[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.5

Tue, 16 Jul 2002 19:41:49 -0400

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv19928/Zope/App/Security/tests

Modified Files:
	testZSP.py 
Log Message:

Renamed (changed service type id) if all services with names ending in
"Service". Container services were given a plural form 
(e.g. "RoleService" => "Roles"), but other services just lost the
suffix (e.g. "AuthenticationService" => "Authentication").

Fixed bug in ZopeSecurityPolicy that caused placeless role-permission
grants to be ignored for placefully assigned roles.

Also changed grant lookup order. Now placeless grants are checked
*before* placeful grants.

Finished the implementation of placeful principal role grants
(re)started at the EuroPython sprint.

Fixed a bug in service directives that caused service component lookup
to fail for unpriviledged users. This caused authentication using
Stephan's authentication service to fail in mysterious ways.

Now you can create users with Stephan's auth service, and assign them
roles using principal-role grants.

Added code to the ZMI (boring) standard_macros template to display the
user, which, BTW is available in request.user.



=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.4 => 1.5 ===
         self.assertEqual(permissions, expected)
         
 
+    def testPlayfulPrincipalRole(self):
+        getService(None,"Adapters").provideAdapter(
+            ITest,
+            IPrincipalRoleManager, AnnotationPrincipalRoleManager)
+
+        ob1 = TestClass()
+        ob2 = TestClass()
+        ob3 = TestClass()
+        ob  = ContextWrapper(ob3, ContextWrapper(ob2, ob1))
+        self.failIf(self.policy.checkPermission(
+            self.write, ob, Context(self.jim)))
+        AnnotationPrincipalRoleManager(ob).assignRoleToPrincipal(
+            self.manager, self.jim)
+        self.failUnless(self.policy.checkPermission(
+            self.write, ob, Context(self.jim)))
+        
+
     def testPlayfulRolePermissions(self):
         
         ARPM = AnnotationRolePermissionManager
@@ -192,7 +209,6 @@
 
 
 
-        # Make sure global principal permissions override placeful role perms
         principalPermissionManager.denyPermissionToPrincipal(
             test, self.jim)
         self.failIf(self.policy.checkPermission(
@@ -257,17 +273,14 @@
                                                 Context(self.jim)))
         self.__assertPermissions(self.jim, ['read'], ob)
 
-        # make sure placeful principal permissions override global ones
+        # make sure placeless principal permissions override placeful ones
         APPM(ob).grantPermissionToPrincipal(test, self.tim)
         principalPermissionManager.denyPermissionToPrincipal(
             test, self.tim)
-        self.failUnless(self.policy.checkPermission(test, ob,
-                                                    Context(self.tim)))
-
-        self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob)
+        self.failIf(self.policy.checkPermission(test, ob,
+                                                Context(self.tim)))
 
-        principalPermissionManager.unsetPermissionForPrincipal(
-            test, self.tim)
+        self.__assertPermissions(self.tim, ['read', 'write'], ob)
 
 
 class ITest(IAttributeAnnotatable):




