[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testAttributeRolePermissionManager.py:1.1.2.3 testRolePermissionManager.py:1.1.2.6 testSecurityDirectives.py:1.1.2.10

Anthony Baxter anthony@interlink.com.au
Sat, 9 Feb 2002 17:10:00 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv5429/tests

Modified Files:
      Tag: Zope-3x-branch
	testAttributeRolePermissionManager.py 
	testRolePermissionManager.py testSecurityDirectives.py 
Log Message:
Updated RolePermission interfaces, code and testsuites to new standard,
as with PrincipalPermission and PrincipalRole. All test cases pass, but
this is largely because the testZSP script isn't very thorough ;)

This code allows Permissions to be explicitly denied to a Role.



=== Zope3/lib/python/Zope/App/Security/tests/testAttributeRolePermissionManager.py 1.1.2.2 => 1.1.2.3 ===
 from Zope.App.Security.RoleRegistry import roleRegistry
 from Zope.App.Security.PermissionRegistry import permissionRegistry
+from Zope.App.Security.Settings import Allow, Deny
 
 import unittest, sys
 
@@ -54,38 +55,28 @@
         mgr.grantPermissionToRole('read','peon')
 
         l = list(mgr.getPermissionsForRole('manager'))
-        l.sort()
-        self.assertEqual(l, [ 'read', 'write' ] )
+        self.failUnless( ('read', Allow) in l )
+        self.failUnless( ('write', Allow) in l )
 
         l = list(mgr.getPermissionsForRole('peon'))
-        self.assertEqual(l, [ 'read' ] )
+        self.failUnless( [('read', Allow)] == l )
 
         l = list(mgr.getRolesForPermission('read'))
-        l.sort()
-        self.assertEqual(l, [ 'manager', 'peon' ] )
+        self.failUnless( ('manager', Allow) in l )
+        self.failUnless( ('peon', Allow) in l )
 
         l = list(mgr.getRolesForPermission('write'))
-        self.assertEqual(l, [ 'manager' ] )
+        self.assertEqual(l, [ ('manager', 'Allow') ] )
 
-        mgr.retractPermissionFromRole('read', 'peon')
+        mgr.denyPermissionToRole('read', 'peon')
         l = list(mgr.getPermissionsForRole('peon'))
-        self.assertEqual(l, [] )
-
-        l = list(mgr.getRolesForPermission('read'))
-        self.assertEqual(l, [ 'manager' ] )
+        self.assertEqual(l, [('read', 'Deny')] )
 
+        mgr.unsetPermissionForRole('read', 'peon')
 
-    def testInvalid(self):
-        obj = Manageable()
-        mgr = AttributeRolePermissionManager(obj)
+        l = list(mgr.getRolesForPermission('read'))
+        self.assertEqual(l, [ ('manager', Allow) ] )
 
-        self.assertRaises(ValueError,
-                          mgr.grantPermissionToRole,
-                          'readx','manager')
-
-        self.assertRaises(ValueError,
-                          mgr.grantPermissionToRole,
-                          'read','managerx')
 
 def test_suite():
     loader=unittest.TestLoader()


=== Zope3/lib/python/Zope/App/Security/tests/testRolePermissionManager.py 1.1.2.5 => 1.1.2.6 ===
 import unittest
 
-from Zope.App.Security.PermissionRegistry import permissionRegistry as pregistry
-from Zope.App.Security.RoleRegistry import roleRegistry as rregistry
-from Zope.App.Security.RolePermissionManager import rolePermissionManager as manager
+from Zope.App.Security.PermissionRegistry \
+        import permissionRegistry as pregistry
+from Zope.App.Security.RoleRegistry \
+        import roleRegistry as rregistry
+from Zope.App.Security.RolePermissionManager \
+        import rolePermissionManager as manager
+from Zope.App.Security.Settings \
+        import Allow, Deny, Unset
 
 class Test(unittest.TestCase):
 
