[Zope3-checkins] CVS: Zope3/src/zope/products/securitypolicy/tests
- __init__.py:1.1.2.1 mapping.zcml:1.1.2.1
test_annotationprincipalpermissionmanager.py:1.1.2.1
test_annotationprincipalrolemanager.py:1.1.2.1
test_annotationrolepermissionmanager.py:1.1.2.1
test_principalpermissionmanager.py:1.1.2.1
test_principalrolemanager.py:1.1.2.1
test_rolepermissionmanager.py:1.1.2.1
test_securitydirectives.py:1.1.2.1
test_securitymap.py:1.1.2.1 test_zopepolicy.py:1.1.2.1
Steve Alexander
steve at cat-box.net
Tue Jan 13 18:34:24 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/securitypolicy/tests
In directory cvs.zope.org:/tmp/cvs-serv25567/src/zope/products/securitypolicy/tests
Added Files:
Tag: steveachrismcd-securitypolicy-branch
__init__.py mapping.zcml
test_annotationprincipalpermissionmanager.py
test_annotationprincipalrolemanager.py
test_annotationrolepermissionmanager.py
test_principalpermissionmanager.py
test_principalrolemanager.py test_rolepermissionmanager.py
test_securitydirectives.py test_securitymap.py
test_zopepolicy.py
Log Message:
Initial move of things related to the security policy.
=== Added File Zope3/src/zope/products/securitypolicy/tests/__init__.py ===
#
# This file is necessary to make this directory a package.
=== Added File Zope3/src/zope/products/securitypolicy/tests/mapping.zcml ===
<configure xmlns="http://namespaces.zope.org/zope">
<include package="zope.products.securitypolicy" file="meta.zcml"/>
<grant
permission="zope.Foo"
role="zope.Bar" />
<grant
permission="zope.Foo"
principal="zope.Blah" />
<grant
role="zope.Bar"
principal="zope.Blah" />
</configure>
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for AnnotationPrincipalPermissionManager module."""
import unittest
from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.component import getService
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.permissionregistry \
import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as prinregistry
from zope.products.securitypolicy.principalpermission \
import AnnotationPrincipalPermissionManager
from zope.app.security.settings import Allow, Deny, Unset
from zope.app.tests.placelesssetup import PlacelessSetup
from zope.interface import implements
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacelessSetup, unittest.TestCase):
def setUp(self):
super(Test, self).setUp()
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
def _make_principal(self, id=None, title=None):
p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalPermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
permission = permission.getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
def testPrincipalPermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
permission = permission.getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPermissionsOnePrincipal(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
perm1 = permregistry.definePermission('Perm One', 'title').getId()
perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Deny) in perms)
def testManyPrincipalsOnePermission(self):
manager = AnnotationPrincipalPermissionManager(Manageable())
perm1 = permregistry.definePermission('Perm One', 'title').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1,Allow) in principals)
self.failUnless((prin2,Deny) in principals)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module."""
