[Zope3-checkins] CVS: Zope3/src/zope/products/securitypolicy/tests - __init__.py:1.2 mapping.zcml:1.2 role.zcml:1.2 role_duplicate.zcml:1.2 test_annotationprincipalpermissionmanager.py:1.2 test_annotationprincipalrolemanager.py:1.2 test_annotationrolepermissionmanager.py:1.2 test_principalpermissionmanager.py:1.2 test_principalrolemanager.py:1.2 test_rolecontents.py:1.2 test_rolepermissionmanager.py:1.2 test_roleregistry.py:1.2 test_roleservice.py:1.2 test_securitydirectives.py:1.2 test_securitymap.py:1.2 test_zopepolicy.py:1.2

Chris McDonough chrism at plope.com
Wed Jan 14 17:56:07 EST 2004


Update of /cvs-repository/Zope3/src/zope/products/securitypolicy/tests
In directory cvs.zope.org:/tmp/cvs-serv5558/src/zope/products/securitypolicy/tests

Added Files:
	__init__.py mapping.zcml role.zcml role_duplicate.zcml 
	test_annotationprincipalpermissionmanager.py 
	test_annotationprincipalrolemanager.py 
	test_annotationrolepermissionmanager.py 
	test_principalpermissionmanager.py 
	test_principalrolemanager.py test_rolecontents.py 
	test_rolepermissionmanager.py test_roleregistry.py 
	test_roleservice.py test_securitydirectives.py 
	test_securitymap.py test_zopepolicy.py 
Log Message:
Merge security policy refactoring:

 - Moved all role- and grant-related functionality into
   zope.products.securitypolicy (and out of zope.app.security.grant).
   The zope.products.securitypolicy implementation is exactly
   the same as the old implementation; no changes were made
   to the actual mechanics of role-permission or principal-permission
   grants.  The only real difference is that all functionality
   that is the purview of what we want a security policy to have
   control of is now in that one place.

 - Created new modulealias directive which can be used to provide
   aliases to older modules (to not break existing ZODBs when
   module locations change).

 - Added minor feature: "make debug" launches a debug session in the
   spirit of Zope 2's "zopectl debug".
   


=== Zope3/src/zope/products/securitypolicy/tests/__init__.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/__init__.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,2 @@
+#
+# This file is necessary to make this directory a package.


=== Zope3/src/zope/products/securitypolicy/tests/mapping.zcml 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/mapping.zcml	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,18 @@
+<configure xmlns="http://namespaces.zope.org/zope">
+
+  <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+ <grant
+     permission="zope.Foo"
+     role="zope.Bar" />
+
+ <grant
+     permission="zope.Foo"
+     principal="zope.Blah" />
+
+ <grant
+     role="zope.Bar"
+     principal="zope.Blah" />
+
+ 
+</configure>


=== Zope3/src/zope/products/securitypolicy/tests/role.zcml 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/role.zcml	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,13 @@
+<configure
+    xmlns="http://namespaces.zope.org/zope"
+    i18n_domain="zope"
+    >
+
+  <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+  <role
+      id="zope.Everyperson"
+      title="Tout le monde"
+      description="The common man, woman, person, or thing" />
+ 
+</configure>


=== Zope3/src/zope/products/securitypolicy/tests/role_duplicate.zcml 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/role_duplicate.zcml	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,17 @@
+<configure
+    xmlns="http://namespaces.zope.org/zope"
+    i18n_domain="zope">
+
+  <include package="zope.products.securitypolicy" file="meta.zcml"/>
+
+  <role
+      id="zope.Everyperson"
+      title="Tout le monde"
+      description="The common man, woman, person, or thing" />
+
+  <role
+      id="zope.Everyperson"
+      title="Tout le monde"
+      description="The common man, woman, person, or thing" />
+ 
+</configure>


=== Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalpermissionmanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalpermissionmanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,149 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for AnnotationPrincipalPermissionManager module."""
+
+import unittest
+from zope.app.tests import ztapi
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.component import getService
+from zope.app.services.servicenames import Adapters
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.app.security.registries.permissionregistry \
+    import permissionRegistry as permregistry
+from zope.app.security.registries.principalregistry \
+    import principalRegistry as prinregistry
+from zope.products.securitypolicy.principalpermission \
+    import AnnotationPrincipalPermissionManager
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.app.tests.placelesssetup import PlacelessSetup
+from zope.interface import implements
+
+class Manageable:
+    implements(IAttributeAnnotatable)
+
+class Test(PlacelessSetup, unittest.TestCase):
+
+    def setUp(self):
+        super(Test, self).setUp()
+        ztapi.provideAdapter(
+            IAttributeAnnotatable, IAnnotations,
+            AttributeAnnotations)
+
+    def _make_principal(self, id=None, title=None):
+        p = prinregistry.definePrincipal(
+            id or 'APrincipal',
+            title or 'A Principal',
+            login = id or 'APrincipal')
+        return p.getId()
+
+    def testUnboundPrincipalPermission(self):
+        manager = AnnotationPrincipalPermissionManager(Manageable())
+        permission = permregistry.definePermission('APerm', 'title')
+        permission = permission.getId()
+        principal = self._make_principal()
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+    def testPrincipalPermission(self):
+        manager = AnnotationPrincipalPermissionManager(Manageable())
+        permission = permregistry.definePermission('APerm', 'title')
+        permission = permission.getId()
+        principal = self._make_principal()
+
+        # check that an allow permission is saved correctly
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+
+        # check that the allow permission is removed.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+        # now put a deny in there, check it's set.
+        manager.denyPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Deny)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Deny)])
+
+        # test for deny followed by allow . The latter should override.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+
+        # check that allow followed by allow is just a single allow.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+
+        # check that two unsets in a row quietly ignores the second one.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+        # check the result of getSetting() when it's empty.
+        self.assertEqual(manager.getSetting(permission, principal), Unset)
+
+        # check the result of getSetting() when it's allowed.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getSetting(permission, principal), Allow)
+
+        # check the result of getSetting() when it's denied.
+        manager.denyPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getSetting(permission, principal), Deny)
+
+    def testManyPermissionsOnePrincipal(self):
+        manager = AnnotationPrincipalPermissionManager(Manageable())
+        perm1 = permregistry.definePermission('Perm One', 'title').getId()
+        perm2 = permregistry.definePermission('Perm Two', 'title').getId()
+        prin1 = self._make_principal()
+        manager.grantPermissionToPrincipal(perm1, prin1)
+        manager.grantPermissionToPrincipal(perm2, prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+        manager.denyPermissionToPrincipal(perm2, prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Deny) in perms)
+
+    def testManyPrincipalsOnePermission(self):
+        manager = AnnotationPrincipalPermissionManager(Manageable())
+        perm1 = permregistry.definePermission('Perm One', 'title').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        manager.grantPermissionToPrincipal(perm1, prin1)
+        manager.denyPermissionToPrincipal(perm1, prin2)
+        principals = manager.getPrincipalsForPermission(perm1)
+        self.assertEqual(len(principals), 2)
+        self.failUnless((prin1,Allow) in principals)
+        self.failUnless((prin2,Deny) in principals)
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalrolemanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationprincipalrolemanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,140 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalRoleManager module."""
+
+import unittest
+from zope.app.tests import ztapi
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.component import getService
+from zope.app.services.servicenames import Adapters
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.products.securitypolicy.roleregistry import roleRegistry as rregistry
+from zope.app.security.registries.principalregistry \
+     import principalRegistry as pregistry
+from zope.products.securitypolicy.principalrole \
+        import AnnotationPrincipalRoleManager
+from zope.app.security.settings import Allow, Deny
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.interface import implements
+
+class Manageable:
+    implements(IAttributeAnnotatable)
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+    def setUp(self):
+        PlacefulSetup.setUp(self)
+        ztapi.provideAdapter(
+            IAttributeAnnotatable, IAnnotations,
