[Zope3-checkins] CVS: Zope3/src/zope/app/securitypolicy/tests - __init__.py:1.1 mapping.zcml:1.1 role.zcml:1.1 role_duplicate.zcml:1.1 test_annotationprincipalpermissionmanager.py:1.1 test_annotationprincipalrolemanager.py:1.1 test_annotationrolepermissionmanager.py:1.1 test_principalpermissionmanager.py:1.1 test_principalrolemanager.py:1.1 test_rolecontents.py:1.1 test_rolepermissionmanager.py:1.1 test_roleregistry.py:1.1 test_roleservice.py:1.1 test_securitydirectives.py:1.1 test_securitymap.py:1.1 test_zopepolicy.py:1.1

Philipp von Weitershausen philikon at philikon.de
Fri Feb 27 07:46:34 EST 2004


Update of /cvs-repository/Zope3/src/zope/app/securitypolicy/tests
In directory cvs.zope.org:/tmp/cvs-serv6059/app/securitypolicy/tests

Added Files:
	__init__.py mapping.zcml role.zcml role_duplicate.zcml 
	test_annotationprincipalpermissionmanager.py 
	test_annotationprincipalrolemanager.py 
	test_annotationrolepermissionmanager.py 
	test_principalpermissionmanager.py 
	test_principalrolemanager.py test_rolecontents.py 
	test_rolepermissionmanager.py test_roleregistry.py 
	test_roleservice.py test_securitydirectives.py 
	test_securitymap.py test_zopepolicy.py 
Log Message:
Moved the securitypolicy package from zope.products to zope.app.


=== Added File Zope3/src/zope/app/securitypolicy/tests/__init__.py ===
#
# This file is necessary to make this directory a package.


=== Added File Zope3/src/zope/app/securitypolicy/tests/mapping.zcml ===
<configure xmlns="http://namespaces.zope.org/zope">

  <include package="zope.app.securitypolicy" file="meta.zcml"/>

 <grant
     permission="zope.Foo"
     role="zope.Bar" />

 <grant
     permission="zope.Foo"
     principal="zope.Blah" />

 <grant
     role="zope.Bar"
     principal="zope.Blah" />

 
</configure>


=== Added File Zope3/src/zope/app/securitypolicy/tests/role.zcml ===
<configure
    xmlns="http://namespaces.zope.org/zope"
    i18n_domain="zope"
    >

  <include package="zope.app.securitypolicy" file="meta.zcml"/>

  <role
      id="zope.Everyperson"
      title="Tout le monde"
      description="The common man, woman, person, or thing" />
 
</configure>


=== Added File Zope3/src/zope/app/securitypolicy/tests/role_duplicate.zcml ===
<configure
    xmlns="http://namespaces.zope.org/zope"
    i18n_domain="zope">

  <include package="zope.app.securitypolicy" file="meta.zcml"/>

  <role
      id="zope.Everyperson"
      title="Tout le monde"
      description="The common man, woman, person, or thing" />

  <role
      id="zope.Everyperson"
      title="Tout le monde"
      description="The common man, woman, person, or thing" />
 
</configure>


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationprincipalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for AnnotationPrincipalPermissionManager module."""

import unittest

from zope.interface import implements
from zope.component import getService

from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.permissionregistry \
    import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
    import principalRegistry as prinregistry
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.tests.placelesssetup import PlacelessSetup

from zope.app.securitypolicy.principalpermission \
    import AnnotationPrincipalPermissionManager

class Manageable:
    implements(IAttributeAnnotatable)

class Test(PlacelessSetup, unittest.TestCase):

    def setUp(self):
        super(Test, self).setUp()
        ztapi.provideAdapter(
            IAttributeAnnotatable, IAnnotations,
            AttributeAnnotations)

    def _make_principal(self, id=None, title=None):
        p = prinregistry.definePrincipal(
            id or 'APrincipal',
            title or 'A Principal',
            login = id or 'APrincipal')
        return p.getId()

    def testUnboundPrincipalPermission(self):
        manager = AnnotationPrincipalPermissionManager(Manageable())
        permission = permregistry.definePermission('APerm', 'title')
        permission = permission.getId()
        principal = self._make_principal()
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])

    def testPrincipalPermission(self):
        manager = AnnotationPrincipalPermissionManager(Manageable())
        permission = permregistry.definePermission('APerm', 'title')
        permission = permission.getId()
        principal = self._make_principal()

        # check that an allow permission is saved correctly
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])

        # check that the allow permission is removed.
        manager.unsetPermissionForPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])

        # now put a deny in there, check it's set.
        manager.denyPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Deny)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Deny)])

        # test for deny followed by allow . The latter should override.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])

        # check that allow followed by allow is just a single allow.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])

        # check that two unsets in a row quietly ignores the second one.
        manager.unsetPermissionForPrincipal(permission, principal)
        manager.unsetPermissionForPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])

        # check the result of getSetting() when it's empty.
        self.assertEqual(manager.getSetting(permission, principal), Unset)

        # check the result of getSetting() when it's allowed.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getSetting(permission, principal), Allow)