import unittest
from zope.app.tests import ztapi
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.component import getService
from zope.app.services.servicenames import Adapters
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.security.registries.roleregistry import roleRegistry as rregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as pregistry
from zope.products.securitypolicy.principalrole \
import AnnotationPrincipalRoleManager
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.interface import implements
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
def _make_principal(self, id=None, title=None):
p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def _make_roleManager(self, obj=None):
if obj is None:
obj = Manageable()
return AnnotationPrincipalRoleManager(obj)
def testUnboundPrincipalRole(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testPrincipalRoleAllow(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Allow)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Allow)])
def testPrincipalRoleDeny(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Deny)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Deny)])
def testPrincipalRoleUnset(self):
principalRoleManager = self._make_roleManager()
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
principalRoleManager.unsetRoleForPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testManyRolesOnePrincipal(self):
principalRoleManager = self._make_roleManager()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
roles = principalRoleManager.getRolesForPrincipal(prin1)
self.assertEqual(len(roles), 2)
self.failUnless((role1, Allow) in roles)
self.failUnless((role2, Allow) in roles)
def testManyPrincipalsOneRole(self):
principalRoleManager = self._make_roleManager()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principals = principalRoleManager.getPrincipalsForRole(role1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1, Allow) in principals)
self.failUnless((prin2, Allow) in principals)
def testPrincipalsAndRoles(self):
principalRoleManager = self._make_roleManager()
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 0)
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 3)
self.failUnless((role1, prin1, Allow) in principalsAndRoles)
self.failUnless((role1, prin2, Allow) in principalsAndRoles)
self.failUnless((role2, prin1, Allow) in principalsAndRoles)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_annotationrolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
from zope.app.tests import ztapi
from zope.products.securitypolicy.rolepermission \
import AnnotationRolePermissionManager
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.component import getServiceManager, getService
from zope.app.services.servicenames import Permissions, Adapters
from zope.app.interfaces.security import IRoleService
from zope.app.interfaces.security import IPermissionService
from zope.app.security.registries.roleregistry import roleRegistry
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.settings import Allow, Deny
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.interface import implements
import unittest
class Manageable:
implements(IAttributeAnnotatable)
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
defineService=getServiceManager(None).defineService
provideService=getServiceManager(None).provideService
defineService('Roles', IRoleService)
defineService(Permissions, IPermissionService)
provideService('Roles', roleRegistry)
provideService(Permissions, permissionRegistry)
ztapi.provideAdapter(IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
read = permissionRegistry.definePermission('read', 'Read Something')
self.read = read.getId()
write = permissionRegistry.definePermission('write', 'Write Something')
self.write = write.getId()
peon = roleRegistry.defineRole('peon', 'Poor Slob')
self.peon = peon.getId()
manager = roleRegistry.defineRole('manager', 'Supreme Being')
self.manager = manager.getId()
def testNormal(self):
obj = Manageable()
mgr = AnnotationRolePermissionManager(obj)
mgr.grantPermissionToRole(self.read,self.manager)
mgr.grantPermissionToRole(self.write,self.manager)
mgr.grantPermissionToRole(self.write,self.manager)
mgr.grantPermissionToRole(self.read,self.peon)
l = list(mgr.getPermissionsForRole(self.manager))
self.failUnless((self.read, Allow) in l)
self.failUnless((self.write, Allow) in l)
l = list(mgr.getPermissionsForRole(self.peon))
self.failUnless([(self.read, Allow)] == l)
l = list(mgr.getRolesForPermission(self.read))
self.failUnless((self.manager, Allow) in l)
self.failUnless((self.peon, Allow) in l)
l = list(mgr.getRolesForPermission(self.write))
self.assertEqual(l, [(self.manager, Allow)])
mgr.denyPermissionToRole(self.read, self.peon)
l = list(mgr.getPermissionsForRole(self.peon))
self.assertEqual(l, [(self.read, Deny)])
mgr.unsetPermissionFromRole(self.read, self.peon)
l = list(mgr.getRolesForPermission(self.read))
self.assertEqual(l, [(self.manager, Allow)])
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_principalpermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalPermissionManager module."""
import unittest
from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Permissions, Authentication
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IAuthenticationService
from zope.app.security.registries.permissionregistry \
import permissionRegistry as permregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as prinregistry
from zope.products.securitypolicy.principalpermission \
import principalPermissionManager as manager
from zope.app.security.settings import Allow, Deny, Unset
from zope.testing.cleanup import CleanUp # Base class w registry cleanup
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, permregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, prinregistry)
def _make_principal(self, id=None, title=None):
p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalPermission(self):
permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
def test_invalidPermission(self):
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
'permission', 'principal')
principal = self._make_principal()
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
'permission', principal)
def test_invalidPrincipal(self):
permission = permregistry.definePermission('APerm', 'title').getId()
self.assertRaises(ValueError,
manager.grantPermissionToPrincipal,
permission, 'principal')
def testPrincipalPermission(self):
permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPermissionsOnePrincipal(self):
perm1 = permregistry.definePermission('Perm One', 'title').getId()
perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Deny) in perms)
perms = manager.getPrincipalsAndPermissions()
self.failUnless((perm1,prin1,Allow) in perms)
self.failUnless((perm2,prin1,Deny) in perms)
def testManyPrincipalsOnePermission(self):
perm1 = permregistry.definePermission('Perm One', 'title').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1,Allow) in principals)
self.failUnless((prin2,Deny) in principals)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_principalrolemanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for PrincipalRoleManager module."""
