[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testAttributePrincipalPermissionManager.py:1.1.2.2 testAttributePrincipalRoleManager.py:1.1.2.4 testAttributeRolePermissionManager.py:1.1.2.4 testPrincipalPermissionManager.py:1.1.2.11 testPrincipalPermissionView.py:1.1.2.2 testPrincipalRoleManager.py:1.1.2.11 testRolePermissionManager.py:1.1.2.7 testZSP.py:1.1.2.9
Jim Fulton
jim@zope.com
Tue, 12 Feb 2002 13:28:57 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv9973/lib/python/Zope/App/Security/tests
Modified Files:
Tag: Zope-3x-branch
testAttributePrincipalPermissionManager.py
testAttributePrincipalRoleManager.py
testAttributeRolePermissionManager.py
testPrincipalPermissionManager.py
testPrincipalPermissionView.py testPrincipalRoleManager.py
testRolePermissionManager.py testZSP.py
Log Message:
Merged changes from Zope-3x-security_defactor-branch branch
to change code handling security assertions back to using ids rather
than objects.
=== Zope3/lib/python/Zope/App/Security/tests/testAttributePrincipalPermissionManager.py 1.1.2.1 => 1.1.2.2 ===
def _make_principal(self, id=None, title=None):
- prinregistry.definePrincipal(
+ p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
- return id or 'APrincipal'
+ return p.getId()
def testUnboundPrincipalPermission(self):
manager = AttributePrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
+ permission = permission.getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
@@ -48,6 +49,7 @@
def testPrincipalPermission(self):
manager = AttributePrincipalPermissionManager(Manageable())
permission = permregistry.definePermission('APerm', 'title')
+ permission = permission.getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
@@ -93,8 +95,8 @@
def testManyPermissionsOnePrincipal(self):
manager = AttributePrincipalPermissionManager(Manageable())
- perm1 = permregistry.definePermission('Perm One', 'title')
- perm2 = permregistry.definePermission('Perm Two', 'title')
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
=== Zope3/lib/python/Zope/App/Security/tests/testAttributePrincipalRoleManager.py 1.1.2.3 => 1.1.2.4 ===
def _make_principal(self, id=None, title=None):
- pregistry.definePrincipal(
+ p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
- return id or 'APrincipal'
+ return p.getId()
def testUnboundPrincipalRole(self):
principalRoleManager = AttributePrincipalRoleManager(Manageable())
=== Zope3/lib/python/Zope/App/Security/tests/testAttributeRolePermissionManager.py 1.1.2.3 => 1.1.2.4 ===
provideService('PermissionService', permissionRegistry)
- permissionRegistry.definePermission('read', 'Read Something')
- permissionRegistry.definePermission('write', 'Write Something')
+ read = permissionRegistry.definePermission('read', 'Read Something')
+ self.read = read.getId()
+
+ write = permissionRegistry.definePermission('write', 'Write Something')
+ self.write = write.getId()
- roleRegistry.defineRole('peon', 'Poor Slob')
- roleRegistry.defineRole('manager', 'Supreme Being')
+ peon = roleRegistry.defineRole('peon', 'Poor Slob')
+ self.peon = peon.getId()
+
+ manager = roleRegistry.defineRole('manager', 'Supreme Being')
+ self.manager = manager.getId()
def testNormal(self):
obj = Manageable()
mgr = AttributeRolePermissionManager(obj)
+ mgr.grantPermissionToRole(self.read,self.manager)
+ mgr.grantPermissionToRole(self.write,self.manager)
+ mgr.grantPermissionToRole(self.write,self.manager)
- mgr.grantPermissionToRole('read','manager')
- mgr.grantPermissionToRole('write','manager')
- mgr.grantPermissionToRole('write','manager')
-
- mgr.grantPermissionToRole('read','peon')
+ mgr.grantPermissionToRole(self.read,self.peon)
- l = list(mgr.getPermissionsForRole('manager'))
- self.failUnless( ('read', Allow) in l )
- self.failUnless( ('write', Allow) in l )
+ l = list(mgr.getPermissionsForRole(self.manager))
+ self.failUnless( (self.read, Allow) in l )
+ self.failUnless( (self.write, Allow) in l )
- l = list(mgr.getPermissionsForRole('peon'))
- self.failUnless( [('read', Allow)] == l )
+ l = list(mgr.getPermissionsForRole(self.peon))
+ self.failUnless( [(self.read, Allow)] == l )
- l = list(mgr.getRolesForPermission('read'))
- self.failUnless( ('manager', Allow) in l )
- self.failUnless( ('peon', Allow) in l )
+ l = list(mgr.getRolesForPermission(self.read))