+            AttributeAnnotations)
+
+    def _make_principal(self, id=None, title=None):
+        p = pregistry.definePrincipal(
+            id or 'APrincipal',
+            title or 'A Principal',
+            login = id or 'APrincipal')
+        return p.getId()
+
+    def _make_roleManager(self, obj=None):
+        if obj is None:
+            obj = Manageable()
+        return AnnotationPrincipalRoleManager(obj)
+
+    def testUnboundPrincipalRole(self):
+        principalRoleManager = self._make_roleManager()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [])
+
+    def testPrincipalRoleAllow(self):
+        principalRoleManager = self._make_roleManager()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.assignRoleToPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [(principal, Allow)])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [(role, Allow)])
+
+    def testPrincipalRoleDeny(self):
+        principalRoleManager = self._make_roleManager()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.removeRoleFromPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [(principal, Deny)])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [(role, Deny)])
+
+    def testPrincipalRoleUnset(self):
+        principalRoleManager = self._make_roleManager()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.removeRoleFromPrincipal(role, principal)
+        principalRoleManager.unsetRoleForPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [])
+
+    def testManyRolesOnePrincipal(self):
+        principalRoleManager = self._make_roleManager()
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+        prin1 = self._make_principal()
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role2, prin1)
+        roles = principalRoleManager.getRolesForPrincipal(prin1)
+        self.assertEqual(len(roles), 2)
+        self.failUnless((role1, Allow) in roles)
+        self.failUnless((role2, Allow) in roles)
+
+    def testManyPrincipalsOneRole(self):
+        principalRoleManager = self._make_roleManager()
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role1, prin2)
+        principals = principalRoleManager.getPrincipalsForRole(role1)
+        self.assertEqual(len(principals), 2)
+        self.failUnless((prin1, Allow) in principals)
+        self.failUnless((prin2, Allow) in principals)
+
+    def testPrincipalsAndRoles(self):
+        principalRoleManager = self._make_roleManager()
+        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+        self.assertEqual(len(principalsAndRoles), 0)
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role1, prin2)
+        principalRoleManager.assignRoleToPrincipal(role2, prin1)
+        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+        self.assertEqual(len(principalsAndRoles), 3)
+        self.failUnless((role1, prin1, Allow) in principalsAndRoles)
+        self.failUnless((role1, prin2, Allow) in principalsAndRoles)
+        self.failUnless((role2, prin1, Allow) in principalsAndRoles)
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_annotationrolepermissionmanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_annotationrolepermissionmanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,98 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+from zope.app.tests import ztapi
+from zope.products.securitypolicy.rolepermission \
+     import AnnotationRolePermissionManager
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.component import getServiceManager, getService
+from zope.app.services.servicenames import Permissions, Adapters
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.app.security.registries.permissionregistry import permissionRegistry
+from zope.app.security.settings import Allow, Deny
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.interface import implements
+
+import unittest
+
+class Manageable:
+    implements(IAttributeAnnotatable)
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+    def setUp(self):
+        PlacefulSetup.setUp(self)
+        defineService=getServiceManager(None).defineService
+        provideService=getServiceManager(None).provideService
+        defineService('Roles', IRoleService)
+        defineService(Permissions, IPermissionService)
+        provideService('Roles', roleRegistry)
+        provideService(Permissions, permissionRegistry)
+        ztapi.provideAdapter(IAttributeAnnotatable, IAnnotations,
+                             AttributeAnnotations)
+
+        read = permissionRegistry.definePermission('read', 'Read Something')
+        self.read = read.getId()
+
+        write = permissionRegistry.definePermission('write', 'Write Something')
+        self.write = write.getId()
+
+        peon = roleRegistry.defineRole('peon', 'Poor Slob')
+        self.peon = peon.getId()
+
+        manager = roleRegistry.defineRole('manager', 'Supreme Being')
+        self.manager = manager.getId()
+
+    def testNormal(self):
+        obj = Manageable()
+        mgr = AnnotationRolePermissionManager(obj)
+        mgr.grantPermissionToRole(self.read,self.manager)
+        mgr.grantPermissionToRole(self.write,self.manager)
+        mgr.grantPermissionToRole(self.write,self.manager)
+
+        mgr.grantPermissionToRole(self.read,self.peon)
+
+        l = list(mgr.getPermissionsForRole(self.manager))
+        self.failUnless((self.read, Allow) in l)
+        self.failUnless((self.write, Allow) in l)
+
+        l = list(mgr.getPermissionsForRole(self.peon))
+        self.failUnless([(self.read, Allow)] == l)
+
+        l = list(mgr.getRolesForPermission(self.read))
+        self.failUnless((self.manager, Allow) in l)
+        self.failUnless((self.peon, Allow) in l)