        # check the result of getSetting() when it's denied.
        manager.denyPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getSetting(permission, principal), Deny)

    def testManyPermissionsOnePrincipal(self):
        manager = AnnotationPrincipalPermissionManager(Manageable())
        perm1 = permregistry.definePermission('Perm One', 'title').getId()
        perm2 = permregistry.definePermission('Perm Two', 'title').getId()
        prin1 = self._make_principal()
        manager.grantPermissionToPrincipal(perm1, prin1)
        manager.grantPermissionToPrincipal(perm2, prin1)
        perms = manager.getPermissionsForPrincipal(prin1)
        self.assertEqual(len(perms), 2)
        self.failUnless((perm1,Allow) in perms)
        self.failUnless((perm2,Allow) in perms)
        manager.denyPermissionToPrincipal(perm2, prin1)
        perms = manager.getPermissionsForPrincipal(prin1)
        self.assertEqual(len(perms), 2)
        self.failUnless((perm1,Allow) in perms)
        self.failUnless((perm2,Deny) in perms)

    def testManyPrincipalsOnePermission(self):
        manager = AnnotationPrincipalPermissionManager(Manageable())
        perm1 = permregistry.definePermission('Perm One', 'title').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        manager.grantPermissionToPrincipal(perm1, prin1)
        manager.denyPermissionToPrincipal(perm1, prin2)
        principals = manager.getPrincipalsForPermission(perm1)
        self.assertEqual(len(principals), 2)
        self.failUnless((prin1,Allow) in principals)
        self.failUnless((prin2,Deny) in principals)

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationprincipalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module."""

import unittest
from zope.interface import implements
from zope.component import getService

from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.principalregistry \
     import principalRegistry as pregistry
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup

from zope.app.securitypolicy.roleregistry import roleRegistry as rregistry
from zope.app.securitypolicy.principalrole \
        import AnnotationPrincipalRoleManager

class Manageable:
    implements(IAttributeAnnotatable)

class Test(PlacefulSetup, unittest.TestCase):

    def setUp(self):
        PlacefulSetup.setUp(self)
        ztapi.provideAdapter(
            IAttributeAnnotatable, IAnnotations,
            AttributeAnnotations)

    def _make_principal(self, id=None, title=None):
        p = pregistry.definePrincipal(
            id or 'APrincipal',
            title or 'A Principal',
            login = id or 'APrincipal')
        return p.getId()

    def _make_roleManager(self, obj=None):
        if obj is None:
            obj = Manageable()
        return AnnotationPrincipalRoleManager(obj)

    def testUnboundPrincipalRole(self):
        principalRoleManager = self._make_roleManager()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [])

    def testPrincipalRoleAllow(self):
        principalRoleManager = self._make_roleManager()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.assignRoleToPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [(principal, Allow)])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [(role, Allow)])

    def testPrincipalRoleDeny(self):
        principalRoleManager = self._make_roleManager()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.removeRoleFromPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [(principal, Deny)])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [(role, Deny)])

    def testPrincipalRoleUnset(self):
        principalRoleManager = self._make_roleManager()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.removeRoleFromPrincipal(role, principal)
        principalRoleManager.unsetRoleForPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [])

    def testManyRolesOnePrincipal(self):
        principalRoleManager = self._make_roleManager()
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
        prin1 = self._make_principal()
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role2, prin1)
        roles = principalRoleManager.getRolesForPrincipal(prin1)
        self.assertEqual(len(roles), 2)
        self.failUnless((role1, Allow) in roles)
        self.failUnless((role2, Allow) in roles)

    def testManyPrincipalsOneRole(self):
        principalRoleManager = self._make_roleManager()
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role1, prin2)
        principals = principalRoleManager.getPrincipalsForRole(role1)
        self.assertEqual(len(principals), 2)
        self.failUnless((prin1, Allow) in principals)
        self.failUnless((prin2, Allow) in principals)

    def testPrincipalsAndRoles(self):
        principalRoleManager = self._make_roleManager()
        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
        self.assertEqual(len(principalsAndRoles), 0)
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role1, prin2)
        principalRoleManager.assignRoleToPrincipal(role2, prin1)
        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
        self.assertEqual(len(principalsAndRoles), 3)
        self.failUnless((role1, prin1, Allow) in principalsAndRoles)
        self.failUnless((role1, prin2, Allow) in principalsAndRoles)
        self.failUnless((role2, prin1, Allow) in principalsAndRoles)

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_annotationrolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: test_annotationrolepermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

from zope.interface import implements
from zope.component import getServiceManager, getService

from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.services.servicenames import Permissions, Adapters
from zope.app.interfaces.security import IPermissionService
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup

from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.rolepermission \
     import AnnotationRolePermissionManager

import unittest

class Manageable:
    implements(IAttributeAnnotatable)

class Test(PlacefulSetup, unittest.TestCase):

    def setUp(self):
        PlacefulSetup.setUp(self)
        defineService=getServiceManager(None).defineService
        provideService=getServiceManager(None).provideService
        defineService('Roles', IRoleService)
        defineService(Permissions, IPermissionService)
        provideService('Roles', roleRegistry)
        provideService(Permissions, permissionRegistry)
        ztapi.provideAdapter(IAttributeAnnotatable, IAnnotations,
                             AttributeAnnotations)

        read = permissionRegistry.definePermission('read', 'Read Something')
        self.read = read.getId()

        write = permissionRegistry.definePermission('write', 'Write Something')
        self.write = write.getId()

        peon = roleRegistry.defineRole('peon', 'Poor Slob')
        self.peon = peon.getId()

        manager = roleRegistry.defineRole('manager', 'Supreme Being')
        self.manager = manager.getId()

    def testNormal(self):
        obj = Manageable()
        mgr = AnnotationRolePermissionManager(obj)
        mgr.grantPermissionToRole(self.read,self.manager)
        mgr.grantPermissionToRole(self.write,self.manager)
        mgr.grantPermissionToRole(self.write,self.manager)

        mgr.grantPermissionToRole(self.read,self.peon)