+ self.failUnless( (self.manager, Allow) in l )
+ self.failUnless( (self.peon, Allow) in l )
- l = list(mgr.getRolesForPermission('write'))
- self.assertEqual(l, [ ('manager', 'Allow') ] )
+ l = list(mgr.getRolesForPermission(self.write))
+ self.assertEqual(l, [ (self.manager, Allow) ] )
- mgr.denyPermissionToRole('read', 'peon')
- l = list(mgr.getPermissionsForRole('peon'))
- self.assertEqual(l, [('read', 'Deny')] )
+ mgr.denyPermissionToRole(self.read, self.peon)
+ l = list(mgr.getPermissionsForRole(self.peon))
+ self.assertEqual(l, [(self.read, Deny)] )
- mgr.unsetPermissionForRole('read', 'peon')
+ mgr.unsetPermissionForRole(self.read, self.peon)
- l = list(mgr.getRolesForPermission('read'))
- self.assertEqual(l, [ ('manager', Allow) ] )
+ l = list(mgr.getRolesForPermission(self.read))
+ self.assertEqual(l, [ (self.manager, Allow) ] )
def test_suite():
=== Zope3/lib/python/Zope/App/Security/tests/testPrincipalPermissionManager.py 1.1.2.10 => 1.1.2.11 ===
def _make_principal(self, id=None, title=None):
- prinregistry.definePrincipal(
+ p = prinregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
- return id or 'APrincipal'
+ return p.getId()
def testUnboundPrincipalPermission(self):
- permission = permregistry.definePermission('APerm', 'title')
+ permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
def testPrincipalPermission(self):
- permission = permregistry.definePermission('APerm', 'title')
+ permission = permregistry.definePermission('APerm', 'title').getId()
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
@@ -86,8 +86,8 @@
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testManyPermissionsOnePrincipal(self):
- perm1 = permregistry.definePermission('Perm One', 'title')
- perm2 = permregistry.definePermission('Perm Two', 'title')
+ perm1 = permregistry.definePermission('Perm One', 'title').getId()
+ perm2 = permregistry.definePermission('Perm Two', 'title').getId()
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
=== Zope3/lib/python/Zope/App/Security/tests/testPrincipalPermissionView.py 1.1.2.1 => 1.1.2.2 ===
__implements__ = IPermissionService
- def __init__( self, perm_objs ):
+ def __init__(self, perm_objs):
perms = {}
for perm_obj in perm_objs:
perms[perm_obj.getId()] = perm_obj
@@ -109,173 +109,234 @@
return []
class DummyObject:
- def __init__( self, id, title ):
+ def __init__(self, id, title):
self._id = id
self._title = title
- def getId( self ):
+ def getId(self):
return self._id
- def getTitle( self ):
+ def getTitle(self):
return self._title
-class Test( unittest.TestCase ):
+class Test(unittest.TestCase):
def setUp(self):
_clear()
self._permissions = []
- self._permissions.append( DummyObject( 'qux', 'Qux' ) )
- self._permissions.append( DummyObject( 'baz', 'Baz' ) )
+ self._permissions.append(DummyObject('qux', 'Qux'))
+ self._permissions.append(DummyObject('baz', 'Baz'))
- defineService( 'PermissionService', IPermissionService )
- provideService( 'PermissionService', DummyPermissionService( self._permissions ) )
+ defineService('PermissionService', IPermissionService)
+ provideService('PermissionService', DummyPermissionService(
+ self._permissions))
- defineService( 'AuthenticationService', IAuthenticationService )
+ defineService('AuthenticationService', IAuthenticationService)
self._principals = []
- self._principals.append( DummyObject( 'foo', 'Foo' ) )
- self._principals.append( DummyObject( 'bar', 'Bar' ) )
+ self._principals.append(DummyObject('foo', 'Foo'))
+ self._principals.append(DummyObject('bar', 'Bar'))
- provideService( 'AuthenticationService',
- DummyAuthenticationService( principals = self._principals ) )
- provideAdapter( IAttributePrincipalPermissionManageable, IPrincipalPermissionManager, DummyAdapter)
+ provideService('AuthenticationService',
+ DummyAuthenticationService(principals = self._principals))
+ provideAdapter(IAttributePrincipalPermissionManageable,
+ IPrincipalPermissionManager, DummyAdapter)
def tearDown(self):
_clear()
- def _makeOne( self ):
- from Zope.App.Security.PrincipalPermissionView import PrincipalPermissionView
- return PrincipalPermissionView( DummyContext() )
+ def _makeOne(self):
+ from Zope.App.Security.PrincipalPermissionView \
+ import PrincipalPermissionView
+ return PrincipalPermissionView(DummyContext())
