[Zope3-checkins] CVS: Zope3/src/zope/app/securitypolicy/tests -
__init__.py:1.1 mapping.zcml:1.1 role.zcml:1.1
role_duplicate.zcml:1.1
test_annotationprincipalpermissionmanager.py:1.1
test_annotationprincipalrolemanager.py:1.1
test_annotationrolepermissionmanager.py:1.1
test_principalpermissionmanager.py:1.1
test_principalrolemanager.py:1.1 test_rolecontents.py:1.1
test_rolepermissionmanager.py:1.1 test_roleregistry.py:1.1
test_roleservice.py:1.1 test_securitydirectives.py:1.1
test_securitymap.py:1.1 test_zopepolicy.py:1.1
Philipp von Weitershausen
philikon at philikon.de
Fri Feb 27 07:46:34 EST 2004
Update of /cvs-repository/Zope3/src/zope/app/securitypolicy/tests
In directory cvs.zope.org:/tmp/cvs-serv6059/app/securitypolicy/tests
Added Files:
__init__.py mapping.zcml role.zcml role_duplicate.zcml
test_annotationprincipalpermissionmanager.py
test_annotationprincipalrolemanager.py
test_annotationrolepermissionmanager.py
test_principalpermissionmanager.py
test_principalrolemanager.py test_rolecontents.py
test_rolepermissionmanager.py test_roleregistry.py
test_roleservice.py test_securitydirectives.py
test_securitymap.py test_zopepolicy.py
Log Message:
Moved the securitypolicy package from zope.products to zope.app.
=== Added File Zope3/src/zope/app/securitypolicy/tests/__init__.py ===
#
# This file is necessary to make this directory a package.
=== Added File Zope3/src/zope/app/securitypolicy/tests/mapping.zcml ===
<configure xmlns="http://namespaces.zope.org/zope">
<include package="zope.app.securitypolicy" file="meta.zcml"/>
<grant
permission="zope.Foo"
role="zope.Bar" />
<grant
permission="zope.Foo"
principal="zope.Blah" />
<grant
role="zope.Bar"
principal="zope.Blah" />
</configure>
=== Added File Zope3/src/zope/app/securitypolicy/tests/role.zcml ===
<configure
xmlns="http://namespaces.zope.org/zope"
i18n_domain="zope"
>
<include package="zope.app.securitypolicy" file="meta.zcml"/>
<role
id="zope.Everyperson"
title="Tout le monde"
description="The common man, woman, person, or thing" />
</configure>
=== Added File Zope3/src/zope/app/securitypolicy/tests/role_duplicate.zcml ===
<configure
xmlns="http://namespaces.zope.org/zope"
i18n_domain="zope">
<include package="zope.app.securitypolicy" file="meta.zcml"/>
<role
id="zope.Everyperson"
title="Tout le monde"
description="The common man, woman, person, or thing" />
<role
id="zope.Everyperson"
title="Tout le monde"
description="The common man, woman, person, or thing" />
</configure>
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationprincipalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for AnnotationPrincipalPermissionManager module."""
import unittest
from zope.interface import implements
from zope.component import getService
from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.permissionregistry \
import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as prinregistry
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.tests.placelesssetup import PlacelessSetup
from zope.app.securitypolicy.principalpermission \
import AnnotationPrincipalPermissionManager
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacelessSetup, unittest.TestCase):
def setUp(self):
super(Test, self).setUp()
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
def _make_principal(self, id=None, title=None):
p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalPermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
permission = permission.getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
def testPrincipalPermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
permission = permission.getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPermissionsOnePrincipal(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
perm1 = permregistry.definePermission('Perm One', 'title').getId()
perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Deny) in perms)
def testManyPrincipalsOnePermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
perm1 = permregistry.definePermission('Perm One', 'title').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1,Allow) in principals)
self.failUnless((prin2,Deny) in principals)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationprincipalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module."""