        l = list(mgr.getPermissionsForRole(self.manager))
        self.failUnless((self.read, Allow) in l)
        self.failUnless((self.write, Allow) in l)

        l = list(mgr.getPermissionsForRole(self.peon))
        self.failUnless([(self.read, Allow)] == l)

        l = list(mgr.getRolesForPermission(self.read))
        self.failUnless((self.manager, Allow) in l)
        self.failUnless((self.peon, Allow) in l)

        l = list(mgr.getRolesForPermission(self.write))
        self.assertEqual(l, [(self.manager, Allow)])

        mgr.denyPermissionToRole(self.read, self.peon)
        l = list(mgr.getPermissionsForRole(self.peon))
        self.assertEqual(l, [(self.read, Deny)])

        mgr.unsetPermissionFromRole(self.read, self.peon)

        l = list(mgr.getRolesForPermission(self.read))
        self.assertEqual(l, [(self.manager, Allow)])


def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_principalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalPermissionManager module.

$Id: test_principalpermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

import unittest

from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp

from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService

from zope.app.services.servicenames import Permissions, Authentication
from zope.app.security.registries.permissionregistry \
    import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
    import principalRegistry as prinregistry
from zope.app.security.settings import Allow, Deny, Unset

from zope.app.securitypolicy.principalpermission \
    import principalPermissionManager as manager

class Test(CleanUp, unittest.TestCase):

    def setUp(self):
        CleanUp.setUp(self)

        services.defineService(Permissions, IPermissionService)
        services.provideService(Permissions, permregistry)

        services.defineService(Authentication, IAuthenticationService)
        services.provideService(Authentication, prinregistry)


    def _make_principal(self, id=None, title=None):
        p = prinregistry.definePrincipal(
            id or 'APrincipal',
            title or 'A Principal',
            login = id or 'APrincipal')
        return p.getId()

    def testUnboundPrincipalPermission(self):
        permission = permregistry.definePermission('APerm', 'title').getId()
        principal = self._make_principal()
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])


    def test_invalidPermission(self):
        self.assertRaises(ValueError,
                          manager.grantPermissionToPrincipal,
                          'permission', 'principal')
        principal = self._make_principal()
        self.assertRaises(ValueError,
                          manager.grantPermissionToPrincipal,
                          'permission', principal)

    def test_invalidPrincipal(self):
        permission = permregistry.definePermission('APerm', 'title').getId()
        self.assertRaises(ValueError,
                          manager.grantPermissionToPrincipal,
                          permission, 'principal')
        

    def testPrincipalPermission(self):
        permission = permregistry.definePermission('APerm', 'title').getId()
        principal = self._make_principal()
        # check that an allow permission is saved correctly
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])
        # check that the allow permission is removed.
        manager.unsetPermissionForPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
        # now put a deny in there, check it's set.
        manager.denyPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Deny)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Deny)])
        # test for deny followed by allow . The latter should override.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])
        # check that allow followed by allow is just a single allow.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission),
                         [(principal, Allow)])
        self.assertEqual(manager.getPermissionsForPrincipal(principal),
                         [(permission, Allow)])
        # check that two unsets in a row quietly ignores the second one.
        manager.unsetPermissionForPrincipal(permission, principal)
        manager.unsetPermissionForPrincipal(permission, principal)
        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
        # check the result of getSetting() when it's empty.
        self.assertEqual(manager.getSetting(permission, principal), Unset)
        # check the result of getSetting() when it's allowed.
        manager.grantPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getSetting(permission, principal), Allow)
        # check the result of getSetting() when it's denied.
        manager.denyPermissionToPrincipal(permission, principal)
        self.assertEqual(manager.getSetting(permission, principal), Deny)

    def testManyPermissionsOnePrincipal(self):
        perm1 = permregistry.definePermission('Perm One', 'title').getId()
        perm2 = permregistry.definePermission('Perm Two', 'title').getId()
        prin1 = self._make_principal()
        manager.grantPermissionToPrincipal(perm1, prin1)
        manager.grantPermissionToPrincipal(perm2, prin1)
        perms = manager.getPermissionsForPrincipal(prin1)
        self.assertEqual(len(perms), 2)
        self.failUnless((perm1,Allow) in perms)
        self.failUnless((perm2,Allow) in perms)
        manager.denyPermissionToPrincipal(perm2, prin1)
        perms = manager.getPermissionsForPrincipal(prin1)
        self.assertEqual(len(perms), 2)
        self.failUnless((perm1,Allow) in perms)
        self.failUnless((perm2,Deny) in perms)
        perms = manager.getPrincipalsAndPermissions()
        self.failUnless((perm1,prin1,Allow) in perms)
        self.failUnless((perm2,prin1,Deny) in perms)

    def testManyPrincipalsOnePermission(self):
        perm1 = permregistry.definePermission('Perm One', 'title').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        manager.grantPermissionToPrincipal(perm1, prin1)
        manager.denyPermissionToPrincipal(perm1, prin2)
        principals = manager.getPrincipalsForPermission(perm1)
        self.assertEqual(len(principals), 2)
        self.failUnless((prin1,Allow) in principals)
        self.failUnless((prin2,Deny) in principals)

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_principalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module.