import unittest
from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Authentication
from zope.app.interfaces.security import IRoleService
from zope.app.interfaces.security import IAuthenticationService
from zope.app.security.registries.roleregistry \
import roleRegistry as rregistry
from zope.app.security.registries.principalregistry \
import principalRegistry as pregistry
from zope.products.securitypolicy.principalrole import principalRoleManager
from zope.app.security.settings import Allow, Deny
from zope.testing.cleanup import CleanUp # Base class w registry cleanup
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService('Roles', IRoleService)
services.provideService('Roles', rregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, pregistry)
def _make_principal(self, id=None, title=None):
p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
return p.getId()
def testUnboundPrincipalRole(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def testPrincipalRoleAllow(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Allow)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Allow)])
def testPrincipalRoleDeny(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Deny)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Deny)])
def testPrincipalRoleUnset(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
principal = self._make_principal()
principalRoleManager.removeRoleFromPrincipal(role, principal)
principalRoleManager.unsetRoleForPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[])
def test_invalidPrincipal(self):
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
'role1', 'prin1')
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
role1, 'prin1')
def test_invalidRole(self):
prin1 = self._make_principal()
self.assertRaises(ValueError,
principalRoleManager.assignRoleToPrincipal,
'role1', prin1)
def testManyRolesOnePrincipal(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
roles = principalRoleManager.getRolesForPrincipal(prin1)
self.assertEqual(len(roles), 2)
self.failUnless((role1, Allow) in roles)
self.failUnless((role2, Allow) in roles)
def testManyPrincipalsOneRole(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principals = principalRoleManager.getPrincipalsForRole(role1)
self.assertEqual(len(principals), 2)
self.failUnless((prin1, Allow) in principals)
self.failUnless((prin2, Allow) in principals)
def testPrincipalsAndRoles(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 3)
self.failUnless((role1, prin1, Allow) in principalsAndRoles)
self.failUnless((role1, prin2, Allow) in principalsAndRoles)
self.failUnless((role2, prin1, Allow) in principalsAndRoles)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_rolepermissionmanager.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Test handler for RolePermissionManager module."""