+
+        l = list(mgr.getRolesForPermission(self.write))
+        self.assertEqual(l, [(self.manager, Allow)])
+
+        mgr.denyPermissionToRole(self.read, self.peon)
+        l = list(mgr.getPermissionsForRole(self.peon))
+        self.assertEqual(l, [(self.read, Deny)])
+
+        mgr.unsetPermissionFromRole(self.read, self.peon)
+
+        l = list(mgr.getRolesForPermission(self.read))
+        self.assertEqual(l, [(self.manager, Allow)])
+
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_principalpermissionmanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_principalpermissionmanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,155 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalPermissionManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions, Authentication
+
+from zope.app.interfaces.security import IPermissionService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.app.security.registries.permissionregistry \
+    import permissionRegistry as permregistry
+from zope.app.security.registries.principalregistry \
+    import principalRegistry as prinregistry
+from zope.products.securitypolicy.principalpermission \
+    import principalPermissionManager as manager
+from zope.app.security.settings import Allow, Deny, Unset
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+
+        services.defineService(Permissions, IPermissionService)
+        services.provideService(Permissions, permregistry)
+
+        services.defineService(Authentication, IAuthenticationService)
+        services.provideService(Authentication, prinregistry)
+
+
+    def _make_principal(self, id=None, title=None):
+        p = prinregistry.definePrincipal(
+            id or 'APrincipal',
+            title or 'A Principal',
+            login = id or 'APrincipal')
+        return p.getId()
+
+    def testUnboundPrincipalPermission(self):
+        permission = permregistry.definePermission('APerm', 'title').getId()
+        principal = self._make_principal()
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+
+
+    def test_invalidPermission(self):
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToPrincipal,
+                          'permission', 'principal')
+        principal = self._make_principal()
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToPrincipal,
+                          'permission', principal)
+
+    def test_invalidPrincipal(self):
+        permission = permregistry.definePermission('APerm', 'title').getId()
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToPrincipal,
+                          permission, 'principal')
+        
+
+    def testPrincipalPermission(self):
+        permission = permregistry.definePermission('APerm', 'title').getId()
+        principal = self._make_principal()
+        # check that an allow permission is saved correctly
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+        # check that the allow permission is removed.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+        # now put a deny in there, check it's set.
+        manager.denyPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Deny)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Deny)])
+        # test for deny followed by allow . The latter should override.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+        # check that allow followed by allow is just a single allow.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+        # check that two unsets in a row quietly ignores the second one.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+        # check the result of getSetting() when it's empty.
+        self.assertEqual(manager.getSetting(permission, principal), Unset)
+        # check the result of getSetting() when it's allowed.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getSetting(permission, principal), Allow)
+        # check the result of getSetting() when it's denied.
+        manager.denyPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getSetting(permission, principal), Deny)
+
+    def testManyPermissionsOnePrincipal(self):
+        perm1 = permregistry.definePermission('Perm One', 'title').getId()
+        perm2 = permregistry.definePermission('Perm Two', 'title').getId()
+        prin1 = self._make_principal()
+        manager.grantPermissionToPrincipal(perm1, prin1)
+        manager.grantPermissionToPrincipal(perm2, prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+        manager.denyPermissionToPrincipal(perm2, prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Deny) in perms)
+        perms = manager.getPrincipalsAndPermissions()
+        self.failUnless((perm1,prin1,Allow) in perms)
+        self.failUnless((perm2,prin1,Deny) in perms)
+
+    def testManyPrincipalsOnePermission(self):
+        perm1 = permregistry.definePermission('Perm One', 'title').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        manager.grantPermissionToPrincipal(perm1, prin1)
+        manager.denyPermissionToPrincipal(perm1, prin2)
+        principals = manager.getPrincipalsForPermission(perm1)
+        self.assertEqual(len(principals), 2)
+        self.failUnless((prin1,Allow) in principals)
+        self.failUnless((prin2,Deny) in principals)
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_principalrolemanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_principalrolemanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,143 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for PrincipalRoleManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Authentication
+
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.products.securitypolicy.roleregistry \
