Log Message:
merge binding fixes
=== Zope/lib/python/AccessControl/tests/testBindings.py 1.2 => 1.3 ===
--- Zope/lib/python/AccessControl/tests/testBindings.py:1.2 Thu Jan 15 18:09:06 2004
+++ Zope/lib/python/AccessControl/tests/testBindings.py Wed Jan 21 14:05:33 2004
@@ -17,35 +17,10 @@
"""
import unittest
-import Zope
-import AccessControl.SecurityManagement
-from AccessControl import Unauthorized
-from Testing.makerequest import makerequest
-from Products.PythonScripts.PythonScript import PythonScript
-
-
-class TransactionalTest( unittest.TestCase ):
-
- def setUp( self ):
- if hasattr(Zope, 'startup'):
- Zope.startup()
- get_transaction().begin()
- self.connection = Zope.DB.open()
- self.root = self.connection.root()[ 'Application' ]
-
- def tearDown( self ):
- get_transaction().abort()
- self.connection.close()
-
-
-class RequestTest( TransactionalTest ):
-
- def setUp(self):
- TransactionalTest.setUp(self)
- root = self.root = makerequest(self.root)
- self.REQUEST = root.REQUEST
- self.RESPONSE = root.REQUEST.RESPONSE
-
+import ZODB
+from Acquisition import Implicit
+from OFS.ObjectManager import ObjectManager
+from OFS.Folder import Folder
class SecurityManager:
@@ -54,12 +29,14 @@
self.reject = reject
def validate(self, *args):
+ from AccessControl import Unauthorized
self.calls.append(('validate', args))
if self.reject:
raise Unauthorized
return 1
def validateValue(self, *args):
+ from AccessControl import Unauthorized
self.calls.append(('validateValue', args))
if self.reject:
raise Unauthorized
@@ -68,58 +45,180 @@
def checkPermission(self, *args):
self.calls.append(('checkPermission', args))
return not self.reject
-
+
def addContext(self, *args):
self.calls.append(('addContext', args))
return 1
-
+
def removeContext(self, *args):
self.calls.append(('removeContext', args))
return 1
-
-class GuardTestCase(RequestTest):
- def setSecurityManager(self, manager):
- key = AccessControl.SecurityManagement.get_ident()
- old = AccessControl.SecurityManagement._managers.get(key)
- if manager is None:
- del AccessControl.SecurityManagement._managers[key]
- else:
- AccessControl.SecurityManagement._managers[key] = manager
-
- return old
-
-
-class TestBindings(GuardTestCase):
+class UnderprivilegedUser:
+ def getId(self):
+ return 'underprivileged'
+
+ def allowed(self, object, object_roles=None):
+ return 0
+
+class RivilegedUser:
+ def getId(self):
+ return 'privileged'
+
+ def allowed(self, object, object_roles=None):
+ return 1
+
+class FauxRoot(ObjectManager):
+ def __repr__(self):
+ return '<FauxRoot>'
+
+class FauxFolder(Folder):
+ def __repr__(self):
+ return '<FauxFolder: %s>' % self.getId()
+
+class TestBindings(unittest.TestCase):
def setUp(self):
- RequestTest.setUp(self)
- self.sm = SecurityManager(reject=1)
- self.old = self.setSecurityManager(self.sm)
+ from Testing.ZODButil import makeDB
+ get_transaction().begin()
+ self.connection = makeDB().open()
def tearDown(self):
- self.setSecurityManager(self.old)
- TransactionalTest.tearDown(self)
+ from Testing.ZODButil import cleanDB
+ from AccessControl.SecurityManagement import noSecurityManager
+ noSecurityManager()
+ get_transaction().abort()
+ self.connection.close()
+ cleanDB()
+
+ def _getRoot(self):
+ from Testing.makerequest import makerequest
+ #true_root = self.connection.root()[ 'Application' ]
+ #true_root = self.connection.root()
+ #return makerequest(true_root)
+ return makerequest(FauxRoot())
+
+ def _makeTree(self):
+
+ root = self._getRoot()
+
+ guarded = FauxFolder()
+ guarded._setId('guarded')
+ guarded.__roles__ = ( 'Manager', )
+ root._setOb('guarded', guarded)
+ guarded = root._getOb('guarded')
+
+ open = FauxFolder()
+ open._setId('open')
+ open.__roles__ = ( 'Anonymous', )
+ guarded._setOb('open', open)
+
