[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests - testBindings.py:1.1.4.4

Tres Seaver tseaver at zope.com
Tue Jan 27 14:38:04 EST 2004 

Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv29908/lib/python/AccessControl/tests

Modified Files:
      Tag: Zope-2_7-branch
	testBindings.py 
Log Message:
 - Merge bindings test, python script fix from 2.6 branch.


=== Zope/lib/python/AccessControl/tests/testBindings.py 1.1.4.3 => 1.1.4.4 ===
--- Zope/lib/python/AccessControl/tests/testBindings.py:1.1.4.3	Tue Jan 27 13:37:17 2004
+++ Zope/lib/python/AccessControl/tests/testBindings.py	Tue Jan 27 14:37:33 2004
@@ -19,6 +19,8 @@
 import unittest
 import ZODB
 from Acquisition import Implicit
+from AccessControl import ClassSecurityInfo
+from Globals import InitializeClass
 from OFS.ObjectManager import ObjectManager
 from OFS.Folder import Folder
 
@@ -73,9 +75,20 @@
         return '<FauxRoot>'
 
 class FauxFolder(Folder):
+
+    security = ClassSecurityInfo()
+    security.declareObjectPrivate()
+
+    security.declarePrivate('__repr__')
     def __repr__(self):
         return '<FauxFolder: %s>' % self.getId()
 
+    security.declarePublic('methodWithRoles')
+    def methodWithRoles(self):
+        return 'method called'
+
+InitializeClass(FauxFolder)
+
 class TestBindings(unittest.TestCase):
 
     def setUp(self):
@@ -130,12 +143,23 @@
         bound_used_context_ps = self._newPS('return context.id')
         guarded._setOb('bound_used_context_ps', bound_used_context_ps)
 
+        bound_used_context_methodWithRoles_ps = self._newPS(
+                                           'return context.methodWithRoles()')
+        guarded._setOb('bound_used_context_methodWithRoles_ps',
+                        bound_used_context_methodWithRoles_ps)
+
         container_ps = self._newPS('return container')
         guarded._setOb('container_ps', container_ps)
 
+        container_str_ps = self._newPS('return str(container)')
+        guarded._setOb('container_str_ps', container_str_ps)
+
         context_ps = self._newPS('return context')
         guarded._setOb('context_ps', context_ps)
 
+        context_str_ps = self._newPS('return str(context)')
+        guarded._setOb('context_str_ps', context_str_ps)
+
         return root
 
     def _newPS(self, txt, bind=None):
@@ -165,9 +189,32 @@
         newSecurityManager(None, UnderprivilegedUser())
         root = self._makeTree()
         guarded = root._getOb('guarded')
+
         ps = guarded._getOb('bound_used_container_ps')
         self.assertRaises(Unauthorized, ps)
 
+        ps = guarded._getOb('container_str_ps')
+        self.assertRaises(Unauthorized, ps)
+
+        ps = guarded._getOb('container_ps')
+        container = ps()
+        self.assertRaises(Unauthorized, container)
+        self.assertRaises(Unauthorized, container.index_html)
+        try:
+            str(container)
+        except Unauthorized:
+            pass
+        else:
+            self.fail("str(container) didn't raise Unauthorized!")
+
+        ps = guarded._getOb('bound_used_container_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
+        ps = guarded._getOb('container_str_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
     def test_bound_used_container_allowed(self):
         from AccessControl.SecurityManagement import newSecurityManager
         newSecurityManager(None, UnderprivilegedUser())
@@ -191,9 +238,32 @@
         newSecurityManager(None, UnderprivilegedUser())
         root = self._makeTree()
         guarded = root._getOb('guarded')
+
         ps = guarded._getOb('bound_used_context_ps')
         self.assertRaises(Unauthorized, ps)
 
+        ps = guarded._getOb('context_str_ps')
+        self.assertRaises(Unauthorized, ps)
+
+        ps = guarded._getOb('context_ps')
+        context = ps()
+        self.assertRaises(Unauthorized, context)
+        self.assertRaises(Unauthorized, context.index_html)
+        try:
+            str(context)
+        except Unauthorized:
+            pass
+        else:
+            self.fail("str(context) didn't raise Unauthorized!")
+
+        ps = guarded._getOb('bound_used_context_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
+        ps = guarded._getOb('context_str_ps')
+        ps._proxy_roles = ( 'Manager', )
+        ps()
+
     def test_bound_used_context_allowed(self):
         from AccessControl.SecurityManagement import newSecurityManager
         newSecurityManager(None, UnderprivilegedUser())
@@ -220,6 +290,20 @@
                                       'name_ns': '',
                                       'name_subpath': ''})
         self.assertEqual(boundless_ps(), 42)
+
+    def test_bound_used_context_method_w_roles(self):
+        from AccessControl.SecurityManagement import newSecurityManager
+        from AccessControl import Unauthorized
+        newSecurityManager(None, UnderprivilegedUser())
+        root = self._makeTree()
+        guarded = root._getOb('guarded')
+
+        # Assert that we can call a protected method, even though we have
+        # no access to the context directly.
+        ps = guarded._getOb('bound_used_context_ps')
+        self.assertRaises(Unauthorized, ps)
+        ps = guarded._getOb('bound_used_context_methodWithRoles_ps')
+        self.assertEqual(ps(), 'method called')
 
 
 def test_suite():

More information about the Zope-Checkins mailing list