[Zope3-checkins] CVS: Zope3/src/zope/products/securitypolicy/tests
- __init__.py:1.2 mapping.zcml:1.2 role.zcml:1.2
role_duplicate.zcml:1.2
test_annotationprincipalpermissionmanager.py:1.2
test_annotationprincipalrolemanager.py:1.2
test_annotationrolepermissionmanager.py:1.2
test_principalpermissionmanager.py:1.2
test_principalrolemanager.py:1.2 test_rolecontents.py:1.2
test_rolepermissionmanager.py:1.2 test_roleregistry.py:1.2
test_roleservice.py:1.2 test_securitydirectives.py:1.2
test_securitymap.py:1.2 test_zopepolicy.py:1.2
Chris McDonough
chrism at plope.com
Wed Jan 14 17:56:07 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/securitypolicy/tests
In directory cvs.zope.org:/tmp/cvs-serv5558/src/zope/products/securitypolicy/tests
Added Files:
__init__.py mapping.zcml role.zcml role_duplicate.zcml
test_annotationprincipalpermissionmanager.py
test_annotationprincipalrolemanager.py
test_annotationrolepermissionmanager.py
test_principalpermissionmanager.py
test_principalrolemanager.py test_rolecontents.py
test_rolepermissionmanager.py test_roleregistry.py
test_roleservice.py test_securitydirectives.py
test_securitymap.py test_zopepolicy.py
Log Message:
Merge security policy refactoring:
- Moved all role- and grant-related functionality into
zope.products.securitypolicy (and out of zope.app.security.grant).
The zope.products.securitypolicy implementation is exactly
the same as the old implementation; no changes were made
to the actual mechanics of role-permission or principal-permission
grants. The only real difference is that all functionality
that is the purview of what we want a security policy to have
control of is now in that one place.
- Created new modulealias directive which can be used to provide
aliases to older modules (to not break existing ZODBs when
module locations change).
- Added minor feature: "make debug" launches a debug session in the
spirit of Zope 2's "zopectl debug".
=== Zope3/src/zope/products/securitypolicy/tests/__init__.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/__init__.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,2 @@
+#
+# This file is necessary to make this directory a package.
=== Zope3/src/zope/products/securitypolicy/tests/mapping.zcml 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/mapping.zcml Wed Jan 14 17:55:35 2004
@@ -0,0 +1,18 @@
+<configure xmlns="http://namespaces.zope.org/zope">
+
+ <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+ <grant
+ permission="zope.Foo"
+ role="zope.Bar" />
+
+ <grant
+ permission="zope.Foo"
+ principal="zope.Blah" />
+
+ <grant
+ role="zope.Bar"
+ principal="zope.Blah" />
+
+
+</configure>
=== Zope3/src/zope/products/securitypolicy/tests/role.zcml 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/role.zcml Wed Jan 14 17:55:35 2004
@@ -0,0 +1,13 @@
+<configure
+ xmlns="http://namespaces.zope.org/zope"
+ i18n_domain="zope"
+ >
+
+ <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+ <role
+ id="zope.Everyperson"
+ title="Tout le monde"
+ description="The common man, woman, person, or thing" />
+
+</configure>
=== Zope3/src/zope/products/securitypolicy/tests/role_duplicate.zcml 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/role_duplicate.zcml Wed Jan 14 17:55:35 2004
@@ -0,0 +1,17 @@
+<configure
+ xmlns="http://namespaces.zope.org/zope"
+ i18n_domain="zope">
+
+ <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+ <role
+ id="zope.Everyperson"
+ title="Tout le monde"
+ description="The common man, woman, person, or thing" />
+
+ <role
+ id="zope.Everyperson"
+ title="Tout le monde"
+ description="The common man, woman, person, or thing" />
+
+</configure>
=== Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalpermissionmanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalpermissionmanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,149 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for AnnotationPrincipalPermissionManager module."""
+
+import unittest
+from zope.app.tests import ztapi
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.component import getService
+from zope.app.services.servicenames import Adapters
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.app.security.registries.permissionregistry \
+ import permissionRegistry as permregistry
+from zope.app.security.registries.principalregistry \
+ import principalRegistry as prinregistry
+from zope.products.securitypolicy.principalpermission \
+ import AnnotationPrincipalPermissionManager
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.app.tests.placelesssetup import PlacelessSetup
+from zope.interface import implements
+
+class Manageable:
+ implements(IAttributeAnnotatable)
+
+class Test(PlacelessSetup, unittest.TestCase):
+
+ def setUp(self):
+ super(Test, self).setUp()
+ ztapi.provideAdapter(
+ IAttributeAnnotatable, IAnnotations,
+ AttributeAnnotations)
+
+ def _make_principal(self, id=None, title=None):
+ p = prinregistry.definePrincipal(
+ id or 'APrincipal',
+ title or 'A Principal',
+ login = id or 'APrincipal')
+ return p.getId()
+
+ def testUnboundPrincipalPermission(self):
+ manager = AnnotationPrincipalPermissionManager(Manageable())
+ permission = permregistry.definePermission('APerm', 'title')
+ permission = permission.getId()
+ principal = self._make_principal()
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+ def testPrincipalPermission(self):
+ manager = AnnotationPrincipalPermissionManager(Manageable())
+ permission = permregistry.definePermission('APerm', 'title')
+ permission = permission.getId()
+ principal = self._make_principal()
+
+ # check that an allow permission is saved correctly
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+
+ # check that the allow permission is removed.
+ manager.unsetPermissionForPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+ # now put a deny in there, check it's set.
+ manager.denyPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Deny)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Deny)])
+
+ # test for deny followed by allow . The latter should override.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+
+ # check that allow followed by allow is just a single allow.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+
+ # check that two unsets in a row quietly ignores the second one.