import unittest
from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Permissions, Roles
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IRoleService
from zope.app.security.registries.permissionregistry \
import permissionRegistry as pregistry
from zope.app.security.registries.roleregistry \
import roleRegistry as rregistry
from zope.products.securitypolicy.rolepermission \
import rolePermissionManager as manager
from zope.app.security.settings import Allow, Deny
from zope.testing.cleanup import CleanUp # Base class w registry cleanup
class Test(CleanUp, unittest.TestCase):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, pregistry)
services.defineService(Roles, IRoleService)
services.provideService(Roles, rregistry)
def testUnboundRolePermission(self):
permission = pregistry.definePermission('APerm', 'aPerm title').getId()
role = rregistry.defineRole('ARole', 'A Role').getId()
self.assertEqual(manager.getRolesForPermission(permission), [])
self.assertEqual(manager.getPermissionsForRole(role), [])
def testRolePermission(self):
permission = pregistry.definePermission('APerm', 'aPerm title').getId()
role = rregistry.defineRole('ARole', 'A Role').getId()
manager.grantPermissionToRole(permission, role)
self.assertEqual(manager.getRolesForPermission(permission),
[(role,Allow)])
self.assertEqual(manager.getPermissionsForRole(role),
[(permission,Allow)])
def testManyPermissionsOneRole(self):
perm1 = pregistry.definePermission('Perm One', 'P1').getId()
perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 0)
manager.grantPermissionToRole(perm1, role1)
manager.grantPermissionToRole(perm2, role1)
manager.grantPermissionToRole(perm2, role1)
manager.denyPermissionToRole(perm3, role1)
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 3)
self.failUnless((perm1,Allow) in perms)
self.failUnless((perm2,Allow) in perms)
self.failUnless((perm3,Deny) in perms)
manager.unsetPermissionFromRole(perm1, role1)
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 2)
self.failUnless((perm2,Allow) in perms)
def testManyRolesOnePermission(self):
perm1 = pregistry.definePermission('Perm One', 'title').getId()
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 0)
manager.grantPermissionToRole(perm1, role1)
manager.grantPermissionToRole(perm1, role2)
manager.grantPermissionToRole(perm1, role2)
manager.denyPermissionToRole(perm1, role1)
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 2)
self.failIf((role1,Allow) in roles)
self.failUnless((role1,Deny) in roles)
self.failUnless((role2,Allow) in roles)
manager.unsetPermissionFromRole(perm1, role1)
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 1)
self.failUnless((role2,Allow) in roles)
def test_invalidRole(self):
self.assertRaises(ValueError,
manager.grantPermissionToRole, 'perm1', 'role1'
)
perm1 = pregistry.definePermission('Perm One', 'title').getId()
self.assertRaises(ValueError,
manager.grantPermissionToRole, perm1, 'role1'
)
def test_invalidPerm(self):
role1 = rregistry.defineRole('Role One', 'Role #1').getId()
self.assertRaises(ValueError,
manager.grantPermissionToRole, 'perm1', role1
)
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_securitydirectives.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Security Directives Tests
$Id: test_securitydirectives.py,v 1.1.2.1 2004/01/13 23:34:21 stevea Exp $
"""
import unittest
from zope.component.service import serviceManager as services
from zope.app.services.servicenames import Roles, Permissions, Authentication
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IRoleService
from zope.app.interfaces.security import IAuthenticationService
from zope.configuration.config import ConfigurationConflictError
from zope.configuration import xmlconfig
from zope.testing.cleanup import CleanUp # Base class w registry cleanup
import zope.app.security.tests
import zope.products.securitypolicy.tests
from zope.app.security.settings import Allow
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.permissionregistry \
import permissionRegistry as pregistry
from zope.app.security.registries.roleregistry import roleRegistry as rregistry
from zope.products.securitypolicy.rolepermission \
import rolePermissionManager as role_perm_mgr
from zope.products.securitypolicy.principalpermission \
import principalPermissionManager as principal_perm_mgr
from zope.products.securitypolicy.principalrole \
