[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.8.2.1

Jim Fulton jim@zope.com
Mon, 11 Feb 2002 09:48:15 -0500


Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv10785

Modified Files:
      Tag: Zope-3x-security_defactor-branch
	testZSP.py 
Log Message:
Changed tests (back) to use ids, rather than objects in security
assertions. 

I'm in the process of changing all the security tests to use ids in
security assertions. The plan is to change and check in all the tests
and then to work together on making them pass again. When this is
done, we'll merge the changes back into the 3x branch.

Note that there might be bugs in the tests since we are intentionally
checking in failing tests (in this branch off the 3x branch).


=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.8 => 1.1.2.8.2.1 ===
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
+# 
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+# 
+##############################################################################
+"""
+
+Revision information: $Id$
+"""
+
 
 import unittest
 
@@ -54,29 +71,37 @@
     def setUp(self):
         _clear()
         jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
-                                          'jim', '123')
+                                                'jim', '123')
+        self.jim = jim.getId()
+        
         tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
-                                          'tim', '456')
-        anon = principalRegistry.definePrincipal('Anonymous', 'Anonymous')
-        principalRegistry.defineDefaultPrincipal(
+                                                'tim', '456')
+        self.tim = tim.getId()
+
+        unknown = principalRegistry.defineDefaultPrincipal(
             'unknown', 'Unknown', 'Nothing is known about this principal')
+        self.unknown = unknown.getId()
         
         read = permissionRegistry.definePermission(
             'read', 'Read', 'Read something')
+        self.read = read.getId()
         write = permissionRegistry.definePermission(
             'write', 'Write', 'Write something')
+        self.write = write.getId()
 
         peon = roleRegistry.defineRole('Peon', 'Site Peon')
-        rolePermissionManager.grantPermissionToRole( read, peon.getId() )
+        self.peon = peon.getId()
 
         manager = roleRegistry.defineRole('Manager', 'Site Manager')
-        rolePermissionManager.grantPermissionToRole(
-            read, manager.getId())
-        rolePermissionManager.grantPermissionToRole(
-            write, manager.getId())
+        self.manager = manager.getId()
 
-        principalRoleManager.assignRoleToPrincipal(peon.getId(), jim)
-        principalRoleManager.assignRoleToPrincipal(manager.getId(), tim)
+        rolePermissionManager.grantPermissionToRole(self.read, self.peon)
+        
+        rolePermissionManager.grantPermissionToRole(self.read, self.manager)
+        rolePermissionManager.grantPermissionToRole(self.write, self.manager)
+
+        principalRoleManager.assignRoleToPrincipal(self.peon, self.jim)
+        principalRoleManager.assignRoleToPrincipal(self.manager, self.tim)
 
         self.policy = self._makePolicy()
 
@@ -90,45 +115,47 @@
         from Zope.App.Security.ZopeSecurityPolicy import ZopeSecurityPolicy
 
     def testGlobalCheckPermission(self):
-        # test dour security
-        read = permissionRegistry.getPermission('read')
-        write = permissionRegistry.getPermission('write')
-
-        tim = principalRegistry.getPrincipal('tim')
-        jim = principalRegistry.getPrincipal('jim')
-
         self.failUnless(
-            self.policy.checkPermission(read, None, Context(jim)))
+            self.policy.checkPermission(self.read, None, Context(self.jim)))
         self.failUnless(
-            self.policy.checkPermission(read, None, Context(tim)))
+            self.policy.checkPermission(self.read, None, Context(self.tim)))
         self.failUnless(
-            self.policy.checkPermission(write, None, Context(tim)))
+            self.policy.checkPermission(self.write, None, Context(self.tim)))
 
         self.failIf(self.policy.checkPermission(
-                    read, None, Context('unknown')))
+            self.read, None, Context(self.unknown)))
         self.failIf(self.policy.checkPermission(
-                    write, None, Context('unknown')))
+            self.write, None, Context(self.unknown)))
         
-        unknown = principalRegistry.getPrincipal('unknown')
         self.failIf(
-            self.policy.checkPermission(read, None, Context(unknown)))
+            self.policy.checkPermission(
+            self.read, None, Context(self.unknown)))
 
-        anon = principalRegistry.getPrincipal('Anonymous')
-        rolePermissionManager.grantPermissionToRole(read, anon)
+        rolePermissionManager.grantPermissionToRole(self.read, 'Anonymous')
         
         self.failUnless(
-            self.policy.checkPermission(read, None, Context('unknown')))
+            self.policy.checkPermission(
+            self.read, None, Context(self.unknown)))
 
-        principalPermissionManager.grantPermissionToPrincipal(write, jim)
+        principalPermissionManager.grantPermissionToPrincipal(
+            self.write, self.jim)
         self.failUnless(
-            self.policy.checkPermission(write, None, Context(jim)))
+            self.policy.checkPermission(self.write, None, Context(self.jim)))
 
-    def offtestPlayfulRolePermissions(self):
+    def testPlayfulRolePermissions(self):
         # This is currently busticated. It thinks roles and permissions and
         # principals are strings, they are NOT.
-        permissionRegistry.definePermission('test', 'Test', '')
+
+        # Roles, permissions, and principals are not strings, however,
+        # their ids ARE and the security polict deals almost
+        # exclusively with ids, so these tests are NOT busted.
+        # Jim
+        
+        test = permissionRegistry.definePermission('test', 'Test', '')
+        test = test.getId()
+        
         provideAdapter(ITest, IRolePermissionManager, Adaptor)
-        provideAdapter(ITest, IPrincipalRoleManager, \
+        provideAdapter(ITest, IPrincipalRoleManager, 
                        AttributePrincipalRoleManager)
 
         ob1 = TestClass()
@@ -137,13 +164,15 @@
 
         ob  = Wrapper(ob3, Wrapper(ob2, ob1))
 
