[Zope3-checkins]
CVS: Zope3/src/zope/products/securitypolicy/browser/tests
- __init__.py:1.2 permissionservice.py:1.2
rolepermissionmanager.py:1.2 roleservice.py:1.2
test_principalpermissionview.py:1.2
test_principalroleview.py:1.2 test_rolepermissionview.py:1.2
Chris McDonough
chrism at plope.com
Wed Jan 14 17:56:06 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/securitypolicy/browser/tests
In directory cvs.zope.org:/tmp/cvs-serv5558/src/zope/products/securitypolicy/browser/tests
Added Files:
__init__.py permissionservice.py rolepermissionmanager.py
roleservice.py test_principalpermissionview.py
test_principalroleview.py test_rolepermissionview.py
Log Message:
Merge security policy refactoring:
- Moved all role- and grant-related functionality into
zope.products.securitypolicy (and out of zope.app.security.grant).
The zope.products.securitypolicy implementation is exactly
the same as the old implementation; no changes were made
to the actual mechanics of role-permission or principal-permission
grants. The only real difference is that all functionality
that is the purview of what we want a security policy to have
control of is now in that one place.
- Created new modulealias directive which can be used to provide
aliases to older modules (to not break existing ZODBs when
module locations change).
- Added minor feature: "make debug" launches a debug session in the
spirit of Zope 2's "zopectl debug".
=== Zope3/src/zope/products/securitypolicy/browser/tests/__init__.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/__init__.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,2 @@
+#
+# This file is necessary to make this directory a package.
=== Zope3/src/zope/products/securitypolicy/browser/tests/permissionservice.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/permissionservice.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,47 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""PermissionService implementation for testing
+
+$Id$
+"""
+
+from zope.app.interfaces.security import IPermissionService
+from zope.app.interfaces.security import IPermission
+from zope.app.interfaces.services.service import ISimpleService
+from zope.interface import implements
+
+class Permission:
+
+ implements(IPermission)
+
+ def __init__(self, id, title): self._id, self._title = id, title
+ def getId(self): return self._id
+ def getTitle(self): return self._title
+ def getDescription(self): return ''
+
+class PermissionService:
+
+ implements(IPermissionService, ISimpleService)
+
+ def __init__(self, **kw):
+ self._permissions = r = {}
+ for id, title in kw.items(): r[id]=Permission(id, title)
+
+ def getPermission(self, rid):
+ '''See interface IPermissionService'''
+ return self._permissions.get(rid)
+
+ def getPermissions(self):
+ '''See interface IPermissionService'''
+ return self._permissions.values()
=== Zope3/src/zope/products/securitypolicy/browser/tests/rolepermissionmanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/rolepermissionmanager.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,87 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test IRolePermissionManager class that has no context.
+
+$Id$
+"""
+
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
+from zope.products.securitypolicy.interfaces import IRolePermissionMap
+from zope.products.securitypolicy.securitymap import SecurityMap
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.interface import implements
+
+class RolePermissionManager:
+ """
+ provide adapter that manages role permission data in an object attribute
+ """
+
+ implements(IRolePermissionManager, IRolePermissionMap)
+
+ def __init__(self):
+ self._rp = SecurityMap()
+
+ def grantPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Allow)
+
+ def denyPermissionToRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions(create=1)
+ rp.addCell(permission_id, role_id, Deny)
+
+ def unsetPermissionFromRole(self, permission_id, role_id):
+ ''' See the interface IRolePermissionManager '''
+ rp = self._getRolePermissions()
+ # Only unset if there is a security map, otherwise, we're done
+ if rp:
+ rp.delCell(permission_id, role_id)
+
+ def getRolesForPermission(self, permission_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getRow(permission_id)
+ else:
+ return []
+
+ def getPermissionsForRole(self, role_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCol(role_id)
+ else:
+ return []
+
+ def getRolesAndPermissions(self):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getAllCells()
+ else:
+ return []
+
+ def getSetting(self, permission_id, role_id):
+ '''See interface IRolePermissionMap'''
+ rp = self._getRolePermissions()
+ if rp:
+ return rp.getCell(permission_id, role_id)
+ else:
+ return Unset
+
+ def _getRolePermissions(self, create=0):