import principalRoleManager as principal_role_mgr
class TestBase(CleanUp):
def setUp(self):
CleanUp.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, pregistry)
services.defineService(Roles, IRoleService)
services.provideService(Roles, rregistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, principalRegistry)
class TestRoleDirective(TestBase, unittest.TestCase):
def testRegister(self):
context = xmlconfig.file("role.zcml", zope.app.security.tests)
role = rregistry.getRole("zope.Everyperson")
self.failUnless(role.getId().endswith('Everyperson'))
self.assertEqual(role.getTitle(), 'Tout le monde')
self.assertEqual(role.getDescription(),
'The common man, woman, person, or thing')
def testDuplicationRegistration(self):
self.assertRaises(ConfigurationConflictError, xmlconfig.file,
"role_duplicate.zcml", zope.app.security.tests)
class TestSecurityMapping(TestBase, unittest.TestCase):
def setUp(self):
TestBase.setUp(self)
pregistry.definePermission("zope.Foo", '', '')
rregistry.defineRole("zope.Bar", '', '')
principalRegistry.definePrincipal("zope.Blah", '', '')
self.context = xmlconfig.file("mapping.zcml",
zope.products.securitypolicy.tests)
def test_PermRoleMap(self):
roles = role_perm_mgr.getRolesForPermission("zope.Foo")
perms = role_perm_mgr.getPermissionsForRole("zope.Bar")
self.assertEqual(len(roles), 1)
self.failUnless(("zope.Bar",Allow) in roles)
self.assertEqual(len(perms), 1)
self.failUnless(("zope.Foo",Allow) in perms)
def test_PermPrincipalMap(self):
principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")
self.assertEqual(len(principals), 1)
self.failUnless(("zope.Blah", Allow) in principals)
self.assertEqual(len(perms), 1)
self.failUnless(("zope.Foo", Allow) in perms)
def test_RolePrincipalMap(self):
principals = principal_role_mgr.getPrincipalsForRole("zope.Bar")
roles = principal_role_mgr.getRolesForPrincipal("zope.Blah")
self.assertEqual(len(principals), 1)
self.failUnless(("zope.Blah", Allow) in principals)
self.assertEqual(len(roles), 1)
self.failUnless(("zope.Bar", Allow) in roles)
def test_suite():
return unittest.TestSuite((
unittest.makeSuite(TestRoleDirective),
unittest.makeSuite(TestSecurityMapping),
))
if __name__ == '__main__':
unittest.main()
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_securitymap.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
#############################################################################
import unittest
from zope.interface.verify import verifyClass
from zope.products.securitypolicy.interfaces import ISecurityMap
from zope.products.securitypolicy.securitymap import SecurityMap
from zope.products.securitypolicy.securitymap import PersistentSecurityMap
class TestSecurityMap(unittest.TestCase):
def testInterface(self):
verifyClass(ISecurityMap, SecurityMap)
# XXX Test the map. Grrrrr.
class TestPersistentSecurityMap(TestSecurityMap):
def testInterface(self):
verifyClass(ISecurityMap, PersistentSecurityMap)
# XXX test persistence...
def test_suite():
return unittest.TestSuite((
unittest.makeSuite(TestSecurityMap),
unittest.makeSuite(TestPersistentSecurityMap),
))
=== Added File Zope3/src/zope/products/securitypolicy/tests/test_zopepolicy.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Tests the standard zope policy.
$Id: test_zopepolicy.py,v 1.1.2.1 2004/01/13 23:34:21 stevea Exp $
"""
import unittest
from zope.app.tests import ztapi
from zope.component.service import serviceManager as services
from zope.interface import implements
from zope.app.interfaces.security import IPermissionService
from zope.app.interfaces.security import IRoleService
from zope.app.interfaces.security import IAuthenticationService
from zope.component import getService
from zope.app.services.servicenames import Roles, Permissions, Adapters
from zope.app.services.servicenames import Authentication
from zope.app.interfaces.security import IRolePermissionManager
from zope.app.security.registries.permissionregistry import permissionRegistry
from zope.app.security.registries.principalregistry import principalRegistry
from zope.app.security.registries.principalregistry import PrincipalBase
from zope.app.security.registries.roleregistry import roleRegistry
from zope.products.securitypolicy.principalpermission \
import principalPermissionManager
from zope.products.securitypolicy.rolepermission import rolePermissionManager