+ manager.unsetPermissionForPrincipal(permission, principal)
+ manager.unsetPermissionForPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+ # check the result of getSetting() when it's empty.
+ self.assertEqual(manager.getSetting(permission, principal), Unset)
+
+ # check the result of getSetting() when it's allowed.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getSetting(permission, principal), Allow)
+
+ # check the result of getSetting() when it's denied.
+ manager.denyPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getSetting(permission, principal), Deny)
+
+ def testManyPermissionsOnePrincipal(self):
+ manager = AnnotationPrincipalPermissionManager(Manageable())
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ perm2 = permregistry.definePermission('Perm Two', 'title').getId()
+ prin1 = self._make_principal()
+ manager.grantPermissionToPrincipal(perm1, prin1)
+ manager.grantPermissionToPrincipal(perm2, prin1)
+ perms = manager.getPermissionsForPrincipal(prin1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Allow) in perms)
+ manager.denyPermissionToPrincipal(perm2, prin1)
+ perms = manager.getPermissionsForPrincipal(prin1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Deny) in perms)
+
+ def testManyPrincipalsOnePermission(self):
+ manager = AnnotationPrincipalPermissionManager(Manageable())
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ manager.grantPermissionToPrincipal(perm1, prin1)
+ manager.denyPermissionToPrincipal(perm1, prin2)
+ principals = manager.getPrincipalsForPermission(perm1)
+ self.assertEqual(len(principals), 2)
+ self.failUnless((prin1,Allow) in principals)
+ self.failUnless((prin2,Deny) in principals)
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalrolemanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalrolemanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,140 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalRoleManager module."""
+
+import unittest
+from zope.app.tests import ztapi
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.component import getService
+from zope.app.services.servicenames import Adapters
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.products.securitypolicy.roleregistry import roleRegistry as rregistry
+from zope.app.security.registries.principalregistry \
+ import principalRegistry as pregistry
+from zope.products.securitypolicy.principalrole \
+ import AnnotationPrincipalRoleManager
+from zope.app.security.settings import Allow, Deny
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.interface import implements
+
+class Manageable:
+ implements(IAttributeAnnotatable)
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+ ztapi.provideAdapter(
+ IAttributeAnnotatable, IAnnotations,
+ AttributeAnnotations)
+
+ def _make_principal(self, id=None, title=None):
+ p = pregistry.definePrincipal(
+ id or 'APrincipal',
+ title or 'A Principal',
+ login = id or 'APrincipal')
+ return p.getId()
+
+ def _make_roleManager(self, obj=None):
+ if obj is None:
+ obj = Manageable()
+ return AnnotationPrincipalRoleManager(obj)
+
+ def testUnboundPrincipalRole(self):
+ principalRoleManager = self._make_roleManager()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [])
+
+ def testPrincipalRoleAllow(self):
+ principalRoleManager = self._make_roleManager()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.assignRoleToPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [(principal, Allow)])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [(role, Allow)])
+
+ def testPrincipalRoleDeny(self):
+ principalRoleManager = self._make_roleManager()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.removeRoleFromPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [(principal, Deny)])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [(role, Deny)])
+
+ def testPrincipalRoleUnset(self):
+ principalRoleManager = self._make_roleManager()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.removeRoleFromPrincipal(role, principal)
+ principalRoleManager.unsetRoleForPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [])
+
+ def testManyRolesOnePrincipal(self):
+ principalRoleManager = self._make_roleManager()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+ prin1 = self._make_principal()
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role2, prin1)
+ roles = principalRoleManager.getRolesForPrincipal(prin1)
+ self.assertEqual(len(roles), 2)
+ self.failUnless((role1, Allow) in roles)
+ self.failUnless((role2, Allow) in roles)
+
+ def testManyPrincipalsOneRole(self):
+ principalRoleManager = self._make_roleManager()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role1, prin2)
+ principals = principalRoleManager.getPrincipalsForRole(role1)
+ self.assertEqual(len(principals), 2)
+ self.failUnless((prin1, Allow) in principals)
+ self.failUnless((prin2, Allow) in principals)
+
+ def testPrincipalsAndRoles(self):
+ principalRoleManager = self._make_roleManager()
+ principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+ self.assertEqual(len(principalsAndRoles), 0)
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role1, prin2)
+ principalRoleManager.assignRoleToPrincipal(role2, prin1)
+ principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+ self.assertEqual(len(principalsAndRoles), 3)
+ self.failUnless((role1, prin1, Allow) in principalsAndRoles)
+ self.failUnless((role1, prin2, Allow) in principalsAndRoles)
+ self.failUnless((role2, prin1, Allow) in principalsAndRoles)
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_annotationrolepermissionmanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationrolepermissionmanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,98 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from zope.app.tests import ztapi
+from zope.products.securitypolicy.rolepermission \