+ """Get the role permission map stored in the context, optionally
+ creating one if necessary"""
+ return self._rp
=== Zope3/src/zope/products/securitypolicy/browser/tests/roleservice.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/roleservice.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,45 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""RoleService implementation for testing
+
+$Id$
+"""
+
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.products.securitypolicy.interfaces import IRole
+from zope.app.interfaces.services.service import ISimpleService
+from zope.interface import implements
+
+class Role:
+
+ implements(IRole)
+
+ def __init__(self, id, title): self._id, self._title = id, title
+ def getId(self): return self._id
+ def getTitle(self): return self._title
+ def getDescription(self): return ''
+
+class RoleService:
+
+ implements(IRoleService, ISimpleService)
+
+ def __init__(self, **kw):
+ self._roles = r = {}
+ for id, title in kw.items(): r[id]=Role(id, title)
+
+ def getRole(self, rid):
+ return self._roles.get(rid)
+
+ def getRoles(self):
+ return self._roles.values()
=== Zope3/src/zope/products/securitypolicy/browser/tests/test_principalpermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/test_principalpermissionview.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,362 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+import unittest
+
+from zope.app.tests import ztapi
+from zope.component import getService, getServiceManager
+from zope.app.services.servicenames import Permissions, Adapters
+from zope.app.services.servicenames import Authentication
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.app.interfaces.security import IPermissionService
+from zope.app.interfaces.security import IAuthenticationService
+from zope.products.securitypolicy.interfaces \
+ import IPrincipalPermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionMap
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.app.services.tests.placefulsetup \
+ import PlacefulSetup
+from zope.app.interfaces.services.service import ISimpleService
+from zope.interface import implements
+from zope.products.securitypolicy.browser.principalpermissionview \
+ import PrincipalPermissionView
+
+class DummyContext:
+
+ implements(IAttributeAnnotatable)
+#IPrincipalPermissionManager, IPrincipalPermissionMap
+
+class DummyPermissionService:
+
+ implements(IPermissionService, ISimpleService)
+
+ def __init__(self, perm_objs):
+ perms = {}
+ for perm_obj in perm_objs:
+ perms[perm_obj.getId()] = perm_obj
+
+ self.perms = perms
+
+ def getPermission(self,pr_id):
+ return self.perms[pr_id]
+
+ def getPermissions(self):
+ return self.perms.keys()
+
+
+class DummyAuthenticationService:
+ implements(IAuthenticationService, ISimpleService)
+
+ def __init__(self, principals):
+ pr = {}
+ for principal in principals:
+ pr[principal.getId()] = principal
+ self.principals = pr
+
+ def getPrincipal(self, principal_id):
+ return self.principals[principal_id]
+
+class DummyAdapter:
+
+ implements(IPrincipalPermissionManager, IPrincipalPermissionMap)
+
+ def __init__(self, context):
+ self._context = context
+ if not hasattr(self._context,'principals'):
+ self._context.principals = {}
+
+ def grantPermissionToPrincipal(self, permission, principal):
+ if not (principal in self._context.principals):
+ self._context.principals[principal]={}
+
+ self._context.principals[principal][permission]=Allow
+
+ def denyPermissionToPrincipal(self, permission, principal):
+ if not (principal in self._context.principals):
+ self._context.principals[principal]={}
+
+ self._context.principals[principal][permission]=Deny
+
+ def unsetPermissionForPrincipal(self, permission, principal):
+ if not (principal in self._context.principals):
+ return
+ try:
+ del self._context.principals[principal][permission]
+ except KeyError:
+ pass
+
+ def getSetting(self, permission, principal):
+ try:
+ setting = self._context.principals[principal][permission]
+
+ except KeyError:
+ setting = Unset
+
+ return setting
+
+ def getPrincipalsForPermission(self, permission):
+ ret = []
+ for principal, permissions in self._context.principals.items():
+ if permissions in permissions:
+ ret.append((principal, permissions[permission]))
+ return ret
+
+ def getPermissionsForPrincipal(self, principal):
+ try:
+ return self._context.principals[principal].items()
+ except KeyError:
+ return []
+
+class DummyObject:
+ def __init__(self, id, title):
+ self._id = id
+ self._title = title
+
+ def getId(self):
+ return self._id
+
+ def getTitle(self):
+ return self._title
+
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+ self._permissions = []
+ self._permissions.append(DummyObject('qux', 'Qux'))
+ self._permissions.append(DummyObject('baz', 'Baz'))
+ defineService=getServiceManager(None).defineService