from zope.products.securitypolicy.principalrole import principalRoleManager
from zope.products.securitypolicy.principalpermission \
import AnnotationPrincipalPermissionManager
from zope.app.interfaces.security import IPrincipalPermissionManager
from zope.products.securitypolicy.principalrole \
import AnnotationPrincipalRoleManager
from zope.products.securitypolicy.rolepermission \
import AnnotationRolePermissionManager
from zope.app.interfaces.security import IPrincipalRoleManager
from zope.app.interfaces.annotation import IAttributeAnnotatable
from zope.app.interfaces.annotation import IAnnotations
from zope.app.attributeannotations import AttributeAnnotations
from zope.app.services.tests.placefulsetup import PlacefulSetup
from zope.products.securitypolicy.zopepolicy import permissionsOfPrincipal
class Context:
def __init__(self, user, stack=[]):
self.user, self.stack = user, stack
class Unprotected:
pass
class Principal(PrincipalBase):
pass
class Test(PlacefulSetup, unittest.TestCase):
def setUp(self):
PlacefulSetup.setUp(self)
services.defineService(Permissions, IPermissionService)
services.provideService(Permissions, permissionRegistry)
services.defineService(Roles, IRoleService)
services.provideService(Roles, roleRegistry)
services.defineService(Authentication, IAuthenticationService)
services.provideService(Authentication, principalRegistry)
ztapi.provideAdapter(
IAttributeAnnotatable, IAnnotations,
AttributeAnnotations)
# set up some principals
self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
'jim', '123')
self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
'tim', '456')
self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
'Unknown', 'Nothing is known about this principal')
# set up some permissions
read = permissionRegistry.definePermission('read', 'Read',
'Read something')
self.read = read.getId()
write = permissionRegistry.definePermission('write', 'Write',
'Write something')
self.write = write.getId()
create = permissionRegistry.definePermission('create', 'Create',
'Create something')
self.create = create.getId()
update = permissionRegistry.definePermission('update', 'Update',
'Update something')
self.update = update.getId()
# ... and some roles...
peon = roleRegistry.defineRole('Peon', 'Site Peon')
self.peon = peon.getId()
manager = roleRegistry.defineRole('Manager', 'Site Manager')
self.manager = manager.getId()
arole = roleRegistry.defineRole('Another', 'Another Role')
self.arole = arole.getId()
# grant and deny some permissions to a principal
principalPermissionManager.grantPermissionToPrincipal(self.create,
self.jim.getId())
principalPermissionManager.denyPermissionToPrincipal(self.update,
self.jim.getId())
# grant and deny some permissions to the roles
rolePermissionManager.grantPermissionToRole(self.read, self.peon)
rolePermissionManager.grantPermissionToRole(self.read, self.manager)
rolePermissionManager.grantPermissionToRole(self.write, self.manager)
# ... and assign roles to principals
principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.getId())
principalRoleManager.assignRoleToPrincipal(self.manager,
self.tim.getId())
self.policy = self._makePolicy()
def _makePolicy(self):
from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
return ZopeSecurityPolicy()
def __assertPermissions(self, user, expected, object=None):
permissions = list(permissionsOfPrincipal(user, object))
permissions.sort()
self.assertEqual(permissions, expected)
def testImport(self):
from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
def testGlobalCheckPermission(self):
self.failUnless(
self.policy.checkPermission(self.read, None, Context(self.jim)))
self.failUnless(
self.policy.checkPermission(self.read, None, Context(self.tim)))
self.failUnless(
self.policy.checkPermission(self.write, None, Context(self.tim)))
self.failIf(self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.unknown)))
self.failIf(
self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.__assertPermissions(self.jim, ['create', 'read'])
self.__assertPermissions(self.tim, ['read', 'write'])
self.__assertPermissions(self.unknown, [])
rolePermissionManager.grantPermissionToRole(
self.read, 'zope.Anonymous')
self.failUnless(
self.policy.checkPermission(
self.read, None, Context(self.unknown)))
self.__assertPermissions(self.unknown, ['read'])
principalPermissionManager.grantPermissionToPrincipal(