+ import AnnotationRolePermissionManager
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.component import getServiceManager, getService
+from zope.app.services.servicenames import Permissions, Adapters
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.app.security.registries.permissionregistry import permissionRegistry
+from zope.app.security.settings import Allow, Deny
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.interface import implements
+
+import unittest
+
+class Manageable:
+ implements(IAttributeAnnotatable)
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+ defineService=getServiceManager(None).defineService
+ provideService=getServiceManager(None).provideService
+ defineService('Roles', IRoleService)
+ defineService(Permissions, IPermissionService)
+ provideService('Roles', roleRegistry)
+ provideService(Permissions, permissionRegistry)
+ ztapi.provideAdapter(IAttributeAnnotatable, IAnnotations,
+ AttributeAnnotations)
+
+ read = permissionRegistry.definePermission('read', 'Read Something')
+ self.read = read.getId()
+
+ write = permissionRegistry.definePermission('write', 'Write Something')
+ self.write = write.getId()
+
+ peon = roleRegistry.defineRole('peon', 'Poor Slob')
+ self.peon = peon.getId()
+
+ manager = roleRegistry.defineRole('manager', 'Supreme Being')
+ self.manager = manager.getId()
+
+ def testNormal(self):
+ obj = Manageable()
+ mgr = AnnotationRolePermissionManager(obj)
+ mgr.grantPermissionToRole(self.read,self.manager)
+ mgr.grantPermissionToRole(self.write,self.manager)
+ mgr.grantPermissionToRole(self.write,self.manager)
+
+ mgr.grantPermissionToRole(self.read,self.peon)
+
+ l = list(mgr.getPermissionsForRole(self.manager))
+ self.failUnless((self.read, Allow) in l)
+ self.failUnless((self.write, Allow) in l)
+
+ l = list(mgr.getPermissionsForRole(self.peon))
+ self.failUnless([(self.read, Allow)] == l)
+
+ l = list(mgr.getRolesForPermission(self.read))
+ self.failUnless((self.manager, Allow) in l)
+ self.failUnless((self.peon, Allow) in l)
+
+ l = list(mgr.getRolesForPermission(self.write))
+ self.assertEqual(l, [(self.manager, Allow)])
+
+ mgr.denyPermissionToRole(self.read, self.peon)
+ l = list(mgr.getPermissionsForRole(self.peon))
+ self.assertEqual(l, [(self.read, Deny)])
+
+ mgr.unsetPermissionFromRole(self.read, self.peon)
+
+ l = list(mgr.getRolesForPermission(self.read))
+ self.assertEqual(l, [(self.manager, Allow)])
+
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_principalpermissionmanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_principalpermissionmanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,155 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalPermissionManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions, Authentication
+
+from zope.app.interfaces.security import IPermissionService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.app.security.registries.permissionregistry \
+ import permissionRegistry as permregistry
+from zope.app.security.registries.principalregistry \
+ import principalRegistry as prinregistry
+from zope.products.securitypolicy.principalpermission \
+ import principalPermissionManager as manager
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+ def setUp(self):
+ CleanUp.setUp(self)
+
+ services.defineService(Permissions, IPermissionService)
+ services.provideService(Permissions, permregistry)
+
+ services.defineService(Authentication, IAuthenticationService)
+ services.provideService(Authentication, prinregistry)
+
+
+ def _make_principal(self, id=None, title=None):
+ p = prinregistry.definePrincipal(
+ id or 'APrincipal',
+ title or 'A Principal',
+ login = id or 'APrincipal')
+ return p.getId()
+
+ def testUnboundPrincipalPermission(self):
+ permission = permregistry.definePermission('APerm', 'title').getId()
+ principal = self._make_principal()
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+
+ def test_invalidPermission(self):
+ self.assertRaises(ValueError,
+ manager.grantPermissionToPrincipal,
+ 'permission', 'principal')
+ principal = self._make_principal()
+ self.assertRaises(ValueError,
+ manager.grantPermissionToPrincipal,
+ 'permission', principal)
+
+ def test_invalidPrincipal(self):
+ permission = permregistry.definePermission('APerm', 'title').getId()
+ self.assertRaises(ValueError,
+ manager.grantPermissionToPrincipal,
+ permission, 'principal')
+
+
+ def testPrincipalPermission(self):
+ permission = permregistry.definePermission('APerm', 'title').getId()
+ principal = self._make_principal()
+ # check that an allow permission is saved correctly
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+ # check that the allow permission is removed.
+ manager.unsetPermissionForPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+ # now put a deny in there, check it's set.
+ manager.denyPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Deny)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Deny)])
+ # test for deny followed by allow . The latter should override.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+ # check that allow followed by allow is just a single allow.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission),
+ [(principal, Allow)])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal),
+ [(permission, Allow)])
+ # check that two unsets in a row quietly ignores the second one.
+ manager.unsetPermissionForPrincipal(permission, principal)
+ manager.unsetPermissionForPrincipal(permission, principal)
+ self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+ # check the result of getSetting() when it's empty.
+ self.assertEqual(manager.getSetting(permission, principal), Unset)
+ # check the result of getSetting() when it's allowed.
+ manager.grantPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getSetting(permission, principal), Allow)
+ # check the result of getSetting() when it's denied.