import unittest
from zope.interface import implements
from zope.component import getService
from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.principalregistry \
import principalRegistry as pregistry
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.app.securitypolicy.roleregistry import roleRegistry as rregistry
from zope.app.securitypolicy.principalrole \
import AnnotationPrincipalRoleManager
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
def _make_principal(self, id=None, title=None):
p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def _make_roleManager(self, obj=None):
if obj is None:
obj = Manageable()
return AnnotationPrincipalRoleManager(obj)
def testUnboundPrincipalRole(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testPrincipalRoleAllow(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Allow)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Allow)])
def testPrincipalRoleDeny(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Deny)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Deny)])
def testPrincipalRoleUnset(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
principalRoleManager.unsetRoleForPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testManyRolesOnePrincipal(self):
principalRoleManager = self._make_roleManager()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
roles = principalRoleManager.getRolesForPrincipal(prin1)
self.assertEqual(len(roles), 2)
self.failUnless((role1, Allow) in roles)
self.failUnless((role2, Allow) in roles)
def testManyPrincipalsOneRole(self):
principalRoleManager = self._make_roleManager()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principals = principalRoleManager.getPrincipalsForRole(role1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1, Allow) in principals)
self.failUnless((prin2, Allow) in principals)
def testPrincipalsAndRoles(self):
principalRoleManager = self._make_roleManager()
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 0)
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 3)
self.failUnless((role1, prin1, Allow) in principalsAndRoles)
self.failUnless((role1, prin2, Allow) in principalsAndRoles)
self.failUnless((role2, prin1, Allow) in principalsAndRoles)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationrolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: test_annotationrolepermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
from zope.interface import implements
from zope.component import getServiceManager, getService
from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.services.servicenames import Permissions, Adapters
from zope.app.interfaces.security import IPermissionService
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.rolepermission \
import AnnotationRolePermissionManager
import unittest
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
defineService=getServiceManager(None).defineService
provideService=getServiceManager(None).provideService
defineService('Roles', IRoleService)
defineService(Permissions, IPermissionService)
provideService('Roles', roleRegistry)
provideService(Permissions, permissionRegistry)
ztapi.provideAdapter(IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
read = permissionRegistry.definePermission('read', 'Read Something')
self.read = read.getId()
write = permissionRegistry.definePermission('write', 'Write Something')
self.write = write.getId()
peon = roleRegistry.defineRole('peon', 'Poor Slob')
self.peon = peon.getId()
manager = roleRegistry.defineRole('manager', 'Supreme Being')
self.manager = manager.getId()
def testNormal(self):
obj = Manageable()
mgr = AnnotationRolePermissionManager(obj)
mgr.grantPermissionToRole(self.read,self.manager)
mgr.grantPermissionToRole(self.write,self.manager)
mgr.grantPermissionToRole(self.write,self.manager)
mgr.grantPermissionToRole(self.read,self.peon)
l = list(mgr.getPermissionsForRole(self.manager))
self.failUnless((self.read, Allow) in l)
self.failUnless((self.write, Allow) in l)
l = list(mgr.getPermissionsForRole(self.peon))
self.failUnless([(self.read, Allow)] == l)
l = list(mgr.getRolesForPermission(self.read))
self.failUnless((self.manager, Allow) in l)
self.failUnless((self.peon, Allow) in l)
l = list(mgr.getRolesForPermission(self.write))
self.assertEqual(l, [(self.manager, Allow)])
mgr.denyPermissionToRole(self.read, self.peon)
l = list(mgr.getPermissionsForRole(self.peon))
self.assertEqual(l, [(self.read, Deny)])
mgr.unsetPermissionFromRole(self.read, self.peon)
l = list(mgr.getRolesForPermission(self.read))
self.assertEqual(l, [(self.manager, Allow)])
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalPermissionManager module.
$Id: test_principalpermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService
from zope.app.services.servicenames import Permissions, Authentication
from zope.app.security.registries.permissionregistry \
import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as prinregistry
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.securitypolicy.principalpermission \
import principalPermissionManager as manager
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, permregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, prinregistry)
def _make_principal(self, id=None, title=None):
p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalPermission(self):
permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
def test_invalidPermission(self):
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
'permission', 'principal')
principal = self._make_principal()
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
'permission', principal)
def test_invalidPrincipal(self):
permission = permregistry.definePermission('APerm', 'title').getId()
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
permission, 'principal')
def testPrincipalPermission(self):
permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPermissionsOnePrincipal(self):
perm1 = permregistry.definePermission('Perm One', 'title').getId()
perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Deny) in perms)
perms = manager.getPrincipalsAndPermissions()
self.failUnless((perm1,prin1,Allow) in perms)
self.failUnless((perm2,prin1,Deny) in perms)
def testManyPrincipalsOnePermission(self):
perm1 = permregistry.definePermission('Perm One', 'title').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1,Allow) in principals)
self.failUnless((prin2,Deny) in principals)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_principalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module.