$Id: test_principalrolemanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest

from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp

from zope.app.interfaces.security import IAuthenticationService
from zope.app.services.servicenames import Authentication

from zope.app.security.settings import Allow, Deny
from zope.app.security.registries.principalregistry \
     import principalRegistry as pregistry
from zope.app.securitypolicy.roleregistry \
     import roleRegistry as rregistry

from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.principalrole import principalRoleManager

class Test(CleanUp, unittest.TestCase):

    def setUp(self):
        CleanUp.setUp(self)

        services.defineService('Roles', IRoleService)
        services.provideService('Roles', rregistry)

        services.defineService(Authentication, IAuthenticationService)
        services.provideService(Authentication, pregistry)

    def _make_principal(self, id=None, title=None):
        p = pregistry.definePrincipal(
            id or 'APrincipal',
            title or 'A Principal',
            login = id or 'APrincipal')
        return p.getId()

    def testUnboundPrincipalRole(self):
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [])

    def testPrincipalRoleAllow(self):
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.assignRoleToPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [(principal, Allow)])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [(role, Allow)])

    def testPrincipalRoleDeny(self):
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.removeRoleFromPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [(principal, Deny)])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [(role, Deny)])

    def testPrincipalRoleUnset(self):
        role = rregistry.defineRole('ARole', 'A Role').getId()
        principal = self._make_principal()
        principalRoleManager.removeRoleFromPrincipal(role, principal)
        principalRoleManager.unsetRoleForPrincipal(role, principal)
        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
                         [])
        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
                         [])


    def test_invalidPrincipal(self):
        self.assertRaises(ValueError,
                          principalRoleManager.assignRoleToPrincipal,
                          'role1', 'prin1')
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        self.assertRaises(ValueError,
                          principalRoleManager.assignRoleToPrincipal,
                          role1, 'prin1')

    def test_invalidRole(self):
        prin1 = self._make_principal()
        self.assertRaises(ValueError,
                          principalRoleManager.assignRoleToPrincipal,
                          'role1', prin1)
        

    def testManyRolesOnePrincipal(self):
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
        prin1 = self._make_principal()
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role2, prin1)
        roles = principalRoleManager.getRolesForPrincipal(prin1)
        self.assertEqual(len(roles), 2)
        self.failUnless((role1, Allow) in roles)
        self.failUnless((role2, Allow) in roles)

    def testManyPrincipalsOneRole(self):
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role1, prin2)
        principals = principalRoleManager.getPrincipalsForRole(role1)
        self.assertEqual(len(principals), 2)
        self.failUnless((prin1, Allow) in principals)
        self.failUnless((prin2, Allow) in principals)

    def testPrincipalsAndRoles(self):
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
        prin1 = self._make_principal()
        prin2 = self._make_principal('Principal 2', 'Principal Two')
        principalRoleManager.assignRoleToPrincipal(role1, prin1)
        principalRoleManager.assignRoleToPrincipal(role1, prin2)
        principalRoleManager.assignRoleToPrincipal(role2, prin1)
        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
        self.assertEqual(len(principalsAndRoles), 3)
        self.failUnless((role1, prin1, Allow) in principalsAndRoles)
        self.failUnless((role1, prin2, Allow) in principalsAndRoles)
        self.failUnless((role2, prin1, Allow) in principalsAndRoles)

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_rolecontents.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""
$Id: test_rolecontents.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

import unittest

from zope.interface import Interface, implements
from zope.app.browser.container.tests.test_contents \
     import BaseTestContentsBrowserView, Principal
from zope.app.folder import rootFolder
from zope.app.container.contained import contained

from zope.app.securitypolicy.browser import Contents
from zope.app.securitypolicy.role import RoleService

class IDummy(Interface):
    pass

class Dummy:
    implements(IDummy)

class Test(BaseTestContentsBrowserView, unittest.TestCase):

    def _TestView__newContext(self):
        root = rootFolder()
        container = RoleService()
        return contained(container, root, name='sample')

    def _TestView__newView(self, container):
        from zope.publisher.browser import TestRequest
        request = TestRequest()
        request.setUser(Principal())
        return Contents(container, request)

def test_suite():
    loader = unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.main()


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_rolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for RolePermissionManager module.

$Id: test_rolepermissionmanager.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

import unittest

from zope.component.service import serviceManager as services
from zope.testing.cleanup import CleanUp

from zope.app.services.servicenames import Permissions
from zope.app.interfaces.security import IPermissionService
from zope.app.securitypolicy.interfaces import IRoleService

from zope.app.security.registries.permissionregistry \
        import permissionRegistry as pregistry
from zope.app.security.settings import Allow, Deny

from zope.app.securitypolicy.roleregistry \
        import roleRegistry as rregistry
from zope.app.securitypolicy.rolepermission \
        import rolePermissionManager as manager

class Test(CleanUp, unittest.TestCase):

    def setUp(self):
        CleanUp.setUp(self)

        services.defineService(Permissions, IPermissionService)
        services.provideService(Permissions, pregistry)

        services.defineService("Roles", IRoleService)
        services.provideService("Roles", rregistry)

    def testUnboundRolePermission(self):
        permission = pregistry.definePermission('APerm', 'aPerm title').getId()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        self.assertEqual(manager.getRolesForPermission(permission), [])
        self.assertEqual(manager.getPermissionsForRole(role), [])

    def testRolePermission(self):
        permission = pregistry.definePermission('APerm', 'aPerm title').getId()
        role = rregistry.defineRole('ARole', 'A Role').getId()
        manager.grantPermissionToRole(permission, role)
        self.assertEqual(manager.getRolesForPermission(permission),
                                                        [(role,Allow)])
        self.assertEqual(manager.getPermissionsForRole(role),
                                                    [(permission,Allow)])