+ manager.denyPermissionToPrincipal(permission, principal)
+ self.assertEqual(manager.getSetting(permission, principal), Deny)
+
+ def testManyPermissionsOnePrincipal(self):
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ perm2 = permregistry.definePermission('Perm Two', 'title').getId()
+ prin1 = self._make_principal()
+ manager.grantPermissionToPrincipal(perm1, prin1)
+ manager.grantPermissionToPrincipal(perm2, prin1)
+ perms = manager.getPermissionsForPrincipal(prin1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Allow) in perms)
+ manager.denyPermissionToPrincipal(perm2, prin1)
+ perms = manager.getPermissionsForPrincipal(prin1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Deny) in perms)
+ perms = manager.getPrincipalsAndPermissions()
+ self.failUnless((perm1,prin1,Allow) in perms)
+ self.failUnless((perm2,prin1,Deny) in perms)
+
+ def testManyPrincipalsOnePermission(self):
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ manager.grantPermissionToPrincipal(perm1, prin1)
+ manager.denyPermissionToPrincipal(perm1, prin2)
+ principals = manager.getPrincipalsForPermission(perm1)
+ self.assertEqual(len(principals), 2)
+ self.failUnless((prin1,Allow) in principals)
+ self.failUnless((prin2,Deny) in principals)
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_principalrolemanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_principalrolemanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,143 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalRoleManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Authentication
+
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.products.securitypolicy.roleregistry \
+ import roleRegistry as rregistry
+from zope.app.security.registries.principalregistry \
+ import principalRegistry as pregistry
+from zope.products.securitypolicy.principalrole import principalRoleManager
+from zope.app.security.settings import Allow, Deny
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+ def setUp(self):
+ CleanUp.setUp(self)
+
+ services.defineService('Roles', IRoleService)
+ services.provideService('Roles', rregistry)
+
+ services.defineService(Authentication, IAuthenticationService)
+ services.provideService(Authentication, pregistry)
+
+ def _make_principal(self, id=None, title=None):
+ p = pregistry.definePrincipal(
+ id or 'APrincipal',
+ title or 'A Principal',
+ login = id or 'APrincipal')
+ return p.getId()
+
+ def testUnboundPrincipalRole(self):
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [])
+
+ def testPrincipalRoleAllow(self):
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.assignRoleToPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [(principal, Allow)])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [(role, Allow)])
+
+ def testPrincipalRoleDeny(self):
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.removeRoleFromPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [(principal, Deny)])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [(role, Deny)])
+
+ def testPrincipalRoleUnset(self):
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ principal = self._make_principal()
+ principalRoleManager.removeRoleFromPrincipal(role, principal)
+ principalRoleManager.unsetRoleForPrincipal(role, principal)
+ self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+ [])
+ self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+ [])
+
+
+ def test_invalidPrincipal(self):
+ self.assertRaises(ValueError,
+ principalRoleManager.assignRoleToPrincipal,
+ 'role1', 'prin1')
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ self.assertRaises(ValueError,
+ principalRoleManager.assignRoleToPrincipal,
+ role1, 'prin1')
+
+ def test_invalidRole(self):
+ prin1 = self._make_principal()
+ self.assertRaises(ValueError,
+ principalRoleManager.assignRoleToPrincipal,
+ 'role1', prin1)
+
+
+ def testManyRolesOnePrincipal(self):
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+ prin1 = self._make_principal()
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role2, prin1)
+ roles = principalRoleManager.getRolesForPrincipal(prin1)
+ self.assertEqual(len(roles), 2)
+ self.failUnless((role1, Allow) in roles)
+ self.failUnless((role2, Allow) in roles)
+
+ def testManyPrincipalsOneRole(self):
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role1, prin2)
+ principals = principalRoleManager.getPrincipalsForRole(role1)
+ self.assertEqual(len(principals), 2)
+ self.failUnless((prin1, Allow) in principals)
+ self.failUnless((prin2, Allow) in principals)
+
+ def testPrincipalsAndRoles(self):
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+ prin1 = self._make_principal()
+ prin2 = self._make_principal('Principal 2', 'Principal Two')
+ principalRoleManager.assignRoleToPrincipal(role1, prin1)
+ principalRoleManager.assignRoleToPrincipal(role1, prin2)
+ principalRoleManager.assignRoleToPrincipal(role2, prin1)
+ principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+ self.assertEqual(len(principalsAndRoles), 3)
+ self.failUnless((role1, prin1, Allow) in principalsAndRoles)
+ self.failUnless((role1, prin2, Allow) in principalsAndRoles)
+ self.failUnless((role2, prin1, Allow) in principalsAndRoles)
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_rolecontents.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_rolecontents.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,53 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+import unittest
+
+from zope.interface import Interface, implements
+from zope.products.securitypolicy.browser import Contents
+from zope.products.securitypolicy.role import RoleService
+from zope.app.browser.container.tests.test_contents \
+ import BaseTestContentsBrowserView, Principal
+from zope.app.content.folder import rootFolder
+from zope.app.container.contained import contained
+
+class IDummy(Interface):
+ pass
+
+class Dummy:
+ implements(IDummy)
+
+class Test(BaseTestContentsBrowserView, unittest.TestCase):
+
+ def _TestView__newContext(self):
+ root = rootFolder()
+ container = RoleService()
+ return contained(container, root, name='sample')
+
+ def _TestView__newView(self, container):
+ from zope.publisher.browser import TestRequest
