[Zope3-checkins] CVS: Zope3/src/zope/security/tests - test_checker.py:1.7.10.1
Marius Gedminas
mgedmin@codeworks.lt
Wed, 14 May 2003 06:39:06 -0400
Update of /cvs-repository/Zope3/src/zope/security/tests
In directory cvs.zope.org:/tmp/cvs-serv2024/src/zope/security/tests
Modified Files:
Tag: stevea-decorators-branch
test_checker.py
Log Message:
Refactored WATCH_CHECKERS from base Checker code into a separate mixin class.
New class: DecoratedChecker.
Some work on the global decorator service.
=== Zope3/src/zope/security/tests/test_checker.py 1.7 => 1.7.10.1 ===
--- Zope3/src/zope/security/tests/test_checker.py:1.7 Wed Apr 23 14:18:02 2003
+++ Zope3/src/zope/security/tests/test_checker.py Wed May 14 06:39:05 2003
@@ -18,26 +18,45 @@
"""
from unittest import TestCase, TestSuite, main, makeSuite
+from zope.interface import implements
from zope.security.checker import Checker, NamesChecker, CheckerPublic
from zope.testing.cleanup import CleanUp
from zope.security.interfaces import ISecurityPolicy
-from zope.exceptions import Forbidden, Unauthorized
+from zope.exceptions import Forbidden, Unauthorized, ForbiddenAttribute
from zope.security.management import setSecurityPolicy
from zope.security.proxy import getChecker, getObject
from zope.security.checker import defineChecker, ProxyFactory
import types, pickle
+__metaclass__ = type
+
class SecurityPolicy:
- __implements__ = ISecurityPolicy
+ implements(ISecurityPolicy)
def checkPermission(self, permission, object, context):
'See ISecurityPolicy'
return permission == 'test_allowed'
+class RecordedSecurityPolicy:
+
+ implements(ISecurityPolicy)
+
+ def __init__(self):
+ self._checked = []
+
+ def checkPermission(self, permission, object, context):
+ 'See ISecurityPolicy'
+ self._checked.append(permission)
+ return True
-class TransparentProxy(object):
+ def checkChecked(self, checked):
+ res = self._checked == checked
+ self._checked = []
+ return res
+
+class TransparentProxy:
def __init__(self, ob):
self._ob = ob
@@ -46,6 +65,9 @@
return getattr(ob, name)
class OldInst:
+
+ __metaclass__ = types.ClassType
+
a=1
def b(self):
@@ -62,10 +84,14 @@
class NewInst(object, OldInst):
+ # This is not needed, but left in to show the change of metaclass
+ # __metaclass__ = type
+
def gete(self): return 3
def sete(self, v): pass
e = property(gete, sete)
+
class Test(TestCase, CleanUp):
def setUp(self):
@@ -289,6 +315,10 @@
self.assertRaises(Forbidden, checker.check_setattr, inst, 'a')
self.assertRaises(Forbidden, checker.check_setattr, inst, 'z')
+ # XXX write a test to see that
+ # Checker.check/check_setattr handle permission
+ # values that evaluate to False
+
class TestCheckerPublic(TestCase):
@@ -300,10 +330,46 @@
def test_that_CheckerPublic_identity_works_even_when_proxied(self):
self.assert_(ProxyFactory(CheckerPublic) is CheckerPublic)
+
+class TestDecoratedChecker(TestCase):
+
+ def setUp(self):
+ TestCase.setUp(self)
+ self.policy = RecordedSecurityPolicy()
+ self.__oldpolicy = setSecurityPolicy(self.policy)
+
+ def tearDown(self):
+ setSecurityPolicy(self.__oldpolicy)
+ TestCase.tearDown(self)
+
+ def test_checking(self):
+ from zope.security.checker import DecoratedChecker
+ c = NamesChecker(['foo', 'bar', '__str__'], 'baseperm')
+ dc = DecoratedChecker(c, {'foo': 'perm1'}, {'foo': 'perm2'})
+
+ o = object()
+ dc.check_getattr(o, 'foo')
+ self.assert_(self.policy.checkChecked(['perm1']))
+ dc.check_getattr(o, 'bar')
+ self.assert_(self.policy.checkChecked(['baseperm']))
+ self.assertRaises(ForbiddenAttribute, dc.check_getattr, o, 'baz')
+ self.assert_(self.policy.checkChecked([]))
+ dc.check(o, '__str__')
+ self.assert_(self.policy.checkChecked(['baseperm']))
+
+ dc.check_setattr(o, 'foo')
+ self.assert_(self.policy.checkChecked(['perm2']))
+ self.assertRaises(ForbiddenAttribute, dc.check_setattr, o, 'bar')
+ self.assert_(self.policy.checkChecked([]))
+ self.assertRaises(ForbiddenAttribute, dc.check_setattr, o, 'baz')
+ self.assert_(self.policy.checkChecked([]))
+
+
def test_suite():
return TestSuite((
makeSuite(Test),
makeSuite(TestCheckerPublic),
+ makeSuite(TestDecoratedChecker),
))
if __name__=='__main__':