def testGrantPermissions(self):
view = self._makeOne()
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
- denied_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Deny')
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
self.assertEqual(len(allowed_perms), 0, 'List not empty')
self.assertEqual(len(denied_perms), 0, 'List not empty')
- view.grantPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'),
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
[])
- view.grantPermissions(self._principals[0].getId(), [self._permissions[1].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow').sort(),
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow').sort(),
self._permissions.sort())
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
[])
- view.grantPermissions(self._principals[1].getId(), [self._permissions[0].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Allow'),
+ view.grantPermissions(self._principals[1].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Deny'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
[])
- view.grantPermissions(self._principals[1].getId(), [self._permissions[1].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Allow').sort(),
+ view.grantPermissions(self._principals[1].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow').sort(),
self._permissions.sort())
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Deny'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
[])
def testDenyPermissions(self):
view = self._makeOne()
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
- denied_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Deny')
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
self.assertEqual(len(allowed_perms), 0, 'List not empty')
self.assertEqual(len(denied_perms), 0, 'List not empty')
- view.denyPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'),
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
[])
- view.denyPermissions(self._principals[0].getId(), [self._permissions[1].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny').sort(),
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny').sort(),
self._permissions.sort())
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
[])
- view.denyPermissions(self._principals[1].getId(), [self._permissions[0].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Deny'),
+ view.denyPermissions(self._principals[1].getId(), [
+ self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
[])
- view.denyPermissions(self._principals[1].getId(), [self._permissions[1].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Deny').sort(),
+ view.denyPermissions(self._principals[1].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Deny').sort(),
self._permissions.sort())
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[1].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[1].getId(),'Allow'),
[])
def testAllowDenyPermissions(self):
view = self._makeOne()
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
- denied_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Deny')
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
+ denied_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Deny')
self.assertEqual(len(allowed_perms), 0, 'List not empty')
self.assertEqual(len(denied_perms), 0, 'List not empty')
- view.grantPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
[])
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 1, 'List has wrong length')
# Now change it to deny
- view.denyPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'),
+ view.denyPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'),
[self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'),
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'),
[])
- view.grantPermissions(self._principals[0].getId(), [self._permissions[1].getId()] )
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Deny'), [self._permissions[0]])
- self.assertEqual(view.getPermissionsForPrincipal(self._principals[0].getId(),'Allow'), [self._permissions[1]])
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Deny'), [self._permissions[0]])
+ self.assertEqual(view.getPermissionsForPrincipal(
+ self._principals[0].getId(),'Allow'), [self._permissions[1]])
def testUnsetPermissions(self):
view = self._makeOne()