+ request = TestRequest()
+ request.setUser(Principal())
+ return Contents(container, request)
+
+def test_suite():
+ loader = unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.main()
=== Zope3/src/zope/products/securitypolicy/tests/test_rolepermissionmanager.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_rolepermissionmanager.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,121 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for RolePermissionManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions
+
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+
+from zope.app.security.registries.permissionregistry \
+ import permissionRegistry as pregistry
+from zope.products.securitypolicy.roleregistry \
+ import roleRegistry as rregistry
+from zope.products.securitypolicy.rolepermission \
+ import rolePermissionManager as manager
+from zope.app.security.settings import Allow, Deny
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+ def setUp(self):
+ CleanUp.setUp(self)
+
+ services.defineService(Permissions, IPermissionService)
+ services.provideService(Permissions, pregistry)
+
+ services.defineService("Roles", IRoleService)
+ services.provideService("Roles", rregistry)
+
+ def testUnboundRolePermission(self):
+ permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ self.assertEqual(manager.getRolesForPermission(permission), [])
+ self.assertEqual(manager.getPermissionsForRole(role), [])
+
+ def testRolePermission(self):
+ permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
+ manager.grantPermissionToRole(permission, role)
+ self.assertEqual(manager.getRolesForPermission(permission),
+ [(role,Allow)])
+ self.assertEqual(manager.getPermissionsForRole(role),
+ [(permission,Allow)])
+
+ def testManyPermissionsOneRole(self):
+ perm1 = pregistry.definePermission('Perm One', 'P1').getId()
+ perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
+ perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ perms = manager.getPermissionsForRole(role1)
+ self.assertEqual(len(perms), 0)
+ manager.grantPermissionToRole(perm1, role1)
+ manager.grantPermissionToRole(perm2, role1)
+ manager.grantPermissionToRole(perm2, role1)
+ manager.denyPermissionToRole(perm3, role1)
+ perms = manager.getPermissionsForRole(role1)
+ self.assertEqual(len(perms), 3)
+ self.failUnless((perm1,Allow) in perms)
+ self.failUnless((perm2,Allow) in perms)
+ self.failUnless((perm3,Deny) in perms)
+ manager.unsetPermissionFromRole(perm1, role1)
+ perms = manager.getPermissionsForRole(role1)
+ self.assertEqual(len(perms), 2)
+ self.failUnless((perm2,Allow) in perms)
+
+ def testManyRolesOnePermission(self):
+ perm1 = pregistry.definePermission('Perm One', 'title').getId()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+ roles = manager.getRolesForPermission(perm1)
+ self.assertEqual(len(roles), 0)
+ manager.grantPermissionToRole(perm1, role1)
+ manager.grantPermissionToRole(perm1, role2)
+ manager.grantPermissionToRole(perm1, role2)
+ manager.denyPermissionToRole(perm1, role1)
+ roles = manager.getRolesForPermission(perm1)
+ self.assertEqual(len(roles), 2)
+ self.failIf((role1,Allow) in roles)
+ self.failUnless((role1,Deny) in roles)
+ self.failUnless((role2,Allow) in roles)
+ manager.unsetPermissionFromRole(perm1, role1)
+ roles = manager.getRolesForPermission(perm1)
+ self.assertEqual(len(roles), 1)
+ self.failUnless((role2,Allow) in roles)
+
+ def test_invalidRole(self):
+ self.assertRaises(ValueError,
+ manager.grantPermissionToRole, 'perm1', 'role1'
+ )
+ perm1 = pregistry.definePermission('Perm One', 'title').getId()
+ self.assertRaises(ValueError,
+ manager.grantPermissionToRole, perm1, 'role1'
+ )
+
+ def test_invalidPerm(self):
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ self.assertRaises(ValueError,
+ manager.grantPermissionToRole, 'perm1', role1
+ )
+
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_roleregistry.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_roleregistry.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,62 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Test handler for 'defineRole' directive """
+
+import unittest
+
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.interfaces import IRole
+from zope.interface.verify import verifyObject
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+ def testEmptyRoles(self):
+ self.assertEqual(None, roleRegistry.getRole('Foo'))
+ self.failIf(roleRegistry.definedRole('Foo'))
+
+ def testRoleIsAnIRole(self):
+ r = roleRegistry.defineRole('Foo', 'Foo role')
+ role = roleRegistry.getRole(r.getId())
+ self.assertEqual(verifyObject(IRole, role), 1)
+
+ def testDefineRole(self):
+ role = roleRegistry.defineRole('Foo', 'foo role')
+ self.failUnless(verifyObject(IRole, role))
+ self.failUnless(roleRegistry.definedRole(role.getId()))
+ role = roleRegistry.getRole(role.getId())
+ self.assertEquals(role.getTitle(), 'foo role')
+
+ def testDefineRoleWithTitle(self):
+ eq = self.assertEqual
+ r = roleRegistry.defineRole('Foo', 'Foo-able')
+ role = roleRegistry.getRole(r.getId())
+ eq(role.getTitle(), 'Foo-able')
+ eq(role.getDescription(), '')
+
+ def testDefineRoleWithTitleAndDescription(self):
+ eq = self.assertEqual
+ r = roleRegistry.defineRole('Foo', 'Foo-able', 'A foo-worthy role')
+ role = roleRegistry.getRole(r.getId())
+ eq(role.getTitle(), 'Foo-able')
+ eq(role.getDescription(), 'A foo-worthy role')
+
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_roleservice.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_roleservice.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,89 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test the Role service.
+
+$Id$
+"""
+
+from unittest import TestCase, TestLoader, TextTestRunner
+from zope.app.tests import setup
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.component import getServiceManager
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.role import RoleService
+from zope.products.securitypolicy.role import Role
+
+class RoleServiceTests(PlacefulSetup, TestCase):
+
+ def _Test__new(self):
+ return RoleService()
+
+ def setUp(self):
+ sm = PlacefulSetup.setUp(self, site=True)
+
+ root_sm = getServiceManager(None)
+