$Id: test_principalrolemanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp
from zope.app.interfaces.security import IAuthenticationService
from zope.app.services.servicenames import Authentication
from zope.app.security.settings import Allow, Deny
from zope.app.security.registries.principalregistry \
import principalRegistry as pregistry
from zope.app.securitypolicy.roleregistry \
import roleRegistry as rregistry
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.principalrole import principalRoleManager
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService('Roles', IRoleService)
services.provideService('Roles', rregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, pregistry)
def _make_principal(self, id=None, title=None):
p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalRole(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testPrincipalRoleAllow(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Allow)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Allow)])
def testPrincipalRoleDeny(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Deny)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Deny)])
def testPrincipalRoleUnset(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
principalRoleManager.unsetRoleForPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def test_invalidPrincipal(self):
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
'role1', 'prin1')
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
role1, 'prin1')
def test_invalidRole(self):
prin1 = self._make_principal()
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
'role1', prin1)
def testManyRolesOnePrincipal(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
roles = principalRoleManager.getRolesForPrincipal(prin1)
self.assertEqual(len(roles), 2)
self.failUnless((role1, Allow) in roles)
self.failUnless((role2, Allow) in roles)
def testManyPrincipalsOneRole(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principals = principalRoleManager.getPrincipalsForRole(role1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1, Allow) in principals)
self.failUnless((prin2, Allow) in principals)
def testPrincipalsAndRoles(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 3)
self.failUnless((role1, prin1, Allow) in principalsAndRoles)
self.failUnless((role1, prin2, Allow) in principalsAndRoles)
self.failUnless((role2, prin1, Allow) in principalsAndRoles)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_rolecontents.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: test_rolecontents.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.interface import Interface, implements
from zope.app.browser.container.tests.test_contents \
import BaseTestContentsBrowserView, Principal
from zope.app.folder import rootFolder
from zope.app.container.contained import contained
from zope.app.securitypolicy.browser import Contents
from zope.app.securitypolicy.role import RoleService
class IDummy(Interface):
pass
class Dummy:
implements(IDummy)
class Test(BaseTestContentsBrowserView, unittest.TestCase):
def _TestView__newContext(self):
root = rootFolder()
container = RoleService()
return contained(container, root, name='sample')
def _TestView__newView(self, container):
from zope.publisher.browser import TestRequest
request = TestRequest()
request.setUser(Principal())
return Contents(container, request)
def test_suite():
loader = unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.main()
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for RolePermissionManager module.