- view.grantPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 1, 'List has wrong length')
- view.unsetPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 0, 'Permission not unset')
# Deleting mutiple in one step
- view.grantPermissions(self._principals[0].getId(), [self._permissions[0].getId(), self._permissions[1].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 2, 'List has wrong length')
- view.unsetPermissions(self._principals[0].getId(), [self._permissions[0].getId(), self._permissions[1].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 0, 'Some permissions not unset')
# Deleting in a row
- view.grantPermissions(self._principals[0].getId(), [self._permissions[0].getId(), self._permissions[1].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.grantPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId(),
+ self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 2, 'List has wrong length')
- view.unsetPermissions(self._principals[0].getId(), [self._permissions[0].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[0].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 1, 'Some permissions not unset')
- view.unsetPermissions(self._principals[0].getId(), [self._permissions[1].getId()] )
- allowed_perms = view.getPermissionsForPrincipal(self._principals[0].getId(), 'Allow')
+ view.unsetPermissions(self._principals[0].getId(),
+ [self._permissions[1].getId()])
+ allowed_perms = view.getPermissionsForPrincipal(
+ self._principals[0].getId(), 'Allow')
self.assertEqual(len(allowed_perms), 0, 'Not all permissions unset')
# Ask for an other way of getting the unset permisssions
- unset_perms = view.getUnsetPermissionsForPrincipal(self._principals[0].getId())
+ unset_perms = view.getUnsetPermissionsForPrincipal(
+ self._principals[0].getId())
self.assertEqual(len(unset_perms), 2, 'Not all permissions unset')
def test_suite():
=== Zope3/lib/python/Zope/App/Security/tests/testPrincipalRoleManager.py 1.1.2.10 => 1.1.2.11 ===
def _make_principal(self, id=None, title=None):
- pregistry.definePrincipal(
+ p = pregistry.definePrincipal(
id or 'APrincipal',
title or 'A Principal',
login = id or 'APrincipal')
- return id or 'APrincipal'
+ return p.getId()
def testUnboundPrincipalRole(self):
role = rregistry.defineRole('ARole', 'A Role').getId()
=== Zope3/lib/python/Zope/App/Security/tests/testRolePermissionManager.py 1.1.2.6 => 1.1.2.7 ===
def testUnboundRolePermission(self):
- permission = pregistry.definePermission('APerm', 'aPerm title')
- role = rregistry.defineRole('ARole', 'A Role')
+ permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
self.assertEqual(manager.getRolesForPermission(permission), [])
self.assertEqual(manager.getPermissionsForRole(role), [])
def testRolePermission(self):
- permission = pregistry.definePermission('APerm', 'aPerm title')
- role = rregistry.defineRole('ARole', 'A Role')
+ permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+ role = rregistry.defineRole('ARole', 'A Role').getId()
manager.grantPermissionToRole(permission, role)
self.assertEqual(manager.getRolesForPermission(permission),
[(role,Allow)])
@@ -44,10 +44,10 @@
[(permission,Allow)])
def testManyPermissionsOneRole(self):
- perm1 = pregistry.definePermission('Perm One', 'P1')
- perm2 = pregistry.definePermission('Perm Two', 'P2')
- perm3 = pregistry.definePermission('Perm Three', 'P3')
- role1 = rregistry.defineRole('Role One', 'Role #1')
+ perm1 = pregistry.definePermission('Perm One', 'P1').getId()
+ perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
+ perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
perms = manager.getPermissionsForRole(role1)
self.assertEqual(len(perms), 0)
manager.grantPermissionToRole(perm1, role1)
@@ -65,9 +65,9 @@
self.failUnless((perm2,Allow) in perms)
def testManyRolesOnePermission(self):
- perm1 = pregistry.definePermission('Perm One', 'title')
- role1 = rregistry.defineRole('Role One', 'Role #1')
- role2 = rregistry.defineRole('Role Two', 'Role #2')
+ perm1 = pregistry.definePermission('Perm One', 'title').getId()
+ role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+ role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
roles = manager.getRolesForPermission(perm1)
self.assertEqual(len(roles), 0)
manager.grantPermissionToRole(perm1, role1)