+ bound_unused_container_ps = self._newPS('return 1')
+ guarded._setOb('bound_unused_container_ps', bound_unused_container_ps)
+
+ bound_used_container_ps = self._newPS('return container.id')
+ guarded._setOb('bound_used_container_ps', bound_used_container_ps)
+
+ bound_used_container_ok_ps = self._newPS('return container.id')
+ open._setOb('bound_used_container_ok_ps', bound_used_container_ok_ps)
+
+ bound_unused_context_ps = self._newPS('return 1')
+ guarded._setOb('bound_unused_context_ps', bound_unused_context_ps)
+
+ bound_used_context_ps = self._newPS('return context.id')
+ guarded._setOb('bound_used_context_ps', bound_used_context_ps)
+
+ container_ps = self._newPS('return container')
+ guarded._setOb('container_ps', container_ps)
+
+ context_ps = self._newPS('return context')
+ guarded._setOb('context_ps', context_ps)
+
+ return root
def _newPS(self, txt, bind=None):
+ from Products.PythonScripts.PythonScript import PythonScript
ps = PythonScript('ps')
#ps.ZBindings_edit(bind or {})
ps.write(txt)
ps._makeFunction()
return ps
-
- def test_fail_container(self):
- container_ps = self._newPS('return container')
- self.root._setOb('container_ps', container_ps)
- container_ps = self.root._getOb('container_ps')
- self.assertRaises(Unauthorized, container_ps)
- def test_fail_context(self):
- context_ps = self._newPS('return context')
- self.root._setOb('context_ps', context_ps)
- context_ps = self.root._getOb('context_ps')
- self.assertRaises(Unauthorized, context_ps)
-
+ # These test that the mere binding of context or container, when the
+ # user doesn't have access to them, doesn't raise an unauthorized. An
+ # exception *will* be raised if the script attempts to use them. This
+ # is a b/w compatibility hack: see Bindings.py for details.
+
+ def test_bound_unused_container(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ ps = guarded._getOb('bound_unused_container_ps')
+ self.assertEqual(ps(), 1)
+
+ def test_bound_used_container(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ from AccessControl import Unauthorized
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ ps = guarded._getOb('bound_used_container_ps')
+ self.assertRaises(Unauthorized, ps)
+
+ def test_bound_used_container_allowed(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ open = guarded._getOb('open')
+ ps = open.unrestrictedTraverse('bound_used_container_ok_ps')
+ self.assertEqual(ps(), 'open')
+
+ def test_bound_unused_context(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ ps = guarded._getOb('bound_unused_context_ps')
+ self.assertEqual(ps(), 1)
+
+ def test_bound_used_context(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ from AccessControl import Unauthorized
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ ps = guarded._getOb('bound_used_context_ps')
+ self.assertRaises(Unauthorized, ps)
+
+ def test_bound_used_context_allowed(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ open = guarded._getOb('open')
+ ps = open.unrestrictedTraverse('bound_used_context_ps')
+ self.assertEqual(ps(), 'open')
+
+ def test_ok_no_bindings(self):
+ from AccessControl.SecurityManagement import newSecurityManager
+ newSecurityManager(None, UnderprivilegedUser())
+ root = self._makeTree()
+ guarded = root._getOb('guarded')
+ boundless_ps = self._newPS('return 42')
+ guarded._setOb('boundless_ps', boundless_ps)
+ boundless_ps = guarded._getOb('boundless_ps')
+ #
+ # Clear the bindings, so that the script may execute.
+ #
+ boundless_ps.ZBindings_edit( {'name_context': '',
+ 'name_container': '',
+ 'name_m_self': '',
+ 'name_ns': '',
+ 'name_subpath': ''})
+ self.assertEqual(boundless_ps(), 42)
+
def test_suite():
suite = unittest.TestSuite()
More information about the Zope-Checkins
mailing list