self.write, self.jim.getId())
self.failUnless(
self.policy.checkPermission(self.write, None, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'write'])
def testPlaylessPrincipalRole(self):
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.jim)))
principalRoleManager.assignRoleToPrincipal(
self.manager, self.jim.getId())
self.failUnless(self.policy.checkPermission(
self.write, None, Context(self.jim)))
principalRoleManager.removeRoleFromPrincipal(
self.manager, self.jim.getId())
self.failIf(self.policy.checkPermission(
self.write, None, Context(self.jim)))
def testPlayfulPrincipalRole(self):
ztapi.provideAdapter(
ITest,
IPrincipalRoleManager, AnnotationPrincipalRoleManager)
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
self.failIf(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
self.manager, self.jim.getId())
self.failUnless(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
self.manager, self.jim.getId())
self.failIf(self.policy.checkPermission(
self.write, ob3, Context(self.jim)))
def testPlayfulRolePermissions(self):
ARPM = AnnotationRolePermissionManager
ztapi.provideAdapter(ITest,
IRolePermissionManager, ARPM)
test = permissionRegistry.definePermission('test', 'Test', '')
test = test.getId()
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
ARPM(ob2).grantPermissionToRole(test, self.manager)
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
self.failIf(self.policy.checkPermission(test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
ARPM(ob3).grantPermissionToRole(test, self.peon)
self.failUnless(self.policy.checkPermission(
test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
principalPermissionManager.denyPermissionToPrincipal(
test, self.jim.getId())
self.failIf(self.policy.checkPermission(
test, ob3, Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
principalPermissionManager.unsetPermissionForPrincipal(
test, self.jim.getId())
# Make sure multiple conflicting role permissions resolve correctly
ARPM(ob2).grantPermissionToRole(test, 'zope.Anonymous')
ARPM(ob2).grantPermissionToRole(test, self.arole)
ARPM(ob3).denyPermissionToRole(test, self.peon)
new = principalRegistry.definePrincipal('new', 'Newbie',
'Newbie User', 'new', '098')
principalRoleManager.assignRoleToPrincipal(self.arole, new.getId())
self.failUnless(self.policy.checkPermission(test, ob3, Context(new)))
self.__assertPermissions(new, ['test'], ob3)
principalRoleManager.assignRoleToPrincipal(self.peon, new.getId())
self.failIf(self.policy.checkPermission(test, ob3, Context(new)))
self.__assertPermissions(new, ['read'], ob3)
def testPlayfulPrinciplePermissions(self):
APPM = AnnotationPrincipalPermissionManager
ztapi.provideAdapter(ITest,
IPrincipalPermissionManager, APPM)
ob1 = TestClass()
ob2 = TestClass(); ob2.__parent__ = ob1
ob3 = TestClass(); ob3.__parent__ = ob2
test = permissionRegistry.definePermission('test', 'Test', '')
test = test.getId()
self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
APPM(ob2).grantPermissionToPrincipal(test, self.tim.getId())
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
APPM(ob3).denyPermissionToPrincipal(test, self.tim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
APPM(ob1).denyPermissionToPrincipal(test, self.jim.getId())
APPM(ob3).grantPermissionToPrincipal(test, self.jim.getId())
self.failUnless(self.policy.checkPermission(test, ob3,
Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
APPM(ob3).unsetPermissionForPrincipal(test, self.jim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.jim)))
self.__assertPermissions(self.jim, ['create', 'read'], ob3)
# make sure placeless principal permissions override placeful ones
APPM(ob3).grantPermissionToPrincipal(test, self.tim.getId())
principalPermissionManager.denyPermissionToPrincipal(
test, self.tim.getId())
self.failIf(self.policy.checkPermission(test, ob3,
Context(self.tim)))
self.__assertPermissions(self.tim, ['read', 'write'], ob3)
class ITest(IAttributeAnnotatable):
pass
class TestClass:
implements(ITest)
__parent__ = None
def __init__(self):
self._roles = { 'test' : {} }
self._permissions = { 'Manager' : {} , 'Peon' : {} }
def test_suite():
loader=unittest.TestLoader()
return loader.loadTestsFromTestCase(Test)
if __name__=='__main__':
unittest.TextTestRunner().run(test_suite())
More information about the Zope3-Checkins
mailing list