$Id: test_rolepermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp
from zope.app.services.servicenames import Permissions
from zope.app.interfaces.security import IPermissionService
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.security.registries.permissionregistry \
import permissionRegistry as pregistry
from zope.app.security.settings import Allow, Deny
from zope.app.securitypolicy.roleregistry \
import roleRegistry as rregistry
from zope.app.securitypolicy.rolepermission \
import rolePermissionManager as manager
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, pregistry)
services.defineService("Roles", IRoleService)
services.provideService("Roles", rregistry)
def testUnboundRolePermission(self):
permission = pregistry.definePermission('APerm', 'aPerm title').getId()
role = rregistry.defineRole('ARole', 'A Role').getId()
self.assertEqual(manager.getRolesForPermission(permission), [])
self.assertEqual(manager.getPermissionsForRole(role), [])
def testRolePermission(self):
permission = pregistry.definePermission('APerm', 'aPerm title').getId()
role = rregistry.defineRole('ARole', 'A Role').getId()
manager.grantPermissionToRole(permission, role)
self.assertEqual(manager.getRolesForPermission(permission),
[(role,Allow)])
self.assertEqual(manager.getPermissionsForRole(role),
[(permission,Allow)])
def testManyPermissionsOneRole(self):
perm1 = pregistry.definePermission('Perm One', 'P1').getId()
perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 0)
manager.grantPermissionToRole(perm1, role1)
manager.grantPermissionToRole(perm2, role1)
manager.grantPermissionToRole(perm2, role1)
manager.denyPermissionToRole(perm3, role1)
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 3)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
self.failUnless((perm3,Deny) in perms)
manager.unsetPermissionFromRole(perm1, role1)
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 2)
self.failUnless((perm2,Allow) in perms)
def testManyRolesOnePermission(self):
perm1 = pregistry.definePermission('Perm One', 'title').getId()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 0)
manager.grantPermissionToRole(perm1, role1)
manager.grantPermissionToRole(perm1, role2)
manager.grantPermissionToRole(perm1, role2)
manager.denyPermissionToRole(perm1, role1)
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 2)
self.failIf((role1,Allow) in roles)
self.failUnless((role1,Deny) in roles)
self.failUnless((role2,Allow) in roles)
manager.unsetPermissionFromRole(perm1, role1)
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 1)
self.failUnless((role2,Allow) in roles)
def test_invalidRole(self):
self.assertRaises(ValueError,
manager.grantPermissionToRole, 'perm1', 'role1'
)
perm1 = pregistry.definePermission('Perm One', 'title').getId()
self.assertRaises(ValueError,
manager.grantPermissionToRole, perm1, 'role1'
)
def test_invalidPerm(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
self.assertRaises(ValueError,
manager.grantPermissionToRole, 'perm1', role1
)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_roleregistry.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for 'defineRole' directive
$Id: test_roleregistry.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.interface.verify import verifyObject
from zope.testing.cleanup import CleanUp
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.interfaces import IRole
class Test(CleanUp, unittest.TestCase):
def testEmptyRoles(self):
self.assertEqual(None, roleRegistry.getRole('Foo'))
self.failIf(roleRegistry.definedRole('Foo'))
def testRoleIsAnIRole(self):
r = roleRegistry.defineRole('Foo', 'Foo role')
role = roleRegistry.getRole(r.getId())
self.assertEqual(verifyObject(IRole, role), 1)
def testDefineRole(self):
role = roleRegistry.defineRole('Foo', 'foo role')
self.failUnless(verifyObject(IRole, role))
self.failUnless(roleRegistry.definedRole(role.getId()))
role = roleRegistry.getRole(role.getId())
self.assertEquals(role.getTitle(), 'foo role')
def testDefineRoleWithTitle(self):
eq = self.assertEqual
r = roleRegistry.defineRole('Foo', 'Foo-able')
role = roleRegistry.getRole(r.getId())
eq(role.getTitle(), 'Foo-able')
eq(role.getDescription(), '')
def testDefineRoleWithTitleAndDescription(self):
eq = self.assertEqual
r = roleRegistry.defineRole('Foo', 'Foo-able', 'A foo-worthy role')
role = roleRegistry.getRole(r.getId())
eq(role.getTitle(), 'Foo-able')
eq(role.getDescription(), 'A foo-worthy role')
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_roleservice.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test the Role service.