@@ -33,26 +38,31 @@
         permission = pregistry.definePermission('APerm', 'aPerm title')
         role = rregistry.defineRole('ARole', 'A Role')
         manager.grantPermissionToRole(permission, role)
-        self.assertEqual(manager.getRolesForPermission(permission), [role])
-        self.assertEqual(manager.getPermissionsForRole(role), [permission])
+        self.assertEqual(manager.getRolesForPermission(permission), 
+                                                        [(role,Allow)])
+        self.assertEqual(manager.getPermissionsForRole(role), 
+                                                    [(permission,Allow)])
 
     def testManyPermissionsOneRole(self):
-        perm1 = pregistry.definePermission('Perm One', 'title')
-        perm2 = pregistry.definePermission('Perm Two', 'title')
+        perm1 = pregistry.definePermission('Perm One', 'P1')
+        perm2 = pregistry.definePermission('Perm Two', 'P2')
+        perm3 = pregistry.definePermission('Perm Three', 'P3')
         role1 = rregistry.defineRole('Role One', 'Role #1')
         perms = manager.getPermissionsForRole(role1)
         self.assertEqual(len(perms), 0)
         manager.grantPermissionToRole(perm1, role1)
         manager.grantPermissionToRole(perm2, role1)
         manager.grantPermissionToRole(perm2, role1)
+        manager.denyPermissionToRole(perm3, role1)
         perms = manager.getPermissionsForRole(role1)
-        self.assertEqual(len(perms), 2)
-        self.failUnless(perm1 in perms)
-        self.failUnless(perm2 in perms)
-        manager.retractPermissionFromRole(perm1, role1)
+        self.assertEqual(len(perms), 3)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+        self.failUnless((perm3,Deny) in perms)
+        manager.unsetPermissionForRole(perm1, role1)
         perms = manager.getPermissionsForRole(role1)
-        self.assertEqual(len(perms), 1)
-        self.failUnless(perm2 in perms)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm2,Allow) in perms)
 
     def testManyRolesOnePermission(self):
         perm1 = pregistry.definePermission('Perm One', 'title')
@@ -63,22 +73,16 @@
         manager.grantPermissionToRole(perm1, role1)
         manager.grantPermissionToRole(perm1, role2)
         manager.grantPermissionToRole(perm1, role2)
+        manager.denyPermissionToRole(perm1, role1)
         roles = manager.getRolesForPermission(perm1)
         self.assertEqual(len(roles), 2)
-        self.failUnless(role1 in roles)
-        self.failUnless(role2 in roles)
-        manager.retractPermissionFromRole(perm1, role1)
+        self.failIf((role1,Allow) in roles)
+        self.failUnless((role1,Deny) in roles)
+        self.failUnless((role2,Allow) in roles)
+        manager.unsetPermissionForRole(perm1, role1)
         roles = manager.getRolesForPermission(perm1)
         self.assertEqual(len(roles), 1)
-        self.failUnless(role2 in roles)
-
-    def testPermissionsAcquired(self):
-        perm = pregistry.definePermission('Perm One', 'title')
-        self.failUnless(manager.getPermissionAcquired(perm))
-        manager.setPermissionAcquired(perm, 0)
-        self.failIf(manager.getPermissionAcquired(perm))
-        manager.setPermissionAcquired(perm, 1)
-        self.failUnless(manager.getPermissionAcquired(perm))
+        self.failUnless((role2,Allow) in roles)
 
 def test_suite():
     loader=unittest.TestLoader()


=== Zope3/lib/python/Zope/App/Security/tests/testSecurityDirectives.py 1.1.2.9 => 1.1.2.10 ===
 
         self.assertEqual(len( roles ), 1)
-        self.failUnless("Bar" in roles)
+        self.failUnless(("Bar",Allow) in roles)
 
         self.assertEqual(len( perms ), 1)
-        self.failUnless("Foo" in perms)
+        self.failUnless(("Foo",Allow) in perms)
 
 class TestPrincipalPermission( unittest.TestCase ):