    def testManyPermissionsOneRole(self):
        perm1 = pregistry.definePermission('Perm One', 'P1').getId()
        perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
        perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        perms = manager.getPermissionsForRole(role1)
        self.assertEqual(len(perms), 0)
        manager.grantPermissionToRole(perm1, role1)
        manager.grantPermissionToRole(perm2, role1)
        manager.grantPermissionToRole(perm2, role1)
        manager.denyPermissionToRole(perm3, role1)
        perms = manager.getPermissionsForRole(role1)
        self.assertEqual(len(perms), 3)
        self.failUnless((perm1,Allow) in perms)
        self.failUnless((perm2,Allow) in perms)
        self.failUnless((perm3,Deny) in perms)
        manager.unsetPermissionFromRole(perm1, role1)
        perms = manager.getPermissionsForRole(role1)
        self.assertEqual(len(perms), 2)
        self.failUnless((perm2,Allow) in perms)

    def testManyRolesOnePermission(self):
        perm1 = pregistry.definePermission('Perm One', 'title').getId()
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
        roles = manager.getRolesForPermission(perm1)
        self.assertEqual(len(roles), 0)
        manager.grantPermissionToRole(perm1, role1)
        manager.grantPermissionToRole(perm1, role2)
        manager.grantPermissionToRole(perm1, role2)
        manager.denyPermissionToRole(perm1, role1)
        roles = manager.getRolesForPermission(perm1)
        self.assertEqual(len(roles), 2)
        self.failIf((role1,Allow) in roles)
        self.failUnless((role1,Deny) in roles)
        self.failUnless((role2,Allow) in roles)
        manager.unsetPermissionFromRole(perm1, role1)
        roles = manager.getRolesForPermission(perm1)
        self.assertEqual(len(roles), 1)
        self.failUnless((role2,Allow) in roles)

    def test_invalidRole(self):
        self.assertRaises(ValueError,
                          manager.grantPermissionToRole, 'perm1', 'role1'
                          )
        perm1 = pregistry.definePermission('Perm One', 'title').getId()
        self.assertRaises(ValueError,
                          manager.grantPermissionToRole, perm1, 'role1'
                          )

    def test_invalidPerm(self):
        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
        self.assertRaises(ValueError,
                          manager.grantPermissionToRole, 'perm1', role1
                          )
        

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_roleregistry.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for 'defineRole' directive

$Id: test_roleregistry.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

import unittest

from zope.interface.verify import verifyObject
from zope.testing.cleanup import CleanUp

from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.interfaces import IRole

class Test(CleanUp, unittest.TestCase):

    def testEmptyRoles(self):
        self.assertEqual(None, roleRegistry.getRole('Foo'))
        self.failIf(roleRegistry.definedRole('Foo'))

    def testRoleIsAnIRole(self):
        r = roleRegistry.defineRole('Foo', 'Foo role')
        role = roleRegistry.getRole(r.getId())
        self.assertEqual(verifyObject(IRole, role), 1)

    def testDefineRole(self):
        role = roleRegistry.defineRole('Foo', 'foo role')
        self.failUnless(verifyObject(IRole, role))
        self.failUnless(roleRegistry.definedRole(role.getId()))
        role = roleRegistry.getRole(role.getId())
        self.assertEquals(role.getTitle(), 'foo role')

    def testDefineRoleWithTitle(self):
        eq = self.assertEqual
        r = roleRegistry.defineRole('Foo', 'Foo-able')
        role = roleRegistry.getRole(r.getId())
        eq(role.getTitle(), 'Foo-able')
        eq(role.getDescription(), '')

    def testDefineRoleWithTitleAndDescription(self):
        eq = self.assertEqual
        r = roleRegistry.defineRole('Foo', 'Foo-able', 'A foo-worthy role')
        role = roleRegistry.getRole(r.getId())
        eq(role.getTitle(), 'Foo-able')
        eq(role.getDescription(), 'A foo-worthy role')


def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)


if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_roleservice.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test the Role service.

$Id: test_roleservice.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
from unittest import TestCase, TestLoader, TextTestRunner

from zope.component import getServiceManager
from zope.app.tests import setup
from zope.app.services.tests.placefulsetup import PlacefulSetup

from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.role import RoleService
from zope.app.securitypolicy.role import Role

class RoleServiceTests(PlacefulSetup, TestCase):

    def _Test__new(self):
        return RoleService()

    def setUp(self):
        sm = PlacefulSetup.setUp(self, site=True)

        root_sm = getServiceManager(None)

        root_sm.defineService("Roles", IRoleService)
        self.roleRegistry = roleRegistry
        root_sm.provideService("Roles", roleRegistry)

        self.rs = setup.addService(sm, 'Roles', RoleService())

    def testGetRole(self):
        self.roleRegistry.defineRole('zope.Manager', 'Manager', '')

        r = Role("zope.Hacker","","")
        self.rs["zope.Hacker"] = r
        self.assertEqual(self.rs.getRole('zope.Hacker').getId(), 'zope.Hacker')
        self.assertEqual(self.rs.getRole('zope.Manager').getId(),
                         'zope.Manager')

        roles = [role.getId() for role in self.rs.getRoles()]
        roles.sort()

        self.assertEqual(roles,
                         ['zope.Anonymous', 'zope.Hacker', 'zope.Manager'])

    def testGetRoleFromLayeredServices(self):
        self.roleRegistry.defineRole('zope.Manager', 'Manager', '')

        r = Role("zope.Hacker","","")
        self.rs["zope.Hacker"] = r

        sm1 = self.makeSite('folder1')
        rs1 = setup.addService(sm1, 'Roles', RoleService())

        r1 = Role("zope.Reviewer",'','')
        rs1["zope.Reviewer"] = r1

        self.assertEqual(rs1.getRole('zope.Hacker').getId(), 'zope.Hacker')
        self.assertEqual(rs1.getRole('zope.Manager').getId(), 'zope.Manager')
        self.assertEqual(rs1.getRole('zope.Reviewer').getId(), 'zope.Reviewer')

        roles = [role.getId() for role in rs1.getRoles()]
        roles.sort()

        self.assertEqual(
            roles,
            ['zope.Anonymous', 'zope.Hacker', 'zope.Manager','zope.Reviewer'])



def test_suite():
    loader=TestLoader()
    return loader.loadTestsFromTestCase(RoleServiceTests)

if __name__=='__main__':
    TextTestRunner().run(test_suite())