+ root_sm.defineService("Roles", IRoleService)
+ self.roleRegistry = roleRegistry
+ root_sm.provideService("Roles", roleRegistry)
+
+ self.rs = setup.addService(sm, 'Roles', RoleService())
+
+ def testGetRole(self):
+ self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
+
+ r = Role("zope.Hacker","","")
+ self.rs["zope.Hacker"] = r
+ self.assertEqual(self.rs.getRole('zope.Hacker').getId(), 'zope.Hacker')
+ self.assertEqual(self.rs.getRole('zope.Manager').getId(),
+ 'zope.Manager')
+
+ roles = [role.getId() for role in self.rs.getRoles()]
+ roles.sort()
+
+ self.assertEqual(roles,
+ ['zope.Anonymous', 'zope.Hacker', 'zope.Manager'])
+
+ def testGetRoleFromLayeredServices(self):
+ self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
+
+ r = Role("zope.Hacker","","")
+ self.rs["zope.Hacker"] = r
+
+ sm1 = self.makeSite('folder1')
+ rs1 = setup.addService(sm1, 'Roles', RoleService())
+
+ r1 = Role("zope.Reviewer",'','')
+ rs1["zope.Reviewer"] = r1
+
+ self.assertEqual(rs1.getRole('zope.Hacker').getId(), 'zope.Hacker')
+ self.assertEqual(rs1.getRole('zope.Manager').getId(), 'zope.Manager')
+ self.assertEqual(rs1.getRole('zope.Reviewer').getId(), 'zope.Reviewer')
+
+ roles = [role.getId() for role in rs1.getRoles()]
+ roles.sort()
+
+ self.assertEqual(
+ roles,
+ ['zope.Anonymous', 'zope.Hacker', 'zope.Manager','zope.Reviewer'])
+
+
+
+def test_suite():
+ loader=TestLoader()
+ return loader.loadTestsFromTestCase(RoleServiceTests)
+
+if __name__=='__main__':
+ TextTestRunner().run(test_suite())
=== Zope3/src/zope/products/securitypolicy/tests/test_securitydirectives.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_securitydirectives.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,127 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Security Directives Tests
+
+$Id$
+"""
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions, Authentication
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.configuration.config import ConfigurationConflictError
+from zope.configuration import xmlconfig
+
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+import zope.products.securitypolicy.tests
+import zope.products.securitypolicy.tests
+from zope.app.security.settings import Allow
+from zope.app.security.registries.principalregistry import principalRegistry
+from zope.app.security.registries.permissionregistry \
+ import permissionRegistry as pregistry
+from zope.products.securitypolicy.roleregistry import roleRegistry as rregistry
+from zope.products.securitypolicy.rolepermission \
+ import rolePermissionManager as role_perm_mgr
+from zope.products.securitypolicy.principalpermission \
+ import principalPermissionManager as principal_perm_mgr
+from zope.products.securitypolicy.principalrole \
+ import principalRoleManager as principal_role_mgr
+
+
+class TestBase(CleanUp):
+
+ def setUp(self):
+ CleanUp.setUp(self)
+
+ services.defineService(Permissions, IPermissionService)
+ services.provideService(Permissions, pregistry)
+
+ services.defineService("Roles", IRoleService)
+ services.provideService("Roles", rregistry)
+
+ services.defineService(Authentication, IAuthenticationService)
+ services.provideService(Authentication, principalRegistry)
+
+
+class TestRoleDirective(TestBase, unittest.TestCase):
+
+ def testRegister(self):
+ context = xmlconfig.file("role.zcml",
+ zope.products.securitypolicy.tests)
+
+ role = rregistry.getRole("zope.Everyperson")
+ self.failUnless(role.getId().endswith('Everyperson'))
+ self.assertEqual(role.getTitle(), 'Tout le monde')
+ self.assertEqual(role.getDescription(),
+ 'The common man, woman, person, or thing')
+
+ def testDuplicationRegistration(self):
+ self.assertRaises(ConfigurationConflictError, xmlconfig.file,
+ "role_duplicate.zcml",
+ zope.products.securitypolicy.tests)
+
+
+class TestSecurityMapping(TestBase, unittest.TestCase):
+
+ def setUp(self):
+ TestBase.setUp(self)
+ pregistry.definePermission("zope.Foo", '', '')
+ rregistry.defineRole("zope.Bar", '', '')
+ principalRegistry.definePrincipal("zope.Blah", '', '')
+ self.context = xmlconfig.file("mapping.zcml",
+ zope.products.securitypolicy.tests)
+
+ def test_PermRoleMap(self):
+ roles = role_perm_mgr.getRolesForPermission("zope.Foo")
+ perms = role_perm_mgr.getPermissionsForRole("zope.Bar")
+
+ self.assertEqual(len(roles), 1)
+ self.failUnless(("zope.Bar",Allow) in roles)
+
+ self.assertEqual(len(perms), 1)
+ self.failUnless(("zope.Foo",Allow) in perms)
+
+ def test_PermPrincipalMap(self):
+ principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
+ perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")
+
+ self.assertEqual(len(principals), 1)
+ self.failUnless(("zope.Blah", Allow) in principals)
+
+ self.assertEqual(len(perms), 1)
+ self.failUnless(("zope.Foo", Allow) in perms)
+
+ def test_RolePrincipalMap(self):
+ principals = principal_role_mgr.getPrincipalsForRole("zope.Bar")
+ roles = principal_role_mgr.getRolesForPrincipal("zope.Blah")
+
+ self.assertEqual(len(principals), 1)
+ self.failUnless(("zope.Blah", Allow) in principals)
+
+ self.assertEqual(len(roles), 1)
+ self.failUnless(("zope.Bar", Allow) in roles)
+
+
+def test_suite():
+ return unittest.TestSuite((
+ unittest.makeSuite(TestRoleDirective),
+ unittest.makeSuite(TestSecurityMapping),
+ ))
+
+if __name__ == '__main__':
+ unittest.main()
=== Zope3/src/zope/products/securitypolicy/tests/test_securitymap.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_securitymap.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,39 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+#############################################################################
+import unittest
+from zope.interface.verify import verifyClass
+from zope.products.securitypolicy.interfaces import ISecurityMap
+from zope.products.securitypolicy.securitymap import SecurityMap
+from zope.products.securitypolicy.securitymap import PersistentSecurityMap
+
+class TestSecurityMap(unittest.TestCase):
+
+ def testInterface(self):
+ verifyClass(ISecurityMap, SecurityMap)
+
+ # XXX Test the map. Grrrrr.
+
+class TestPersistentSecurityMap(TestSecurityMap):
+
+ def testInterface(self):
+ verifyClass(ISecurityMap, PersistentSecurityMap)
+
+ # XXX test persistence...