$Id: test_roleservice.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
from unittest import TestCase, TestLoader, TextTestRunner
from zope.component import getServiceManager
from zope.app.tests import setup
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.role import RoleService
from zope.app.securitypolicy.role import Role
class RoleServiceTests(PlacefulSetup, TestCase):
def _Test__new(self):
return RoleService()
def setUp(self):
sm = PlacefulSetup.setUp(self, site=True)
root_sm = getServiceManager(None)
root_sm.defineService("Roles", IRoleService)
self.roleRegistry = roleRegistry
root_sm.provideService("Roles", roleRegistry)
self.rs = setup.addService(sm, 'Roles', RoleService())
def testGetRole(self):
self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
r = Role("zope.Hacker","","")
self.rs["zope.Hacker"] = r
self.assertEqual(self.rs.getRole('zope.Hacker').getId(), 'zope.Hacker')
self.assertEqual(self.rs.getRole('zope.Manager').getId(),
'zope.Manager')
roles = [role.getId() for role in self.rs.getRoles()]
roles.sort()
self.assertEqual(roles,
['zope.Anonymous', 'zope.Hacker', 'zope.Manager'])
def testGetRoleFromLayeredServices(self):
self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
r = Role("zope.Hacker","","")
self.rs["zope.Hacker"] = r
sm1 = self.makeSite('folder1')
rs1 = setup.addService(sm1, 'Roles', RoleService())
r1 = Role("zope.Reviewer",'','')
rs1["zope.Reviewer"] = r1
self.assertEqual(rs1.getRole('zope.Hacker').getId(), 'zope.Hacker')
self.assertEqual(rs1.getRole('zope.Manager').getId(), 'zope.Manager')
self.assertEqual(rs1.getRole('zope.Reviewer').getId(), 'zope.Reviewer')
roles = [role.getId() for role in rs1.getRoles()]
roles.sort()
self.assertEqual(
roles,
['zope.Anonymous', 'zope.Hacker', 'zope.Manager','zope.Reviewer'])
def test_suite():
loader=TestLoader()
return loader.loadTestsFromTestCase(RoleServiceTests)
if __name__=='__main__':
TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_securitydirectives.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Security Directives Tests
$Id: test_securitydirectives.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Permissions, Authentication
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService
from zope.configuration.config import ConfigurationConflictError
from zope.configuration import xmlconfig
from zope.testing.cleanup import CleanUp
import zope.app.securitypolicy.tests
import zope.app.securitypolicy.tests
from zope.app.security.settings import Allow
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.permissionregistry \
import permissionRegistry as pregistry
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry as rregistry
from zope.app.securitypolicy.rolepermission \
import rolePermissionManager as role_perm_mgr
from zope.app.securitypolicy.principalpermission \
import principalPermissionManager as principal_perm_mgr
from zope.app.securitypolicy.principalrole \
import principalRoleManager as principal_role_mgr
class TestBase(CleanUp):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, pregistry)
services.defineService("Roles", IRoleService)
services.provideService("Roles", rregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, principalRegistry)
class TestRoleDirective(TestBase, unittest.TestCase):
def testRegister(self):
context = xmlconfig.file("role.zcml",
zope.app.securitypolicy.tests)
role = rregistry.getRole("zope.Everyperson")
self.failUnless(role.getId().endswith('Everyperson'))
self.assertEqual(role.getTitle(), 'Tout le monde')
self.assertEqual(role.getDescription(),
'The common man, woman, person, or thing')
def testDuplicationRegistration(self):
self.assertRaises(ConfigurationConflictError, xmlconfig.file,
"role_duplicate.zcml",
zope.app.securitypolicy.tests)
class TestSecurityMapping(TestBase, unittest.TestCase):
def setUp(self):
TestBase.setUp(self)
pregistry.definePermission("zope.Foo", '', '')
rregistry.defineRole("zope.Bar", '', '')
principalRegistry.definePrincipal("zope.Blah", '', '')
self.context = xmlconfig.file("mapping.zcml",
zope.app.securitypolicy.tests)
def test_PermRoleMap(self):
roles = role_perm_mgr.getRolesForPermission("zope.Foo")
perms = role_perm_mgr.getPermissionsForRole("zope.Bar")
self.assertEqual(len(roles), 1)
self.failUnless(("zope.Bar",Allow) in roles)
self.assertEqual(len(perms), 1)
self.failUnless(("zope.Foo",Allow) in perms)
def test_PermPrincipalMap(self):
principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")
self.assertEqual(len(principals), 1)
self.failUnless(("zope.Blah", Allow) in principals)
self.assertEqual(len(perms), 1)
self.failUnless(("zope.Foo", Allow) in perms)
def test_RolePrincipalMap(self):
principals = principal_role_mgr.getPrincipalsForRole("zope.Bar")
roles = principal_role_mgr.getRolesForPrincipal("zope.Blah")
self.assertEqual(len(principals), 1)
self.failUnless(("zope.Blah", Allow) in principals)
self.assertEqual(len(roles), 1)
self.failUnless(("zope.Bar", Allow) in roles)
def test_suite():
return unittest.TestSuite((
unittest.makeSuite(TestRoleDirective),
unittest.makeSuite(TestSecurityMapping),
))
if __name__ == '__main__':
unittest.main()
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_securitymap.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
#############################################################################
"""
$Id: test_securitymap.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.interface.verify import verifyClass
from zope.app.securitypolicy.interfaces import ISecurityMap
from zope.app.securitypolicy.securitymap import SecurityMap
from zope.app.securitypolicy.securitymap import PersistentSecurityMap
class TestSecurityMap(unittest.TestCase):
def testInterface(self):
verifyClass(ISecurityMap, SecurityMap)