-        self.failIf(self.policy.checkPermission('test', ob, Context('tim')))
-        Adaptor(ob2).grantPermissionToRole('test', 'Manager')
-        self.failUnless(self.policy.checkPermission('test', ob, Context('tim')))
-
-        self.failIf(self.policy.checkPermission('test', ob, Context('jim')))
-        Adaptor(ob3).grantPermissionToRole('test', 'Peon')
-        self.failUnless(self.policy.checkPermission('test', ob, Context('jim')))
+        self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
+        Adaptor(ob2).grantPermissionToRole(test, self.manager)
+        self.failUnless(self.policy.checkPermission(test, ob,
+                                                    Context(self.tim)))
+
+        self.failIf(self.policy.checkPermission(test, ob, Context(self.jim)))
+        Adaptor(ob3).grantPermissionToRole(test, self.peon)
+        self.failUnless(self.policy.checkPermission(
+            test, ob, Context(self.jim)))
                     
     def testPlayfulPrinciplePermissions(self):
         APPM = AttributePrincipalPermissionManager
@@ -152,50 +181,51 @@
         ob1 = TestClass()
         ob2 = TestClass()
         ob3 = TestClass()
-        tim = principalRegistry.getPrincipal('tim')
-        jim = principalRegistry.getPrincipal('jim')
-        testperm = permissionRegistry.getPermission('test')
+
+        test = permissionRegistry.definePermission('test', 'Test', '')
+        test = test.getId()
 
         ob  = Wrapper(ob3, Wrapper(ob2, ob1))
-        self.failIf(self.policy.checkPermission(testperm, ob, Context(tim)))
-        APPM(ob2).grantPermissionToPrincipal(testperm, tim)
-        self.failUnless(self.policy.checkPermission(testperm, ob,\
-                        Context(tim)))
-        APPM(ob3).denyPermissionToPrincipal(testperm, tim)
-        self.failIf(self.policy.checkPermission(testperm, ob,\
-                        Context(tim)))
-        APPM(ob1).denyPermissionToPrincipal(testperm, jim)
-        APPM(ob3).grantPermissionToPrincipal(testperm, jim)
-        self.failUnless(self.policy.checkPermission(testperm, ob,\
-                        Context(jim)))
-        APPM(ob3).unsetPermissionForPrincipal(testperm, jim)
-        self.failIf(self.policy.checkPermission(testperm, ob,\
-                        Context(jim)))
+        self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
+        APPM(ob2).grantPermissionToPrincipal(test, self.tim)
+        self.failUnless(self.policy.checkPermission(test, ob,
+                                                    Context(self.tim)))
+        APPM(ob3).denyPermissionToPrincipal(test, self.tim)
+        self.failIf(self.policy.checkPermission(test, ob,
+                                                Context(self.tim)))
+        APPM(ob1).denyPermissionToPrincipal(test, self.jim)
+        APPM(ob3).grantPermissionToPrincipal(test, self.jim)
+        self.failUnless(self.policy.checkPermission(test, ob,
+                                                    Context(self.jim)))
+        APPM(ob3).unsetPermissionForPrincipal(test, self.jim)
+        self.failIf(self.policy.checkPermission(test, ob,
+                                                Context(self.jim)))
                                              
         
-    def offtest_validate(self):
-        self.policy.validate('_', Protected('read'), Context('jim'))
-        self.policy.validate('_', Protected('read'), Context('tim'))
-        self.policy.validate('_', Protected('write'), Context('tim'))
+    def test_validate(self):
+        self.policy.validate('_', Protected(self.read), Context(self.jim))
+        self.policy.validate('_', Protected(self.read), Context(self.tim))
+        self.policy.validate('_', Protected(self.write), Context(self.tim))
 
         self.assertRaises(Unauthorized,
                           self.policy.validate,
-                          'x', Protected('read'), Context('unknown'))
+                          'x', Protected(self.read), Context(self.unknown))
         self.assertRaises(Unauthorized,
                           self.policy.validate,
-                          'x', Protected('write'), Context('unknown'))
+                          'x', Protected(self.write), Context(self.unknown))
         
         anon = principalRegistry.getPrincipal('Anonymous')
-        rolePermissionManager.grantPermissionToRole('read', anon)
+        rolePermissionManager.grantPermissionToRole(self.read, anon)
         
-        self.policy.validate('_', Protected('read'), Context('unknown'))
+        self.policy.validate('_', Protected(self.read), Context(self.unknown))
 
-        principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
-        self.policy.validate('_', Protected('write'), Context('jim'))
+        principalPermissionManager.grantPermissionToPrincipal(self.write,
+                                                              self.jim)
+        self.policy.validate('_', Protected(self.write), Context(self.jim))
         
         self.assertRaises(Forbidden,
                           self.policy.validate,
-                          'x', Unprotected(), Context('tim'))
+                          'x', Unprotected(), Context(self.tim))
 
 class ITest(Interface):
     pass