+
+
+def test_suite():
+ return unittest.TestSuite((
+ unittest.makeSuite(TestSecurityMap),
+ unittest.makeSuite(TestPersistentSecurityMap),
+ ))
=== Zope3/src/zope/products/securitypolicy/tests/test_zopepolicy.py 1.1 => 1.2 ===
--- /dev/null Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_zopepolicy.py Wed Jan 14 17:55:35 2004
@@ -0,0 +1,342 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Tests the standard zope policy.
+
+$Id$
+"""
+
+import unittest
+
+from zope.app.tests import ztapi
+from zope.component.service import serviceManager as services
+from zope.interface import implements
+
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.component import getService
+from zope.app.services.servicenames import Permissions, Adapters
+from zope.app.services.servicenames import Authentication
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
+from zope.app.security.registries.permissionregistry import permissionRegistry
+from zope.app.security.registries.principalregistry import principalRegistry
+from zope.app.security.registries.principalregistry import PrincipalBase
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.principalpermission \
+ import principalPermissionManager
+from zope.products.securitypolicy.rolepermission import rolePermissionManager
+from zope.products.securitypolicy.principalrole import principalRoleManager
+from zope.products.securitypolicy.principalpermission \
+ import AnnotationPrincipalPermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionManager
+from zope.products.securitypolicy.principalrole \
+ import AnnotationPrincipalRoleManager
+from zope.products.securitypolicy.rolepermission \
+ import AnnotationRolePermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.products.securitypolicy.zopepolicy import permissionsOfPrincipal
+
+class Context:
+ def __init__(self, user, stack=[]):
+ self.user, self.stack = user, stack
+
+class Unprotected:
+ pass
+
+class Principal(PrincipalBase):
+ pass
+
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+ def setUp(self):
+ PlacefulSetup.setUp(self)
+
+
+ services.defineService(Permissions, IPermissionService)
+ services.provideService(Permissions, permissionRegistry)
+
+ services.defineService("Roles", IRoleService)
+ services.provideService("Roles", roleRegistry)
+
+ services.defineService(Authentication, IAuthenticationService)
+ services.provideService(Authentication, principalRegistry)
+
+
+
+ ztapi.provideAdapter(
+ IAttributeAnnotatable, IAnnotations,
+ AttributeAnnotations)
+
+ # set up some principals
+ self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
+ 'jim', '123')
+
+ self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
+ 'tim', '456')
+
+ self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
+ 'Unknown', 'Nothing is known about this principal')
+
+ # set up some permissions
+ read = permissionRegistry.definePermission('read', 'Read',
+ 'Read something')
+ self.read = read.getId()
+ write = permissionRegistry.definePermission('write', 'Write',
+ 'Write something')
+ self.write = write.getId()
+ create = permissionRegistry.definePermission('create', 'Create',
+ 'Create something')
+ self.create = create.getId()
+ update = permissionRegistry.definePermission('update', 'Update',
+ 'Update something')
+ self.update = update.getId()
+
+ # ... and some roles...
+ peon = roleRegistry.defineRole('Peon', 'Site Peon')
+ self.peon = peon.getId()
+
+ manager = roleRegistry.defineRole('Manager', 'Site Manager')
+ self.manager = manager.getId()
+
+ arole = roleRegistry.defineRole('Another', 'Another Role')
+ self.arole = arole.getId()
+
+ # grant and deny some permissions to a principal
+ principalPermissionManager.grantPermissionToPrincipal(self.create,
+ self.jim.getId())
+ principalPermissionManager.denyPermissionToPrincipal(self.update,
+ self.jim.getId())
+
+ # grant and deny some permissions to the roles
+ rolePermissionManager.grantPermissionToRole(self.read, self.peon)
+
+ rolePermissionManager.grantPermissionToRole(self.read, self.manager)
+ rolePermissionManager.grantPermissionToRole(self.write, self.manager)
+
+ # ... and assign roles to principals
+ principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.getId())
+ principalRoleManager.assignRoleToPrincipal(self.manager,
+ self.tim.getId())
+
+ self.policy = self._makePolicy()
+
+ def _makePolicy(self):
+
+ from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
+ return ZopeSecurityPolicy()
+
+ def __assertPermissions(self, user, expected, object=None):
+ permissions = list(permissionsOfPrincipal(user, object))
+ permissions.sort()
+ self.assertEqual(permissions, expected)
+
+ def testImport(self):
+ from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
+
+ def testGlobalCheckPermission(self):
+ self.failUnless(
+ self.policy.checkPermission(self.read, None, Context(self.jim)))
+ self.failUnless(
+ self.policy.checkPermission(self.read, None, Context(self.tim)))
+ self.failUnless(
+ self.policy.checkPermission(self.write, None, Context(self.tim)))
+
+ self.failIf(self.policy.checkPermission(
+ self.read, None, Context(self.unknown)))
+ self.failIf(self.policy.checkPermission(
+ self.write, None, Context(self.unknown)))
+
+ self.failIf(
+ self.policy.checkPermission(
+ self.read, None, Context(self.unknown)))
+
+ self.__assertPermissions(self.jim, ['create', 'read'])
+ self.__assertPermissions(self.tim, ['read', 'write'])
+ self.__assertPermissions(self.unknown, [])
+
+ rolePermissionManager.grantPermissionToRole(
+ self.read, 'zope.Anonymous')
+
+ self.failUnless(
+ self.policy.checkPermission(
