[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests - testZopeSecurityPolicy.py:1.5.6.3

Brian Lloyd brian at zope.com
Tue Jan 27 14:19:06 EST 2004 

Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv26781/tests

Modified Files:
      Tag: Zope-2_6-branch
	testZopeSecurityPolicy.py 
Log Message:
unify policy tests


=== Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py 1.5.6.2 => 1.5.6.3 ===
--- Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py:1.5.6.2	Tue Jan 27 11:15:36 2004
+++ Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py	Tue Jan 27 14:19:06 2004
@@ -37,8 +37,11 @@
 
 
 class App(Explicit):
-    pass
-
+    def unrestrictedTraverse(self, path):
+        ob = self
+        for el in path:
+            ob = getattr(ob, el)
+        return ob
 
 class PublicMethod (Method):
     def getOwner(self):
@@ -70,6 +73,22 @@
     _proxy_roles = sysadmin_roles
 
 
+class OwnedSetuidMethod(Implicit):
+    __roles__ = eo_roles
+    _proxy_roles = sysadmin_roles
+
+    def getOwner(self, info=0):
+        if info:
+            return (('subobject', 'acl_users'), 'theowner')
+        else:
+            return self.aq_parent.aq_parent.acl_users.getUserById('theowner')
+        
+    def getWrappedOwner(self):
+        acl_users = self.aq_parent.aq_parent.acl_users
+        user = acl_users.getUserById('theowner')
+        return user.__of__(acl_users)
+
+
 class DangerousMethod (PublicMethod):
     # Only accessible to sysadmin or people who use proxy roles
     __roles__ = sysadmin_roles
@@ -84,12 +103,23 @@
     public_prop = 'Public Value'
     private_prop = 'Private Value'
 
+class ImplictAcqObject(Implicit):
+    pass
+
 
 class UnprotectedSimpleItem (SimpleItemish):
 
     __allow_access_to_unprotected_subobjects__ = 1
 
 
+class OwnedSimpleItem(UnprotectedSimpleItem):
+    def getOwner(self, info=0):
+        if info:
+            return (('subobject', 'acl_users'), 'theowner')
+        else:
+            return self.aq_parent.acl_users.getuserById('theowner')
+
+
 class RestrictedSimpleItem (SimpleItemish):
 
     __allow_access_to_unprotected_subobjects__ = 0
@@ -215,6 +245,14 @@
         c.attr = PublicMethod()
         self.assertPolicyAllows(c, 'attr')
 
+    def testUnicodeAttributeLookups(self):
+        item = self.item
+        r_item = self.a.r_item
+        self.assertPolicyAllows(item, u'public_prop')
+        self.assertPolicyDenies(r_item, u'private_prop')
+        self.assertPolicyAllows(item, u'public_m')
+        self.assertPolicyDenies(item, u'dangerous_m')
+
     def testRolesForPermission(self):
         # Test of policy.checkPermission().
         r_item = self.a.r_item
@@ -225,6 +263,15 @@
         v = self.policy.checkPermission('View', r_item, o_context)
         assert v, '_View_Permission should grant access to theowner'
 
+    def testUnicodeRolesForPermission(self):
+        r_item = self.a.r_item
+        context = self.context
+        v = self.policy.checkPermission(u'View', r_item, context)
+        self.assert_(not v, '_View_Permission should deny access to user')
+        o_context = SecurityContext(self.uf.getUserById('theowner'))
+        v = self.policy.checkPermission(u'View', r_item, o_context)
+        self.assert_(v, '_View_Permission should grant access to theowner')
+
     def testAqNames(self):
         policy = self.policy
         assert not policy.validate('', '', 'aq_self', '', None)
@@ -232,6 +279,35 @@
         assert policy.validate('', '', 'aq_parent', '', None)
         assert policy.validate('', '', 'aq_explicit', '', None)
         assert policy.validate('', '', 'aq_inner', '', None)
+
+    def testProxyRoleScope(self):
+        self.a.subobject = ImplictAcqObject()
+        subobject = self.a.subobject
+        subobject.acl_users = UserFolder()
+        subobject.acl_users._addUser('theowner', 'password', 'password', 
+                                      eo_roles + sysadmin_roles, ())
+        subobject.item = UnprotectedSimpleItem()
+        subitem = subobject.item
+        subitem.owned_setuid_m = OwnedSetuidMethod()
+        subitem.getPhysicalRoot = lambda root=self.a: root
+        
+        item = self.a.item
+        item.getPhysicalRoot = lambda root=self.a: root
+        self.context.stack.append(subitem.owned_setuid_m.__of__(subitem))
+        
+        # Out of owner context
+        self.assertPolicyAllows(item, 'public_m')
+        self.assertPolicyDenies(item, 'protected_m')
+        self.assertPolicyDenies(item, 'owned_m')
+        self.assertPolicyAllows(item, 'setuid_m')
+        self.assertPolicyDenies(item, 'dangerous_m')
+
+        # Inside owner context
+        self.assertPolicyAllows(subitem, 'public_m')
+        self.assertPolicyDenies(subitem, 'protected_m')
+        self.assertPolicyDenies(subitem, 'owned_m')
+        self.assertPolicyAllows(subitem, 'setuid_m')
+        self.assertPolicyAllows(subitem, 'dangerous_m')
 
     def testUnicodeName(self):
         policy = self.policy

More information about the Zope-Checkins mailing list