+ provideService=getServiceManager(None).provideService
+
+ defineService(
+ Permissions, IPermissionService)
+ provideService(Permissions,
+ DummyPermissionService(self._permissions))
+
+ defineService(Authentication,
+ IAuthenticationService)
+
+ self._principals = []
+ self._principals.append(DummyObject('foo', 'Foo'))
+ self._principals.append(DummyObject('bar', 'Bar'))
+
+ provideService(Authentication,
+ DummyAuthenticationService(principals = self._principals))
+ ztapi.provideAdapter(IAttributeAnnotatable,
+ IPrincipalPermissionManager, DummyAdapter)
+ ztapi.provideAdapter(
+ IAttributeAnnotatable, IAnnotations, AttributeAnnotations)
+
+ def _makeOne(self):
+ return PrincipalPermissionView(DummyContext(), None)
+
+ def testGrantPermissions(self):
+ view = self._makeOne()
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
+
+ self.assertEqual(len(allowed_perms), 0, 'List not empty')
+ self.assertEqual(len(denied_perms), 0, 'List not empty')
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
+ [])
+
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow').sort(),
+ self._permissions.sort())
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
+ [])
+
+ view.grantPermissions(self._principals[1].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
+ [])
+
+ view.grantPermissions(self._principals[1].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow').sort(),
+ self._permissions.sort())
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
+ [])
+
+ def testDenyPermissions(self):
+ view = self._makeOne()
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
+
+ self.assertEqual(len(allowed_perms), 0, 'List not empty')
+ self.assertEqual(len(denied_perms), 0, 'List not empty')
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
+ [])
+
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny').sort(),
+ self._permissions.sort())
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
+ [])
+
+ view.denyPermissions(self._principals[1].getId(), [
+ self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
+ [])
+
+ view.denyPermissions(self._principals[1].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny').sort(),
+ self._permissions.sort())
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
+ [])
+
+ def testAllowDenyPermissions(self):
+ view = self._makeOne()
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
+
+ self.assertEqual(len(allowed_perms), 0, 'List not empty')
+ self.assertEqual(len(denied_perms), 0, 'List not empty')
+
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
+ [])
+
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 1, 'List has wrong length')
+
+ # Now change it to deny
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
+ [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
+ [])
+
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'), [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'), [self._permissions[1]])
+
+ def testUnsetPermissions(self):
+ view = self._makeOne()
+
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 1, 'List has wrong length')
+
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 0, 'Permission not unset')
+
+ # Deleting mutiple in one step
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 2, 'List has wrong length')
+
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 0, 'Some permissions not unset')
+
+ # Deleting in a row
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 2, 'List has wrong length')
+
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 1, 'Some permissions not unset')
+
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ self.assertEqual(len(allowed_perms), 0, 'Not all permissions unset')
+
+ # Ask for an other way of getting the unset permisssions
+ unset_perms = view.getUnsetPermissionsForPrincipal(
+ self._principals[0].getId())
+ self.assertEqual(len(unset_perms), 2, 'Not all permissions unset')
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/browser/tests/test_principalroleview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/test_principalroleview.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,158 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+import unittest
+
+from zope.app.interfaces.security import IAuthenticationService
+from zope.products.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.services.service import ISimpleService
+from zope.products.securitypolicy.browser.principalroleview import \
+ PrincipalRoleView
+from zope.app.services.servicenames import Authentication
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.component import getServiceManager
+from zope.interface import implements
+from zope.publisher.browser import BrowserView, TestRequest
+
+class PrincipalRoleView(PrincipalRoleView, BrowserView):
+ """Adding BrowserView to Utilities; this is usually done by ZCML."""