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_securitydirectives.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Security Directives Tests

$Id: test_securitydirectives.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest

from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Permissions, Authentication
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService

from zope.configuration.config import ConfigurationConflictError
from zope.configuration import xmlconfig
from zope.testing.cleanup import CleanUp

import zope.app.securitypolicy.tests
import zope.app.securitypolicy.tests
from zope.app.security.settings import Allow
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.permissionregistry \
        import permissionRegistry as pregistry

from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.roleregistry import roleRegistry as rregistry
from zope.app.securitypolicy.rolepermission \
        import rolePermissionManager as role_perm_mgr
from zope.app.securitypolicy.principalpermission \
    import principalPermissionManager as principal_perm_mgr
from zope.app.securitypolicy.principalrole \
    import principalRoleManager as principal_role_mgr


class TestBase(CleanUp):

    def setUp(self):
        CleanUp.setUp(self)
    
        services.defineService(Permissions, IPermissionService)
        services.provideService(Permissions, pregistry)
    
        services.defineService("Roles", IRoleService)
        services.provideService("Roles", rregistry)
    
        services.defineService(Authentication, IAuthenticationService)
        services.provideService(Authentication, principalRegistry)


class TestRoleDirective(TestBase, unittest.TestCase):

    def testRegister(self):
        context = xmlconfig.file("role.zcml",
                                 zope.app.securitypolicy.tests)

        role = rregistry.getRole("zope.Everyperson")
        self.failUnless(role.getId().endswith('Everyperson'))
        self.assertEqual(role.getTitle(), 'Tout le monde')
        self.assertEqual(role.getDescription(),
                         'The common man, woman, person, or thing')

    def testDuplicationRegistration(self):
        self.assertRaises(ConfigurationConflictError, xmlconfig.file,
                          "role_duplicate.zcml",
                          zope.app.securitypolicy.tests)


class TestSecurityMapping(TestBase, unittest.TestCase):

    def setUp(self):
        TestBase.setUp(self)
        pregistry.definePermission("zope.Foo", '', '')
        rregistry.defineRole("zope.Bar", '', '')
        principalRegistry.definePrincipal("zope.Blah", '', '')
        self.context = xmlconfig.file("mapping.zcml",
                                      zope.app.securitypolicy.tests)

    def test_PermRoleMap(self):
        roles = role_perm_mgr.getRolesForPermission("zope.Foo")
        perms = role_perm_mgr.getPermissionsForRole("zope.Bar")

        self.assertEqual(len(roles), 1)
        self.failUnless(("zope.Bar",Allow) in roles)

        self.assertEqual(len(perms), 1)
        self.failUnless(("zope.Foo",Allow) in perms)

    def test_PermPrincipalMap(self):
        principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
        perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")

        self.assertEqual(len(principals), 1)
        self.failUnless(("zope.Blah", Allow) in principals)

        self.assertEqual(len(perms), 1)
        self.failUnless(("zope.Foo", Allow) in perms)

    def test_RolePrincipalMap(self):
        principals = principal_role_mgr.getPrincipalsForRole("zope.Bar")
        roles = principal_role_mgr.getRolesForPrincipal("zope.Blah")

        self.assertEqual(len(principals), 1)
        self.failUnless(("zope.Blah", Allow) in principals)

        self.assertEqual(len(roles), 1)
        self.failUnless(("zope.Bar", Allow) in roles)


def test_suite():
    return unittest.TestSuite((
        unittest.makeSuite(TestRoleDirective),
        unittest.makeSuite(TestSecurityMapping),
        ))

if __name__ == '__main__':
    unittest.main()


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_securitymap.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
#############################################################################
"""
$Id: test_securitymap.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""
import unittest
from zope.interface.verify import verifyClass
from zope.app.securitypolicy.interfaces import ISecurityMap
from zope.app.securitypolicy.securitymap import SecurityMap
from zope.app.securitypolicy.securitymap import PersistentSecurityMap

class TestSecurityMap(unittest.TestCase):

    def testInterface(self):
        verifyClass(ISecurityMap, SecurityMap)

    # XXX Test the map. Grrrrr.

class TestPersistentSecurityMap(TestSecurityMap):

    def testInterface(self):
        verifyClass(ISecurityMap, PersistentSecurityMap)

    # XXX test persistence...


def test_suite():
    return unittest.TestSuite((
        unittest.makeSuite(TestSecurityMap),
        unittest.makeSuite(TestPersistentSecurityMap),
        ))


=== Added File Zope3/src/zope/app/securitypolicy/tests/test_zopepolicy.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Tests the standard zope policy.

