[Zope3-checkins] CVS: Zope3/src/zope/security/tests -
test_simpleinteraction.py:1.1.2.1 test_checker.py:1.14.46.2
test_management.py:1.2.58.1 test_manager.py:NONE
Marius Gedminas
marius at pov.lt
Mon Mar 8 13:43:46 EST 2004
Update of /cvs-repository/Zope3/src/zope/security/tests
In directory cvs.zope.org:/tmp/cvs-serv14991/src/zope/security/tests
Modified Files:
Tag: mgedmin-events2-branch
test_checker.py test_management.py
Added Files:
Tag: mgedmin-events2-branch
test_simpleinteraction.py
Removed Files:
Tag: mgedmin-events2-branch
test_manager.py
Log Message:
Replaced security managers and security contexts with interactions. There is
at most one active interaction per thread, accessible with getInteraction().
Code that used getSecurityManager to get the authenticated principal should now
use the current interaction. Note that the interaction contains an iterable of
principals instead of just one principal. Code that used a security manager to
implement user logins should now use newInteraction/ endInteraction pair. Code
that used a security manager to check whether the authenticated user has a
permission to do something should now ask the security policy directly (there's
a new global function getSecurityPolicy).
Interactions are tied with security policies: ISecurityPolicy has a method
used to create a new interaction for a given request. This is not necessarily
the best idea, perhaps a global hook (setInteractionFactory) would be better.
Things not done yet:
- Not all places in the code are ready to cope with more than one principal.
- The README in zope.security and the sandbox security example need to be
updated.
- There was an idea of using a notification method in IInteraction that would
let it customize the handling of local authentication during traversal.
It could be e.g. afterLocalAuthentication(old_principal, new_principal, site)
Currently the ZopePublication code just does
interaction.remove(old_principal)
interaction.add(new_principal)
when request.user is changed during traversal.
- The interaction API could be polished a bit (perhaps the request argument
to newInteraction should be optional, perhaps there should be an alternative
principals argument to newInteraction, perhaps endInteraction should not
raise an exception when it is called outside of an active interaction).
- It is not clearly cut when security checks should use the global interaction
and when they should use the interaction of the security proxy. Perhaps
use the global one if interaction stored in the proxy is None?
- It is not defined explicitly where the interaction argument can safely be
None (as an argument to ProxyFactory, as an argument to security checkers,
etc.).
- Some places that construct security proxies pass None to ProxyFactory.
Perhaps they should use the current interaction instead. Or maybe not.
=== Added File Zope3/src/zope/security/tests/test_simpleinteraction.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Unit tests for zope.security.simpleinteraction."""
import unittest
from zope.interface.verify import verifyObject
class RequestStub:
def __init__(self, user):
self.user = user
class TestInteraction(unittest.TestCase):
def test(self):
from zope.security.interfaces import IInteraction
from zope.security.simpleinteraction import Interaction
interaction = Interaction()
verifyObject(IInteraction, interaction)
def testCreateInteraction(self):
from zope.security.interfaces import IInteraction
from zope.security.simpleinteraction import createInteraction
i1 = createInteraction(None)
verifyObject(IInteraction, i1)
self.assertEquals(list(i1.principals), [])
user = object()
i2 = createInteraction(RequestStub(user))
verifyObject(IInteraction, i2)
self.assertEquals(list(i2.principals), [user])
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestInteraction))
return suite
if __name__ == '__main__':
unittest.main()
=== Zope3/src/zope/security/tests/test_checker.py 1.14.46.1 => 1.14.46.2 ===
--- Zope3/src/zope/security/tests/test_checker.py:1.14.46.1 Mon Feb 23 14:18:07 2004
+++ Zope3/src/zope/security/tests/test_checker.py Mon Mar 8 13:43:45 2004
@@ -37,7 +37,7 @@
class SecurityPolicy:
implements(ISecurityPolicy)
- def checkPermission(self, permission, object, context):
+ def checkPermission(self, permission, object, interaction):
'See ISecurityPolicy'
return permission == 'test_allowed'
@@ -48,7 +48,7 @@
self._checked = []
self.permissions = {}
- def checkPermission(self, permission, object, context):
+ def checkPermission(self, permission, object, interaction):
'See ISecurityPolicy'
self._checked.append(permission)
return self.permissions.get(permission, True)
=== Zope3/src/zope/security/tests/test_management.py 1.2 => 1.2.58.1 ===
--- Zope3/src/zope/security/tests/test_management.py:1.2 Thu May 1 15:35:47 2003
+++ Zope3/src/zope/security/tests/test_management.py Mon Mar 8 13:43:45 2004