# XXX Test the map. Grrrrr.
class TestPersistentSecurityMap(TestSecurityMap):
def testInterface(self):
verifyClass(ISecurityMap, PersistentSecurityMap)
# XXX test persistence...
def test_suite():
return unittest.TestSuite((
unittest.makeSuite(TestSecurityMap),
unittest.makeSuite(TestPersistentSecurityMap),
))
=== Added File Zope3/src/zope/app/securitypolicy/tests/test_zopepolicy.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Tests the standard zope policy.
$Id: test_zopepolicy.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.interface import implements
from zope.component.service import serviceManager as services
from zope.component import getService
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService
from zope.app.tests import ztapi
from zope.app.services.servicenames import Permissions, Adapters
from zope.app.services.servicenames import Authentication
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.principalregistry import PrincipalBase
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.interfaces import IRolePermissionManager
from zope.app.securitypolicy.interfaces import IPrincipalRoleManager
from zope.app.securitypolicy.zopepolicy import permissionsOfPrincipal
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.principalpermission \
import principalPermissionManager
from zope.app.securitypolicy.rolepermission import rolePermissionManager
from zope.app.securitypolicy.principalrole import principalRoleManager
from zope.app.securitypolicy.principalpermission \
import AnnotationPrincipalPermissionManager
from zope.app.securitypolicy.interfaces import IPrincipalPermissionManager
from zope.app.securitypolicy.principalrole \
import AnnotationPrincipalRoleManager
from zope.app.securitypolicy.rolepermission \
import AnnotationRolePermissionManager
class Context:
def __init__(self, user, stack=[]):
self.user, self.stack = user, stack
class Unprotected:
pass
class Principal(PrincipalBase):
pass
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, permissionRegistry)
services.defineService("Roles", IRoleService)
services.provideService("Roles", roleRegistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, principalRegistry)
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
# set up some principals
self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
'jim', '123')
self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
'tim', '456')
self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
'Unknown', 'Nothing is known about this principal')
# set up some permissions
read = permissionRegistry.definePermission('read', 'Read',
'Read something')
self.read = read.getId()
write = permissionRegistry.definePermission('write', 'Write',
'Write something')
self.write = write.getId()
create = permissionRegistry.definePermission('create', 'Create',
'Create something')
self.create = create.getId()
update = permissionRegistry.definePermission('update', 'Update',
'Update something')
self.update = update.getId()
# ... and some roles...
peon = roleRegistry.defineRole('Peon', 'Site Peon')
self.peon = peon.getId()
manager = roleRegistry.defineRole('Manager', 'Site Manager')
self.manager = manager.getId()
arole = roleRegistry.defineRole('Another', 'Another Role')
self.arole = arole.getId()
# grant and deny some permissions to a principal
principalPermissionManager.grantPermissionToPrincipal(self.create,
self.jim.getId())
principalPermissionManager.denyPermissionToPrincipal(self.update,
self.jim.getId())
# grant and deny some permissions to the roles
rolePermissionManager.grantPermissionToRole(self.read, self.peon)
rolePermissionManager.grantPermissionToRole(self.read, self.manager)
rolePermissionManager.grantPermissionToRole(self.write, self.manager)
# ... and assign roles to principals
principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.getId())
principalRoleManager.assignRoleToPrincipal(self.manager,
self.tim.getId())
self.policy = self._makePolicy()
def _makePolicy(self):
from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
return ZopeSecurityPolicy()
def __assertPermissions(self, user, expected, object=None):
permissions = list(permissionsOfPrincipal(user, object))
permissions.sort()
self.assertEqual(permissions, expected)
def testImport(self):
from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
def testGlobalCheckPermission(self):
self.failUnless(
self.policy.checkPermission(self.read, None, Context(self.jim)))
self.failUnless(
self.policy.checkPermission(self.read, None, Context(self.tim)))
self.failUnless(
