[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.8

[Anthony Baxter]

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv16976/tests

Modified Files:
      Tag: Zope-3x-branch
	testZSP.py 
Log Message:
Dour (non-playful) security now works. Woo-hoo.

Note that a couple of tests in testZSP are still commented out, as
they assume that principals, roles or permissions are strings. Naughty!



=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.7 => 1.1.2.8 ===
 class Test( unittest.TestCase ):
 
+    def tearDown(self):
+        _clear()
+
     def setUp(self):
         _clear()
-        principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
+        jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
                                           'jim', '123')
-        principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
+        tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
                                           'tim', '456')
+        anon = principalRegistry.definePrincipal('Anonymous', 'Anonymous')
         principalRegistry.defineDefaultPrincipal(
             'unknown', 'Unknown', 'Nothing is known about this principal')
         
-        permissionRegistry.definePermission('read', 'Read', 'Read something')
-        permissionRegistry.definePermission(
+        read = permissionRegistry.definePermission(
+            'read', 'Read', 'Read something')
+        write = permissionRegistry.definePermission(
             'write', 'Write', 'Write something')
 
+        peon = roleRegistry.defineRole('Peon', 'Site Peon')
+        rolePermissionManager.grantPermissionToRole( read, peon.getId() )
 
-        self.peon = roleRegistry.defineRole('Peon', 'Site Peon')
+        manager = roleRegistry.defineRole('Manager', 'Site Manager')
         rolePermissionManager.grantPermissionToRole(
-            'read', self.peon.getId())
-
-        self.manager = roleRegistry.defineRole('Manager', 'Site Manager')
+            read, manager.getId())
         rolePermissionManager.grantPermissionToRole(
-            'read', self.manager.getId())
-        rolePermissionManager.grantPermissionToRole(
-            'write', self.manager.getId())
+            write, manager.getId())
 
-        principalRoleManager.assignRoleToPrincipal(self.peon.getId(), 'jim')
-        principalRoleManager.assignRoleToPrincipal(self.manager.getId(), 'tim')
+        principalRoleManager.assignRoleToPrincipal(peon.getId(), jim)
+        principalRoleManager.assignRoleToPrincipal(manager.getId(), tim)
 
         self.policy = self._makePolicy()
 
@@ -86,31 +89,43 @@
 
         from Zope.App.Security.ZopeSecurityPolicy import ZopeSecurityPolicy
 
-    def offtestGlobalCheckPermission(self):
-        # How does this help us? Do we need non-playful security anymore?
+    def testGlobalCheckPermission(self):
+        # test dour security
+        read = permissionRegistry.getPermission('read')
+        write = permissionRegistry.getPermission('write')
+
+        tim = principalRegistry.getPrincipal('tim')
+        jim = principalRegistry.getPrincipal('jim')
+
         self.failUnless(
-            self.policy.checkPermission('read', None, Context('jim')))
+            self.policy.checkPermission(read, None, Context(jim)))
         self.failUnless(
-            self.policy.checkPermission('read', None, Context('tim')))
+            self.policy.checkPermission(read, None, Context(tim)))
         self.failUnless(
-            self.policy.checkPermission('write', None, Context('tim')))
+            self.policy.checkPermission(write, None, Context(tim)))
 
         self.failIf(self.policy.checkPermission(
-                    'read', None, Context('unknown')))
+                    read, None, Context('unknown')))
         self.failIf(self.policy.checkPermission(
-                    'write', None, Context('unknown')))
+                    write, None, Context('unknown')))
         
-        rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+        unknown = principalRegistry.getPrincipal('unknown')
+        self.failIf(
+            self.policy.checkPermission(read, None, Context(unknown)))
+
+        anon = principalRegistry.getPrincipal('Anonymous')
+        rolePermissionManager.grantPermissionToRole(read, anon)
         
         self.failUnless(
-            self.policy.checkPermission('read', None, Context('unknown')))
+            self.policy.checkPermission(read, None, Context('unknown')))
 
-        principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
+        principalPermissionManager.grantPermissionToPrincipal(write, jim)
         self.failUnless(
-            self.policy.checkPermission('write', None, Context('jim')))
+            self.policy.checkPermission(write, None, Context(jim)))
 
     def offtestPlayfulRolePermissions(self):
-        # This is currently busticated
+        # This is currently busticated. It thinks roles and permissions and
+        # principals are strings, they are NOT.
         permissionRegistry.definePermission('test', 'Test', '')
         provideAdapter(ITest, IRolePermissionManager, Adaptor)
         provideAdapter(ITest, IPrincipalRoleManager, \
@@ -170,7 +185,8 @@
                           self.policy.validate,
                           'x', Protected('write'), Context('unknown'))
         
-        rolePermissionManager.grantPermissionToRole('read', 'Anonymous')
+        anon = principalRegistry.getPrincipal('Anonymous')
+        rolePermissionManager.grantPermissionToRole('read', anon)
         
         self.policy.validate('_', Protected('read'), Context('unknown'))