$Id: test_zopepolicy.py,v 1.1 2004/02/27 12:46:33 philikon Exp $
"""

import unittest

from zope.interface import implements
from zope.component.service import serviceManager as services
from zope.component import getService

from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService

from zope.app.tests import ztapi
from zope.app.services.servicenames import Permissions, Adapters
from zope.app.services.servicenames import Authentication
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.principalregistry import PrincipalBase
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.services.tests.placefulsetup import PlacefulSetup

from zope.app.securitypolicy.interfaces import IRoleService
from zope.app.securitypolicy.interfaces import IRolePermissionManager
from zope.app.securitypolicy.interfaces import IPrincipalRoleManager

from zope.app.securitypolicy.zopepolicy import permissionsOfPrincipal
from zope.app.securitypolicy.roleregistry import roleRegistry
from zope.app.securitypolicy.principalpermission \
     import principalPermissionManager
from zope.app.securitypolicy.rolepermission import rolePermissionManager
from zope.app.securitypolicy.principalrole import principalRoleManager
from zope.app.securitypolicy.principalpermission \
    import AnnotationPrincipalPermissionManager
from zope.app.securitypolicy.interfaces import IPrincipalPermissionManager
from zope.app.securitypolicy.principalrole \
     import AnnotationPrincipalRoleManager
from zope.app.securitypolicy.rolepermission \
    import AnnotationRolePermissionManager

class Context:
    def __init__(self, user, stack=[]):
        self.user, self.stack = user, stack

class Unprotected:
    pass

class Principal(PrincipalBase):
    pass


class Test(PlacefulSetup, unittest.TestCase):

    def setUp(self):
        PlacefulSetup.setUp(self)


        services.defineService(Permissions, IPermissionService)
        services.provideService(Permissions, permissionRegistry)

        services.defineService("Roles", IRoleService)
        services.provideService("Roles", roleRegistry)

        services.defineService(Authentication, IAuthenticationService)
        services.provideService(Authentication, principalRegistry)



        ztapi.provideAdapter(
            IAttributeAnnotatable, IAnnotations,
            AttributeAnnotations)

        # set up some principals
        self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
                                                     'jim', '123')

        self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
                                                     'tim', '456')

        self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
                    'Unknown', 'Nothing is known about this principal')

        # set up some permissions
        read = permissionRegistry.definePermission('read', 'Read',
                                                   'Read something')
        self.read = read.getId()
        write = permissionRegistry.definePermission('write', 'Write',
                                                    'Write something')
        self.write = write.getId()
        create = permissionRegistry.definePermission('create', 'Create',
                                                     'Create something')
        self.create = create.getId()
        update = permissionRegistry.definePermission('update', 'Update',
                                                     'Update something')
        self.update = update.getId()

        # ... and some roles...
        peon = roleRegistry.defineRole('Peon', 'Site Peon')
        self.peon = peon.getId()

        manager = roleRegistry.defineRole('Manager', 'Site Manager')
        self.manager = manager.getId()

        arole = roleRegistry.defineRole('Another', 'Another Role')
        self.arole = arole.getId()

        # grant and deny some permissions to a principal
        principalPermissionManager.grantPermissionToPrincipal(self.create,
                                                              self.jim.getId())
        principalPermissionManager.denyPermissionToPrincipal(self.update,
                                                             self.jim.getId())

        # grant and deny some permissions to the roles
        rolePermissionManager.grantPermissionToRole(self.read, self.peon)

        rolePermissionManager.grantPermissionToRole(self.read, self.manager)
        rolePermissionManager.grantPermissionToRole(self.write, self.manager)

        # ... and assign roles to principals
        principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.getId())
        principalRoleManager.assignRoleToPrincipal(self.manager,
                                                   self.tim.getId())

        self.policy = self._makePolicy()

    def _makePolicy(self):

        from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy
        return ZopeSecurityPolicy()

    def __assertPermissions(self, user, expected, object=None):
        permissions = list(permissionsOfPrincipal(user, object))
        permissions.sort()
        self.assertEqual(permissions, expected)

    def testImport(self):
        from zope.app.securitypolicy.zopepolicy import ZopeSecurityPolicy

    def testGlobalCheckPermission(self):
        self.failUnless(
            self.policy.checkPermission(self.read, None, Context(self.jim)))
        self.failUnless(
            self.policy.checkPermission(self.read, None, Context(self.tim)))
        self.failUnless(
            self.policy.checkPermission(self.write, None, Context(self.tim)))

        self.failIf(self.policy.checkPermission(
            self.read, None, Context(self.unknown)))
        self.failIf(self.policy.checkPermission(
            self.write, None, Context(self.unknown)))

        self.failIf(
            self.policy.checkPermission(
            self.read, None, Context(self.unknown)))

        self.__assertPermissions(self.jim, ['create', 'read'])
        self.__assertPermissions(self.tim, ['read', 'write'])
        self.__assertPermissions(self.unknown, [])

        rolePermissionManager.grantPermissionToRole(
            self.read, 'zope.Anonymous')

        self.failUnless(
            self.policy.checkPermission(
            self.read, None, Context(self.unknown)))

        self.__assertPermissions(self.unknown, ['read'])

        principalPermissionManager.grantPermissionToPrincipal(
            self.write, self.jim.getId())
        self.failUnless(
            self.policy.checkPermission(self.write, None, Context(self.jim)))

        self.__assertPermissions(self.jim, ['create', 'read', 'write'])

    def testPlaylessPrincipalRole(self):
        self.failIf(self.policy.checkPermission(
            self.write, None, Context(self.jim)))
        principalRoleManager.assignRoleToPrincipal(
            self.manager, self.jim.getId())
        self.failUnless(self.policy.checkPermission(
            self.write, None, Context(self.jim)))
        principalRoleManager.removeRoleFromPrincipal(
            self.manager, self.jim.getId())
        self.failIf(self.policy.checkPermission(
            self.write, None, Context(self.jim)))