=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.8 => 1.1.2.9 ===
+#
+# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+"""
+
+Revision information: $Id$
+"""
+
import unittest
@@ -22,6 +39,8 @@
import AttributePrincipalRoleManager
from Zope.App.Security.PrincipalRoleManager \
import PrincipalRoleManager
+from Zope.App.Security.AttributeRolePermissionManager \
+ import AttributeRolePermissionManager
from Zope.App.Security.IPrincipalRoleManager import IPrincipalRoleManager
from Zope.Exceptions import Unauthorized, Forbidden
@@ -54,29 +73,40 @@
def setUp(self):
_clear()
jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
- 'jim', '123')
+ 'jim', '123')
+ self.jim = jim.getId()
+
tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
- 'tim', '456')
- anon = principalRegistry.definePrincipal('Anonymous', 'Anonymous')
- principalRegistry.defineDefaultPrincipal(
+ 'tim', '456')
+ self.tim = tim.getId()
+
+ unknown = principalRegistry.defineDefaultPrincipal(
'unknown', 'Unknown', 'Nothing is known about this principal')
+ self.unknown = unknown.getId()
read = permissionRegistry.definePermission(
'read', 'Read', 'Read something')
+ self.read = read.getId()
write = permissionRegistry.definePermission(
'write', 'Write', 'Write something')
+ self.write = write.getId()
peon = roleRegistry.defineRole('Peon', 'Site Peon')
- rolePermissionManager.grantPermissionToRole( read, peon.getId() )
+ self.peon = peon.getId()
manager = roleRegistry.defineRole('Manager', 'Site Manager')
- rolePermissionManager.grantPermissionToRole(
- read, manager.getId())
- rolePermissionManager.grantPermissionToRole(
- write, manager.getId())
+ self.manager = manager.getId()
+
+ arole = roleRegistry.defineRole('Another', 'Another Role')
+ self.arole = arole.getId()
- principalRoleManager.assignRoleToPrincipal(peon.getId(), jim)
- principalRoleManager.assignRoleToPrincipal(manager.getId(), tim)
+ rolePermissionManager.grantPermissionToRole(self.read, self.peon)
+
+ rolePermissionManager.grantPermissionToRole(self.read, self.manager)
+ rolePermissionManager.grantPermissionToRole(self.write, self.manager)
+
+ principalRoleManager.assignRoleToPrincipal(self.peon, self.jim)
+ principalRoleManager.assignRoleToPrincipal(self.manager, self.tim)
self.policy = self._makePolicy()
@@ -90,46 +120,39 @@
from Zope.App.Security.ZopeSecurityPolicy import ZopeSecurityPolicy
def testGlobalCheckPermission(self):
- # test dour security
- read = permissionRegistry.getPermission('read')
- write = permissionRegistry.getPermission('write')
-
- tim = principalRegistry.getPrincipal('tim')
- jim = principalRegistry.getPrincipal('jim')
-
self.failUnless(
- self.policy.checkPermission(read, None, Context(jim)))
+ self.policy.checkPermission(self.read, None, Context(self.jim)))
self.failUnless(
- self.policy.checkPermission(read, None, Context(tim)))
+ self.policy.checkPermission(self.read, None, Context(self.tim)))
self.failUnless(
- self.policy.checkPermission(write, None, Context(tim)))
+ self.policy.checkPermission(self.write, None, Context(self.tim)))
self.failIf(self.policy.checkPermission(
- read, None, Context('unknown')))
+ self.read, None, Context(self.unknown)))
self.failIf(self.policy.checkPermission(
- write, None, Context('unknown')))
+ self.write, None, Context(self.unknown)))
- unknown = principalRegistry.getPrincipal('unknown')
self.failIf(
- self.policy.checkPermission(read, None, Context(unknown)))
+ self.policy.checkPermission(
+ self.read, None, Context(self.unknown)))
- anon = principalRegistry.getPrincipal('Anonymous')
- rolePermissionManager.grantPermissionToRole(read, anon)
+ rolePermissionManager.grantPermissionToRole(self.read, 'Anonymous')
self.failUnless(
- self.policy.checkPermission(read, None, Context('unknown')))
+ self.policy.checkPermission(
+ self.read, None, Context(self.unknown)))
- principalPermissionManager.grantPermissionToPrincipal(write, jim)
+ principalPermissionManager.grantPermissionToPrincipal(
+ self.write, self.jim)
self.failUnless(
- self.policy.checkPermission(write, None, Context(jim)))
+ self.policy.checkPermission(self.write, None, Context(self.jim)))
- def offtestPlayfulRolePermissions(self):
- # This is currently busticated. It thinks roles and permissions and
- # principals are strings, they are NOT.
