[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests -
testZopeSecurityPolicy.py:1.10
Brian Lloyd
brian at zope.com
Tue Jan 27 14:22:52 EST 2004
Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv27339/tests
Modified Files:
testZopeSecurityPolicy.py
Log Message:
unify policy tests
=== Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py 1.9 => 1.10 ===
--- Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py:1.9 Tue Jan 27 11:59:23 2004
+++ Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py Tue Jan 27 14:22:51 2004
@@ -37,8 +37,11 @@
class App(Explicit):
- pass
-
+ def unrestrictedTraverse(self, path):
+ ob = self
+ for el in path:
+ ob = getattr(ob, el)
+ return ob
class PublicMethod (Method):
def getOwner(self):
@@ -73,11 +76,26 @@
_proxy_roles = sysadmin_roles
+class OwnedSetuidMethod(Implicit):
+ __roles__ = eo_roles
+ _proxy_roles = sysadmin_roles
+
+ def getOwner(self, info=0):
+ if info:
+ return (('subobject', 'acl_users'), 'theowner')
+ else:
+ return self.aq_parent.aq_parent.acl_users.getUserById('theowner')
+
+ def getWrappedOwner(self):
+ acl_users = self.aq_parent.aq_parent.acl_users
+ user = acl_users.getUserById('theowner')
+ return user.__of__(acl_users)
+
+
class DangerousMethod (PublicMethod):
# Only accessible to sysadmin or people who use proxy roles
__roles__ = sysadmin_roles
-
class SimpleItemish (Implicit):
public_m = PublicMethod()
protected_m = ProtectedMethod()
@@ -87,12 +105,23 @@
public_prop = 'Public Value'
private_prop = 'Private Value'
+class ImplictAcqObject(Implicit):
+ pass
+
class UnprotectedSimpleItem (SimpleItemish):
__allow_access_to_unprotected_subobjects__ = 1
+class OwnedSimpleItem(UnprotectedSimpleItem):
+ def getOwner(self, info=0):
+ if info:
+ return (('subobject', 'acl_users'), 'theowner')
+ else:
+ return self.aq_parent.acl_users.getuserById('theowner')
+
+
class RestrictedSimpleItem (SimpleItemish):
__allow_access_to_unprotected_subobjects__ = 0
@@ -257,6 +286,39 @@
'', '', name, '', None)
else:
policy.validate('', '', name, '', None)
+
+ def testProxyRoleScope(self):
+ self.a.subobject = ImplictAcqObject()
+ subobject = self.a.subobject
+ subobject.acl_users = UserFolder()
+ subobject.acl_users._addUser('theowner', 'password', 'password',
+ eo_roles + sysadmin_roles, ())
+ subobject.item = UnprotectedSimpleItem()
+ subitem = subobject.item
+ subitem.owned_setuid_m = OwnedSetuidMethod()
+ subitem.getPhysicalRoot = lambda root=self.a: root
+
+ item = self.a.item
+ item.getPhysicalRoot = lambda root=self.a: root
+ self.context.stack.append(subitem.owned_setuid_m.__of__(subitem))
+
+ # Out of owner context
+ self.assertPolicyAllows(item, 'public_m')
+ self.assertPolicyDenies(item, 'protected_m')
+ self.assertPolicyDenies(item, 'owned_m')
+ self.assertPolicyAllows(item, 'setuid_m')
+ self.assertPolicyDenies(item, 'dangerous_m')
+
+ # Inside owner context
+ self.assertPolicyAllows(subitem, 'public_m')
+ self.assertPolicyDenies(subitem, 'protected_m')
+ self.assertPolicyDenies(subitem, 'owned_m')
+ self.assertPolicyAllows(subitem, 'setuid_m')
+ self.assertPolicyAllows(subitem, 'dangerous_m')
+
+ def testUnicodeName(self):
+ policy = self.policy
+ assert policy.validate('', '', u'foo', '', None)
if 0:
# This test purposely generates a log entry.
More information about the Zope-Checkins
mailing list