+
+class DummySetting:
+ def __init__(self, name):
+ self._name = name
+ def getName(self):
+ return self._name
+
+class DummyManager:
+
+ implements(IPrincipalRoleManager)
+
+ def getSetting(self, role, principal):
+ return DummySetting('%r:%r' % (role, principal))
+
+class DummyRoleService:
+
+ implements(IRoleService, ISimpleService)
+
+ def __init__(self, roles):
+ self._roles = roles
+
+ def getRoles(self):
+ return self._roles
+
+class DummyObject:
+ def __init__(self, id, title):
+ self._id = id
+ self._title = title
+
+ def getId(self):
+ return self._id
+
+ def getTitle(self):
+ return self._title
+
+class DummyAuthenticationService:
+
+ implements(IAuthenticationService, ISimpleService)
+
+ def __init__(self, principals):
+ self._principals = principals
+
+ def getPrincipals(self, name):
+ return self._principals
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+ self._roles = []
+ self._roles.append(DummyObject('qux', 'Qux'))
+ self._roles.append(DummyObject('baz', 'Baz'))
+ defineService=getServiceManager(None).defineService
+ provideService=getServiceManager(None).provideService
+
+ defineService("Roles", IRoleService)
+ provideService("Roles"
+ , DummyRoleService(roles = self._roles))
+
+ defineService(Authentication, IAuthenticationService)
+
+ self._principals = []
+ self._principals.append(DummyObject('foo', 'Foo'))
+ self._principals.append(DummyObject('bar', 'Bar'))
+
+ provideService(Authentication,
+ DummyAuthenticationService(principals = self._principals))
+
+ def _makeOne(self):
+ return PrincipalRoleView(DummyManager(), TestRequest())
+
+ def testRoles(self):
+ view = self._makeOne()
+ roles = list(view.getAllRoles())
+ self.assertEqual(len(roles), 2)
+
+ ids = map(lambda x: x.getId(), self._roles)
+
+ for role in roles:
+ self.failUnless(role.getId() in ids)
+
+ def testPrincipals(self):
+ view = self._makeOne()
+ principals = list(view.getAllPrincipals())
+ self.assertEqual(len(principals), 2)
+
+ ids = map(lambda x: x.getId(), self._principals)
+
+ for principal in principals:
+ self.failUnless(principal.getId() in ids, (principal, ids))
+
+ def testPrincipalRoleGrid(self):
+ view = self._makeOne()
+
+ grid = view.createGrid()
+
+ p_ids = [p.getId() for p in view.getAllPrincipals()]
+ r_ids = [r.getId() for r in view.getAllRoles()]
+
+ self.failUnless(grid.listAvailableValues())
+
+ for p in grid.principalIds():
+ self.failUnless(p in p_ids)
+
+ for r in grid.roleIds():
+ self.failUnless(r in r_ids)
+
+ map = DummyManager()
+
+ grid_entries = [(r, p, map.getSetting(r, p).getName())
+ for r in grid.roleIds()
+ for p in grid.principalIds()
+ ]
+
+ for r, p, setting in grid_entries:
+ self.assertEquals(setting, grid.getValue(p, r))
+
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/browser/tests/test_rolepermissionview.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/browser/tests/test_rolepermissionview.py Wed Jan 14 17:55:34 2004
@@ -0,0 +1,195 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Role-Permission View Tests
+
+$Id$
+"""
+import unittest
+from zope.app.services.tests.placefulsetup\
+ import PlacefulSetup
+from zope.app.services.servicenames import Permissions
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.products.securitypolicy.browser.tests.roleservice import RoleService
+from zope.products.securitypolicy.browser.tests.permissionservice import \
+ PermissionService
+from zope.products.securitypolicy.browser.tests.rolepermissionmanager import \
+ RolePermissionManager
+from zope.products.securitypolicy.browser.rolepermissionview \
+ import RolePermissionView
+from zope.app.interfaces.security import IPermissionService
+from zope.component import getServiceManager
+from zope.publisher.browser import BrowserView, TestRequest
+
+class RolePermissionView(RolePermissionView, BrowserView):
+ """Adding BrowserView to Utilities; this is usually done by ZCML."""