    def testPlayfulPrincipalRole(self):
        ztapi.provideAdapter(
            ITest,
            IPrincipalRoleManager, AnnotationPrincipalRoleManager)

        ob1 = TestClass()
        ob2 = TestClass(); ob2.__parent__ = ob1
        ob3 = TestClass(); ob3.__parent__ = ob2

        self.failIf(self.policy.checkPermission(
            self.write, ob3, Context(self.jim)))
        AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
            self.manager, self.jim.getId())
        self.failUnless(self.policy.checkPermission(
            self.write, ob3, Context(self.jim)))
        AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
            self.manager, self.jim.getId())
        self.failIf(self.policy.checkPermission(
            self.write, ob3, Context(self.jim)))

    def testPlayfulRolePermissions(self):

        ARPM = AnnotationRolePermissionManager
        ztapi.provideAdapter(ITest,
                            IRolePermissionManager, ARPM)
        test = permissionRegistry.definePermission('test', 'Test', '')
        test = test.getId()

        ob1 = TestClass()
        ob2 = TestClass(); ob2.__parent__ = ob1
        ob3 = TestClass(); ob3.__parent__ = ob2

        self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
        self.__assertPermissions(self.tim, ['read', 'write'], ob3)

        ARPM(ob2).grantPermissionToRole(test, self.manager)
        self.failUnless(self.policy.checkPermission(test, ob3,
                                                    Context(self.tim)))
        self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)

        self.failIf(self.policy.checkPermission(test, ob3, Context(self.jim)))
        self.__assertPermissions(self.jim, ['create', 'read'], ob3)


        ARPM(ob3).grantPermissionToRole(test, self.peon)
        self.failUnless(self.policy.checkPermission(
            test, ob3, Context(self.jim)))
        self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)



        principalPermissionManager.denyPermissionToPrincipal(
            test, self.jim.getId())
        self.failIf(self.policy.checkPermission(
            test, ob3, Context(self.jim)))
        self.__assertPermissions(self.jim, ['create', 'read'], ob3)

        principalPermissionManager.unsetPermissionForPrincipal(
            test, self.jim.getId())

        # Make sure multiple conflicting role permissions resolve correctly
        ARPM(ob2).grantPermissionToRole(test, 'zope.Anonymous')
        ARPM(ob2).grantPermissionToRole(test, self.arole)
        ARPM(ob3).denyPermissionToRole(test, self.peon)

        new = principalRegistry.definePrincipal('new', 'Newbie',
                                                'Newbie User', 'new', '098')
        principalRoleManager.assignRoleToPrincipal(self.arole, new.getId())
        self.failUnless(self.policy.checkPermission(test, ob3, Context(new)))
        self.__assertPermissions(new, ['test'], ob3)

        principalRoleManager.assignRoleToPrincipal(self.peon, new.getId())
        self.failIf(self.policy.checkPermission(test, ob3, Context(new)))
        self.__assertPermissions(new, ['read'], ob3)

    def testPlayfulPrinciplePermissions(self):
        APPM = AnnotationPrincipalPermissionManager
        ztapi.provideAdapter(ITest,
                       IPrincipalPermissionManager, APPM)

        ob1 = TestClass()
        ob2 = TestClass(); ob2.__parent__ = ob1
        ob3 = TestClass(); ob3.__parent__ = ob2

        test = permissionRegistry.definePermission('test', 'Test', '')
        test = test.getId()

        self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))

        self.__assertPermissions(self.tim, ['read', 'write'], ob3)

        APPM(ob2).grantPermissionToPrincipal(test, self.tim.getId())
        self.failUnless(self.policy.checkPermission(test, ob3,
                                                    Context(self.tim)))
        self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)

        APPM(ob3).denyPermissionToPrincipal(test, self.tim.getId())
        self.failIf(self.policy.checkPermission(test, ob3,
                                                Context(self.tim)))
        self.__assertPermissions(self.tim, ['read', 'write'], ob3)

        APPM(ob1).denyPermissionToPrincipal(test, self.jim.getId())
        APPM(ob3).grantPermissionToPrincipal(test, self.jim.getId())
        self.failUnless(self.policy.checkPermission(test, ob3,
                                                    Context(self.jim)))
        self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)


        APPM(ob3).unsetPermissionForPrincipal(test, self.jim.getId())
        self.failIf(self.policy.checkPermission(test, ob3,
                                                Context(self.jim)))
        self.__assertPermissions(self.jim, ['create', 'read'], ob3)

        # make sure placeless principal permissions override placeful ones
        APPM(ob3).grantPermissionToPrincipal(test, self.tim.getId())
        principalPermissionManager.denyPermissionToPrincipal(
            test, self.tim.getId())
        self.failIf(self.policy.checkPermission(test, ob3,
                                                Context(self.tim)))

        self.__assertPermissions(self.tim, ['read', 'write'], ob3)


class ITest(IAttributeAnnotatable):
    pass

class TestClass:
    implements(ITest)

    __parent__ = None

    def __init__(self):
        self._roles       = { 'test' : {} }
        self._permissions = { 'Manager' : {} , 'Peon' : {} }

def test_suite():
    loader=unittest.TestLoader()
    return loader.loadTestsFromTestCase(Test)

if __name__=='__main__':
    unittest.TextTestRunner().run(test_suite())




More information about the Zope3-Checkins mailing list