- permissionRegistry.definePermission('test', 'Test', '')
- provideAdapter(ITest, IRolePermissionManager, Adaptor)
- provideAdapter(ITest, IPrincipalRoleManager, \
- AttributePrincipalRoleManager)
+ def testPlayfulRolePermissions(self):
+
+ ARPM = AttributeRolePermissionManager
+ provideAdapter(ITest, IRolePermissionManager, ARPM)
+ test = permissionRegistry.definePermission('test', 'Test', '')
+ test = test.getId()
ob1 = TestClass()
ob2 = TestClass()
@@ -137,13 +160,34 @@
ob = Wrapper(ob3, Wrapper(ob2, ob1))
- self.failIf(self.policy.checkPermission('test', ob, Context('tim')))
- Adaptor(ob2).grantPermissionToRole('test', 'Manager')
- self.failUnless(self.policy.checkPermission('test', ob, Context('tim')))
-
- self.failIf(self.policy.checkPermission('test', ob, Context('jim')))
- Adaptor(ob3).grantPermissionToRole('test', 'Peon')
- self.failUnless(self.policy.checkPermission('test', ob, Context('jim')))
+ self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
+ ARPM(ob2).grantPermissionToRole(test, self.manager)
+ self.failUnless(self.policy.checkPermission(test, ob,
+ Context(self.tim)))
+
+ self.failIf(self.policy.checkPermission(test, ob, Context(self.jim)))
+ ARPM(ob3).grantPermissionToRole(test, self.peon)
+ self.failUnless(self.policy.checkPermission(
+ test, ob, Context(self.jim)))
+ # Make sure global principal permissions override placeful role perms
+ principalPermissionManager.denyPermissionToPrincipal(
+ test, self.jim)
+ self.failIf(self.policy.checkPermission(
+ test, ob, Context(self.jim)))
+ principalPermissionManager.unsetPermissionForPrincipal(
+ test, self.jim)
+ # Make sure multiple conflicting role permissions resolve correctly
+ ARPM(ob2).grantPermissionToRole(test, 'Anonymous')
+ ARPM(ob2).grantPermissionToRole(test, self.arole)
+ ARPM(ob3).denyPermissionToRole(test, self.peon)
+
+ new = principalRegistry.definePrincipal('new', 'Newbie',
+ 'Newbie User', 'new', '098')
+ new = new.getId()
+ principalRoleManager.assignRoleToPrincipal(self.arole, new)
+ self.failUnless(self.policy.checkPermission(test, ob, Context(new)))
+ principalRoleManager.assignRoleToPrincipal(self.peon, new)
+ self.failIf(self.policy.checkPermission(test, ob, Context(new)))
def testPlayfulPrinciplePermissions(self):
APPM = AttributePrincipalPermissionManager
@@ -152,50 +196,60 @@
ob1 = TestClass()
ob2 = TestClass()
ob3 = TestClass()
- tim = principalRegistry.getPrincipal('tim')
- jim = principalRegistry.getPrincipal('jim')
- testperm = permissionRegistry.getPermission('test')
+
+ test = permissionRegistry.definePermission('test', 'Test', '')
+ test = test.getId()
ob = Wrapper(ob3, Wrapper(ob2, ob1))
- self.failIf(self.policy.checkPermission(testperm, ob, Context(tim)))
- APPM(ob2).grantPermissionToPrincipal(testperm, tim)
- self.failUnless(self.policy.checkPermission(testperm, ob,\
- Context(tim)))
- APPM(ob3).denyPermissionToPrincipal(testperm, tim)
- self.failIf(self.policy.checkPermission(testperm, ob,\
- Context(tim)))
- APPM(ob1).denyPermissionToPrincipal(testperm, jim)
- APPM(ob3).grantPermissionToPrincipal(testperm, jim)
- self.failUnless(self.policy.checkPermission(testperm, ob,\
- Context(jim)))
- APPM(ob3).unsetPermissionForPrincipal(testperm, jim)
- self.failIf(self.policy.checkPermission(testperm, ob,\
- Context(jim)))