+ self.read, None, Context(self.unknown)))
+
+ self.__assertPermissions(self.unknown, ['read'])
+
+ principalPermissionManager.grantPermissionToPrincipal(
+ self.write, self.jim.getId())
+ self.failUnless(
+ self.policy.checkPermission(self.write, None, Context(self.jim)))
+
+ self.__assertPermissions(self.jim, ['create', 'read', 'write'])
+
+ def testPlaylessPrincipalRole(self):
+ self.failIf(self.policy.checkPermission(
+ self.write, None, Context(self.jim)))
+ principalRoleManager.assignRoleToPrincipal(
+ self.manager, self.jim.getId())
+ self.failUnless(self.policy.checkPermission(
+ self.write, None, Context(self.jim)))
+ principalRoleManager.removeRoleFromPrincipal(
+ self.manager, self.jim.getId())
+ self.failIf(self.policy.checkPermission(
+ self.write, None, Context(self.jim)))
+
+ def testPlayfulPrincipalRole(self):
+ ztapi.provideAdapter(
+ ITest,
+ IPrincipalRoleManager, AnnotationPrincipalRoleManager)
+
+ ob1 = TestClass()
+ ob2 = TestClass(); ob2.__parent__ = ob1
+ ob3 = TestClass(); ob3.__parent__ = ob2
+
+ self.failIf(self.policy.checkPermission(
+ self.write, ob3, Context(self.jim)))
+ AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
+ self.manager, self.jim.getId())
+ self.failUnless(self.policy.checkPermission(
+ self.write, ob3, Context(self.jim)))
+ AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
+ self.manager, self.jim.getId())
+ self.failIf(self.policy.checkPermission(
+ self.write, ob3, Context(self.jim)))
+
+ def testPlayfulRolePermissions(self):
+
+ ARPM = AnnotationRolePermissionManager
+ ztapi.provideAdapter(ITest,
+ IRolePermissionManager, ARPM)
+ test = permissionRegistry.definePermission('test', 'Test', '')
+ test = test.getId()
+
+ ob1 = TestClass()
+ ob2 = TestClass(); ob2.__parent__ = ob1
+ ob3 = TestClass(); ob3.__parent__ = ob2
+
+ self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
+ self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+ ARPM(ob2).grantPermissionToRole(test, self.manager)
+ self.failUnless(self.policy.checkPermission(test, ob3,
+ Context(self.tim)))
+ self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+
+ self.failIf(self.policy.checkPermission(test, ob3, Context(self.jim)))
+ self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+
+ ARPM(ob3).grantPermissionToRole(test, self.peon)
+ self.failUnless(self.policy.checkPermission(
+ test, ob3, Context(self.jim)))
+ self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
+
+
+
+ principalPermissionManager.denyPermissionToPrincipal(
+ test, self.jim.getId())
+ self.failIf(self.policy.checkPermission(
+ test, ob3, Context(self.jim)))
+ self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+ principalPermissionManager.unsetPermissionForPrincipal(
+ test, self.jim.getId())
+
+ # Make sure multiple conflicting role permissions resolve correctly
+ ARPM(ob2).grantPermissionToRole(test, 'zope.Anonymous')
+ ARPM(ob2).grantPermissionToRole(test, self.arole)
+ ARPM(ob3).denyPermissionToRole(test, self.peon)
+
+ new = principalRegistry.definePrincipal('new', 'Newbie',
+ 'Newbie User', 'new', '098')
+ principalRoleManager.assignRoleToPrincipal(self.arole, new.getId())
+ self.failUnless(self.policy.checkPermission(test, ob3, Context(new)))
+ self.__assertPermissions(new, ['test'], ob3)
+
+ principalRoleManager.assignRoleToPrincipal(self.peon, new.getId())
+ self.failIf(self.policy.checkPermission(test, ob3, Context(new)))
+ self.__assertPermissions(new, ['read'], ob3)
+
+ def testPlayfulPrinciplePermissions(self):
+ APPM = AnnotationPrincipalPermissionManager
+ ztapi.provideAdapter(ITest,
+ IPrincipalPermissionManager, APPM)
+
+ ob1 = TestClass()
+ ob2 = TestClass(); ob2.__parent__ = ob1
+ ob3 = TestClass(); ob3.__parent__ = ob2
+
+ test = permissionRegistry.definePermission('test', 'Test', '')
+ test = test.getId()
+
+ self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
+
+ self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+ APPM(ob2).grantPermissionToPrincipal(test, self.tim.getId())
+ self.failUnless(self.policy.checkPermission(test, ob3,
+ Context(self.tim)))
+ self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+
+ APPM(ob3).denyPermissionToPrincipal(test, self.tim.getId())
+ self.failIf(self.policy.checkPermission(test, ob3,
+ Context(self.tim)))
+ self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+ APPM(ob1).denyPermissionToPrincipal(test, self.jim.getId())
+ APPM(ob3).grantPermissionToPrincipal(test, self.jim.getId())
+ self.failUnless(self.policy.checkPermission(test, ob3,
+ Context(self.jim)))
+ self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
+
+
+ APPM(ob3).unsetPermissionForPrincipal(test, self.jim.getId())
+ self.failIf(self.policy.checkPermission(test, ob3,
+ Context(self.jim)))
+ self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+ # make sure placeless principal permissions override placeful ones
+ APPM(ob3).grantPermissionToPrincipal(test, self.tim.getId())
+ principalPermissionManager.denyPermissionToPrincipal(
+ test, self.tim.getId())
+ self.failIf(self.policy.checkPermission(test, ob3,
+ Context(self.tim)))
+
+ self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+
+class ITest(IAttributeAnnotatable):
+ pass
+
+class TestClass:
+ implements(ITest)
+
+ __parent__ = None
+
+ def __init__(self):
+ self._roles = { 'test' : {} }
+ self._permissions = { 'Manager' : {} , 'Peon' : {} }
+
+def test_suite():
+ loader=unittest.TestLoader()
+ return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+ unittest.TextTestRunner().run(test_suite())
More information about the Zope3-Checkins
mailing list