self.policy.checkPermission(self.write, None, Context(self.tim)))
self.failIf(self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.unknown)))
self.failIf(
self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.__assertPermissions(self.jim, ['create', 'read'])
self.__assertPermissions(self.tim, ['read', 'write'])
self.__assertPermissions(self.unknown, [])
rolePermissionManager.grantPermissionToRole(
self.read, 'zope.Anonymous')
self.failUnless(
self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.__assertPermissions(self.unknown, ['read'])
principalPermissionManager.grantPermissionToPrincipal(
self.write, self.jim.getId())
self.failUnless(
self.policy.checkPermission(self.write, None, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'write'])
def testPlaylessPrincipalRole(self):
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.jim)))
principalRoleManager.assignRoleToPrincipal(
self.manager, self.jim.getId())
self.failUnless(self.policy.checkPermission(
self.write, None, Context(self.jim)))
principalRoleManager.removeRoleFromPrincipal(
self.manager, self.jim.getId())
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.jim)))
def testPlayfulPrincipalRole(self):
ztapi.provideAdapter(
ITest,
IPrincipalRoleManager, AnnotationPrincipalRoleManager)
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
self.failIf(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
self.manager, self.jim.getId())
self.failUnless(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
self.manager, self.jim.getId())
self.failIf(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
def testPlayfulRolePermissions(self):
ARPM = AnnotationRolePermissionManager
ztapi.provideAdapter(ITest,
IRolePermissionManager, ARPM)
test = permissionRegistry.definePermission('test', 'Test', '')
test = test.getId()
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
ARPM(ob2).grantPermissionToRole(test, self.manager)
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
self.failIf(self.policy.checkPermission(test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
ARPM(ob3).grantPermissionToRole(test, self.peon)
self.failUnless(self.policy.checkPermission(
test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
principalPermissionManager.denyPermissionToPrincipal(
test, self.jim.getId())
self.failIf(self.policy.checkPermission(
test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
principalPermissionManager.unsetPermissionForPrincipal(
test, self.jim.getId())
# Make sure multiple conflicting role permissions resolve correctly
ARPM(ob2).grantPermissionToRole(test, 'zope.Anonymous')
ARPM(ob2).grantPermissionToRole(test, self.arole)
ARPM(ob3).denyPermissionToRole(test, self.peon)
new = principalRegistry.definePrincipal('new', 'Newbie',
'Newbie User', 'new', '098')
principalRoleManager.assignRoleToPrincipal(self.arole, new.getId())
self.failUnless(self.policy.checkPermission(test, ob3, Context(new)))
self.__assertPermissions(new, ['test'], ob3)
principalRoleManager.assignRoleToPrincipal(self.peon, new.getId())
self.failIf(self.policy.checkPermission(test, ob3, Context(new)))
self.__assertPermissions(new, ['read'], ob3)
def testPlayfulPrinciplePermissions(self):
APPM = AnnotationPrincipalPermissionManager
ztapi.provideAdapter(ITest,
IPrincipalPermissionManager, APPM)
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
test = permissionRegistry.definePermission('test', 'Test', '')
test = test.getId()
self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
APPM(ob2).grantPermissionToPrincipal(test, self.tim.getId())
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
APPM(ob3).denyPermissionToPrincipal(test, self.tim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
APPM(ob1).denyPermissionToPrincipal(test, self.jim.getId())
APPM(ob3).grantPermissionToPrincipal(test, self.jim.getId())
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
APPM(ob3).unsetPermissionForPrincipal(test, self.jim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
# make sure placeless principal permissions override placeful ones
APPM(ob3).grantPermissionToPrincipal(test, self.tim.getId())
principalPermissionManager.denyPermissionToPrincipal(
test, self.tim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
class ITest(IAttributeAnnotatable):
pass
class TestClass:
implements(ITest)
__parent__ = None
def __init__(self):
self._roles = { 'test' : {} }
self._permissions = { 'Manager' : {} , 'Peon' : {} }
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
More information about the Zope3-Checkins
mailing list