+ self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
+ APPM(ob2).grantPermissionToPrincipal(test, self.tim)
+ self.failUnless(self.policy.checkPermission(test, ob,
+ Context(self.tim)))
+ APPM(ob3).denyPermissionToPrincipal(test, self.tim)
+ self.failIf(self.policy.checkPermission(test, ob,
+ Context(self.tim)))
+ APPM(ob1).denyPermissionToPrincipal(test, self.jim)
+ APPM(ob3).grantPermissionToPrincipal(test, self.jim)
+ self.failUnless(self.policy.checkPermission(test, ob,
+ Context(self.jim)))
+ APPM(ob3).unsetPermissionForPrincipal(test, self.jim)
+ self.failIf(self.policy.checkPermission(test, ob,
+ Context(self.jim)))
+ # make sure placeful principal permissions override global ones
+ APPM(ob).grantPermissionToPrincipal(test, self.tim)
+ principalPermissionManager.denyPermissionToPrincipal(
+ test, self.tim)
+ self.failUnless(self.policy.checkPermission(test, ob,
+ Context(self.tim)))
+ principalPermissionManager.unsetPermissionForPrincipal(
+ test, self.tim)
+
+
- def offtest_validate(self):
- self.policy.validate('_', Protected('read'), Context('jim'))
- self.policy.validate('_', Protected('read'), Context('tim'))
- self.policy.validate('_', Protected('write'), Context('tim'))
+ def test_validate(self):
+ self.policy.validate('_', Protected(self.read), Context(self.jim))
+ self.policy.validate('_', Protected(self.read), Context(self.tim))
+ self.policy.validate('_', Protected(self.write), Context(self.tim))
self.assertRaises(Unauthorized,
self.policy.validate,
- 'x', Protected('read'), Context('unknown'))
+ 'x', Protected(self.read), Context(self.unknown))
self.assertRaises(Unauthorized,
self.policy.validate,
- 'x', Protected('write'), Context('unknown'))
+ 'x', Protected(self.write), Context(self.unknown))
- anon = principalRegistry.getPrincipal('Anonymous')
- rolePermissionManager.grantPermissionToRole('read', anon)
+ rolePermissionManager.grantPermissionToRole(self.read, 'Anonymous')
- self.policy.validate('_', Protected('read'), Context('unknown'))
+ self.policy.validate('_', Protected(self.read), Context(self.unknown))
- principalPermissionManager.grantPermissionToPrincipal('write', 'jim')
- self.policy.validate('_', Protected('write'), Context('jim'))
+ principalPermissionManager.grantPermissionToPrincipal(self.write,
+ self.jim)
+ self.policy.validate('_', Protected(self.write), Context(self.jim))
self.assertRaises(Forbidden,
self.policy.validate,
- 'x', Unprotected(), Context('tim'))
+ 'x', Unprotected(), Context(self.tim))
class ITest(Interface):
pass
@@ -206,28 +260,6 @@
def __init__(self):
self._roles = { 'test' : {} }
self._permissions = { 'Manager' : {} , 'Peon' : {} }
-
-class Adaptor:
- __implements__ = IRolePermissionManager
-
- def __init__(self, context):
- self._context = context
-
- def getPermissionsForRole(self, role):
- return self._context._permissions.get(role, {}).keys()
-
- def getRolesForPermission(self, permission):
- return self._context._roles.get(permission, {}).keys()
-
- def getPermissionAcquired(self, permission):
- return 1
-
- def grantPermissionToRole(self, permission, role):
- self._context._permissions[role][permission] = 1
- self._context._roles[permission][role] = 1
-
- def setPermissionAcquired(self, permission, flag):
- raise TypeError
def test_suite():
loader=unittest.TestLoader()