+
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+ defineService=getServiceManager(None).defineService
+ provideService=getServiceManager(None).provideService
+ defineService("Roles", IRoleService)
+ provideService("Roles", RoleService(
+ manager='Manager', member='Member'))
+ defineService(Permissions, IPermissionService)
+ provideService(Permissions, PermissionService(
+ read='Read', write='Write'))
+ self.view = RolePermissionView(RolePermissionManager(), None)
+
+ def testRoles(self):
+ roles = list(self.view.roles())
+ ids = ['manager', 'member']
+ titles = ['Manager', 'Member']
+ for role in roles:
+ i=ids.index(role.getId())
+ self.failIf(i < 0)
+ self.assertEqual(role.getTitle(), titles[i])
+ del ids[i]
+ del titles[i]
+
+ def testPermisssions(self):
+ permissions = list(self.view.permissions())
+ ids = ['read', 'write']
+ titles = ['Read', 'Write']
+ for permission in permissions:
+ i=ids.index(permission.getId())
+ self.failIf(i < 0)
+ self.assertEqual(permission.getTitle(), titles[i])
+ del ids[i]
+ del titles[i]
+
+ def testMatrix(self):
+ roles = self.view.roles()
+ permissions = self.view.permissions()
+
+ # manager member
+ # read +
+ # write . -
+ env = {
+ 'p0': 'read', 'p1': 'write',
+ 'r0': 'manager', 'r1': 'member',
+ 'p0r0': 'Allow',
+ 'p1r0': 'Unset', 'p1r1': 'Deny',
+ 'SUBMIT': 1
+ }
+ self.view.request = TestRequest(environ=env)
+ self.view.update()
+ permissionRoles = self.view.permissionRoles()
+ for ip in range(len(permissionRoles)):
+ permissionRole = permissionRoles[ip]
+ rset = permissionRole.roleSettings()
+ for ir in range(len(rset)):
+ setting = rset[ir]
+ r = roles[ir].getId()
+ p = permissions[ip].getId()
+ if setting == 'Allow':
+ self.failUnless(r == 'manager' and p == 'read')
+ elif setting == 'Deny':
+ self.failUnless(r == 'member' and p == 'write')
+ else:
+ self.failUnless(setting == 'Unset')
+
+ # manager member
+ # read -
+ # write +
+ env = {
+ 'p0': 'read', 'p1': 'write',
+ 'r0': 'manager', 'r1': 'member',
+ 'p0r0': 'Deny',
+ 'p1r0': 'Allow', 'p1r1': 'Unset',
+ 'SUBMIT': 1
+ }
+ self.view.request = TestRequest(environ=env)
+ self.view.update()
+ permissionRoles = self.view.permissionRoles()
+ for ip in range(len(permissionRoles)):
+ permissionRole = permissionRoles[ip]
+ rset = permissionRole.roleSettings()
+ for ir in range(len(rset)):
+ setting = rset[ir]
+ r = roles[ir].getId()
+ p = permissions[ip].getId()
+ if setting == 'Allow':
+ self.failUnless(r == 'manager' and p == 'write')
+ elif setting == 'Deny':
+ self.failUnless(r == 'manager' and p == 'read')
+ else:
+ self.failUnless(setting == 'Unset')
+
+ def testPermissionRoles(self):
+ env={'permission_id': 'write',
+ 'settings': ['Allow', 'Unset'],
+ 'SUBMIT_PERMS': 1}
+ self.view.request = TestRequest(environ=env)
+ self.view.update()
+ permission = self.view.permissionForID('write')
+ settings = permission.roleSettings()
+ self.assertEquals(settings, ['Allow', 'Unset'])
+
+
+ env={'permission_id': 'write',
+ 'settings': ['Unset', 'Deny'],
+ 'SUBMIT_PERMS': 1}
+ self.view.request = TestRequest(environ=env)
+ self.view.update()
+ permission = self.view.permissionForID('write')
+ settings = permission.roleSettings()
+ self.assertEquals(settings, ['Unset', 'Deny'])
+
+ env={'permission_id': 'write',
+ 'settings': ['Unset', 'foo'],
+ 'SUBMIT_PERMS': 1}
+ self.view.request = TestRequest(environ=env)
+ self.assertRaises(ValueError, self.view.update)
+
+ def testRolePermissions(self):
+ env={'Allow': ['read'],
+ 'Deny': ['write'],
+ 'SUBMIT_ROLE': 1,
+ 'role_id': 'member'}
+ self.view.request = TestRequest(environ=env)
+ self.view.update(1)
+ role = self.view.roleForID('member')
+ pinfos = role.permissionsInfo()
+ for pinfo in pinfos:
+ pid = pinfo['id']
+ if pid == 'read':
+ self.assertEquals(pinfo['setting'], 'Allow')
+ if pid == 'write':
+ self.assertEquals(pinfo['setting'], 'Deny')
+
+ env={'Allow': [],
+ 'Deny': ['read'],
+ 'SUBMIT_ROLE': 1,
+ 'role_id': 'member'}
+ self.view.request = TestRequest(environ=env)
+ self.view.update()
+ role = self.view.roleForID('member')
+ pinfos = role.permissionsInfo()
+ for pinfo in pinfos:
+ pid = pinfo['id']
+ if pid == 'read':
+ self.assertEquals(pinfo['setting'], 'Deny')
+ if pid == 'write':
+ self.assertEquals(pinfo['setting'], 'Unset')
+
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
More information about the Zope3-Checkins
mailing list