[Zope-Checkins] CVS: Packages/AccessControl/tests - __init__.py:1.1.4.1 testModuleSecurity.py:1.1.2.1 testZopeSecurityPolicy.py:1.3.8.1

Evan Simpson evan@zope.com
Wed, 2 Jan 2002 11:21:16 -0500


Update of /cvs-repository/Packages/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv28972/AccessControl/tests

Modified Files:
      Tag: evan-modsec_fix-branch
	testZopeSecurityPolicy.py 
Added Files:
      Tag: evan-modsec_fix-branch
	__init__.py testModuleSecurity.py 
Log Message:
Security cleanup.  Make multiple module security declarations play nicely
together, move utility functions into AccessControl, add tests.  Added the
ability to declare simple security for types.



=== Added File Packages/AccessControl/tests/__init__.py ===


=== Added File Packages/AccessControl/tests/testModuleSecurity.py ===
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
# 
##############################################################################
"""Module Import Tests
"""

__rcs_id__='$Id: testModuleSecurity.py,v 1.1.2.1 2002/01/02 16:20:45 evan Exp $'
__version__='$Revision: 1.1.2.1 $'[11:-2]

import os, sys, unittest

import ZODB
from AccessControl import Unauthorized, ModuleSecurityInfo
from AccessControl.ZopeGuards import guarded_import

ModuleSecurityInfo('AccessControl.tests.mixed_module').declarePublic('pub')

ModuleSecurityInfo('AccessControl.tests.public_module').declarePublic('pub')
ModuleSecurityInfo('AccessControl.tests.public_module.submodule'
                   ).declarePublic('pub')

class SecurityTests(unittest.TestCase):

    def assertUnauth(self, module, fromlist):
        try:
            guarded_import(module, fromlist=fromlist)
        except (Unauthorized, ImportError):
            # Passed the test.
            pass
        else:
            assert 0, ('Did not protect module instance %s, %s' %
                       (`module`, `fromlist`))

    def assertAuth(self, module, fromlist):
        try:
            guarded_import(module, fromlist=fromlist)
        except (Unauthorized, ImportError):
            assert 0, ('Did not expose module instance %s, %s' %
                       (`module`, `fromlist`))

    def testPrivateModule(self):
        for name in '', '.submodule':
            for fromlist in (), ('priv',):
                self.assertUnauth(
                    'AccessControl.tests.private_module%s' % name,
                    fromlist)

    def testMixedModule(self):
        self.assertAuth('AccessControl.tests.mixed_module', ())
        self.assertAuth('AccessControl.tests.mixed_module', ('pub',))
        self.assertUnauth('AccessControl.tests.mixed_module', ('priv',))
        self.assertUnauth('AccessControl.tests.mixed_module.submodule', ())

    def testPublicModule(self):
        for name in '', '.submodule':
            for fromlist in (), ('pub',):
                self.assertAuth(
                    'AccessControl.tests.public_module%s' % name,
                    fromlist)    

def test_suite():
    suite = unittest.TestSuite()
    suite.addTest( unittest.makeSuite( SecurityTests ) )
    return suite

def main():
    unittest.TextTestRunner().run(test_suite())

if __name__ == '__main__':
    main()


=== Packages/AccessControl/tests/testZopeSecurityPolicy.py 1.3 => 1.3.8.1 ===
         assert policy.validate('', '', 'aq_parent', '', None)
         assert policy.validate('', '', 'aq_explicit', '', None)
+        assert policy.validate('', '', 'aq_inner', '', None)
 
     if 0:
         # This test purposely generates a log entry.