@@ -21,97 +21,76 @@
from zope.interface.verify import verifyObject
from zope.testing.cleanup import CleanUp
-from zope.security.management import noSecurityManager, newSecurityManager
-from zope.security.management import setSecurityPolicy
-
-class Test(CleanUp, unittest.TestCase):
+class TestSecurityManagement(CleanUp, unittest.TestCase):
def test_import(self):
from zope.security import management
from zope.security.interfaces import ISecurityManagement
- from zope.security.interfaces \
- import ISecurityManagementSetup
+ from zope.security.interfaces import IInteractionManagement
- verifyObject(ISecurityManagementSetup, management)
verifyObject(ISecurityManagement, management)
+ verifyObject(IInteractionManagement, management)
- def test_ISecurityManagementSetup(self):
-
- from zope.security.management import noSecurityManager
- from zope.security.management import newSecurityManager
- from zope.security.management import replaceSecurityManager
-
- some_user = []
- other_user = []
- old = newSecurityManager(some_user)
- self.assertEqual(old, None)
-
- old = newSecurityManager(other_user)
- self.failUnless(old is not None)
- self.failUnless(old.getPrincipal() is some_user)
-
- old2 = replaceSecurityManager(old)
- self.failUnless(old2 is not None)
- self.failUnless(old2.getPrincipal() is other_user)
-
- noSecurityManager()
-
- def test_getSecurityManager(self):
- # This is a test for the case when there is no principal
-
- from zope.security.management import noSecurityManager
- from zope.security.management import replaceSecurityManager
- from zope.security.management import getSecurityManager
-
- noSecurityManager()
- self.failUnless(replaceSecurityManager(None) is None)
-
- mgr = getSecurityManager()
- self.assertEqual(mgr.getPrincipal(), None)
- # XXX maybe add test for default principal case
- self.failIf(mgr.calledByExecutable())
- self.assertEqual(replaceSecurityManager(None), mgr)
-
- noSecurityManager()
-
- def _setPermissive(self):
+ def test_securityPolicy(self):
from zope.security.management import setSecurityPolicy
+ from zope.security.management import getSecurityPolicy
from zope.security.simplepolicies import PermissiveSecurityPolicy
- setSecurityPolicy(PermissiveSecurityPolicy())
- def _setParanoid(self):
- from zope.security.management import setSecurityPolicy
- from zope.security.simplepolicies import ParanoidSecurityPolicy
- setSecurityPolicy(ParanoidSecurityPolicy())
-
- def test_setSecurityPolicy(self):
+ policy = PermissiveSecurityPolicy()
+ setSecurityPolicy(policy)
+ self.assert_(getSecurityPolicy() is policy)
+
+ def test_getInteraction(self):
+ # XXX this test is a bit obfuscated
+ from zope.security.management import getInteraction
+
+ marker = object()
+ class ThreadVars:
+ interaction = marker
+ class ThreadStub:
+ __zope3_thread_globals__ = ThreadVars()
+
+ self.assert_(getInteraction(_thread=ThreadStub()) is marker)
+
+ def test_newInteraction(self):
+ # XXX this test is a bit obfuscated
+ from zope.security.management import newInteraction
+
+ class ThreadVars:
+ interaction = None
+ class ThreadStub:
+ __zope3_thread_globals__ = ThreadVars()
+
+ rq = None
+ thread = ThreadStub()
+ newInteraction(rq, _thread=thread)
+ self.assert_(thread.__zope3_thread_globals__.interaction is not None)
+
+ self.assertRaises(AssertionError, newInteraction, rq, _thread=thread)
+
+ def test_endInteraction(self):
+ # XXX this test is a bit obfuscated
+ from zope.security.management import endInteraction
+
+ marker = object()
+ class ThreadVars:
+ interaction = marker
+ class ThreadStub:
+ __zope3_thread_globals__ = ThreadVars()
+
+ thread = ThreadStub()
+ endInteraction(_thread=thread)
+ self.assert_(thread.__zope3_thread_globals__.interaction is None)
- from zope.security.management import noSecurityManager
- from zope.security.management import getSecurityManager
-
- # test against default policy (paranoid)
- self._setParanoid()
- newSecurityManager('some user')
- mgr = getSecurityManager()
- self.failIf(mgr.checkPermission(None, None))
-
- # test against explicit permissive policy
- self._setPermissive()
- newSecurityManager('some user')
- mgr = getSecurityManager()
- self.failUnless(mgr.checkPermission(None, None))
-
- # test against explicit paranoid policy
- self._setParanoid()
- newSecurityManager('some user')
- mgr = getSecurityManager()
- self.failIf(mgr.checkPermission(None, None))
+ self.assertRaises(AssertionError, endInteraction, _thread=thread)
def test_suite():
- loader=unittest.TestLoader()
- return loader.loadTestsFromTestCase(Test)
+ suite = unittest.TestSuite()
+ suite.addTest(unittest.makeSuite(TestSecurityManagement))
+ return suite
+
-if __name__=='__main__':
- unittest.TextTestRunner().run(test_suite())
+if __name__ == '__main__':
+ unittest.main()
=== Removed File Zope3/src/zope/security/tests/test_manager.py ===
More information about the Zope3-Checkins
mailing list