+     import roleRegistry as rregistry
+from zope.app.security.registries.principalregistry \
+     import principalRegistry as pregistry
+from zope.products.securitypolicy.principalrole import principalRoleManager
+from zope.app.security.settings import Allow, Deny
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+
+        services.defineService('Roles', IRoleService)
+        services.provideService('Roles', rregistry)
+
+        services.defineService(Authentication, IAuthenticationService)
+        services.provideService(Authentication, pregistry)
+
+    def _make_principal(self, id=None, title=None):
+        p = pregistry.definePrincipal(
+            id or 'APrincipal',
+            title or 'A Principal',
+            login = id or 'APrincipal')
+        return p.getId()
+
+    def testUnboundPrincipalRole(self):
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [])
+
+    def testPrincipalRoleAllow(self):
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.assignRoleToPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [(principal, Allow)])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [(role, Allow)])
+
+    def testPrincipalRoleDeny(self):
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.removeRoleFromPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [(principal, Deny)])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [(role, Deny)])
+
+    def testPrincipalRoleUnset(self):
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        principal = self._make_principal()
+        principalRoleManager.removeRoleFromPrincipal(role, principal)
+        principalRoleManager.unsetRoleForPrincipal(role, principal)
+        self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
+                         [])
+        self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
+                         [])
+
+
+    def test_invalidPrincipal(self):
+        self.assertRaises(ValueError,
+                          principalRoleManager.assignRoleToPrincipal,
+                          'role1', 'prin1')
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        self.assertRaises(ValueError,
+                          principalRoleManager.assignRoleToPrincipal,
+                          role1, 'prin1')
+
+    def test_invalidRole(self):
+        prin1 = self._make_principal()
+        self.assertRaises(ValueError,
+                          principalRoleManager.assignRoleToPrincipal,
+                          'role1', prin1)
+        
+
+    def testManyRolesOnePrincipal(self):
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+        prin1 = self._make_principal()
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role2, prin1)
+        roles = principalRoleManager.getRolesForPrincipal(prin1)
+        self.assertEqual(len(roles), 2)
+        self.failUnless((role1, Allow) in roles)
+        self.failUnless((role2, Allow) in roles)
+
+    def testManyPrincipalsOneRole(self):
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role1, prin2)
+        principals = principalRoleManager.getPrincipalsForRole(role1)
+        self.assertEqual(len(principals), 2)
+        self.failUnless((prin1, Allow) in principals)
+        self.failUnless((prin2, Allow) in principals)
+
+    def testPrincipalsAndRoles(self):
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+        prin1 = self._make_principal()
+        prin2 = self._make_principal('Principal 2', 'Principal Two')
+        principalRoleManager.assignRoleToPrincipal(role1, prin1)
+        principalRoleManager.assignRoleToPrincipal(role1, prin2)
+        principalRoleManager.assignRoleToPrincipal(role2, prin1)
+        principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
+        self.assertEqual(len(principalsAndRoles), 3)
+        self.failUnless((role1, prin1, Allow) in principalsAndRoles)
+        self.failUnless((role1, prin2, Allow) in principalsAndRoles)
+        self.failUnless((role2, prin1, Allow) in principalsAndRoles)
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_rolecontents.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_rolecontents.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,53 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+
+$Id$
+"""
+
+import unittest
+
+from zope.interface import Interface, implements
+from zope.products.securitypolicy.browser import Contents
+from zope.products.securitypolicy.role import RoleService
+from zope.app.browser.container.tests.test_contents \
+     import BaseTestContentsBrowserView, Principal
+from zope.app.content.folder import rootFolder
+from zope.app.container.contained import contained
+
+class IDummy(Interface):
+    pass
+
+class Dummy:
+    implements(IDummy)
+
+class Test(BaseTestContentsBrowserView, unittest.TestCase):
+
+    def _TestView__newContext(self):
+        root = rootFolder()
+        container = RoleService()
+        return contained(container, root, name='sample')
+
+    def _TestView__newView(self, container):
+        from zope.publisher.browser import TestRequest
+        request = TestRequest()
+        request.setUser(Principal())
+        return Contents(container, request)
+
+def test_suite():
+    loader = unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.main()


=== Zope3/src/zope/products/securitypolicy/tests/test_rolepermissionmanager.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_rolepermissionmanager.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,121 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test handler for RolePermissionManager module."""
+
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions
+
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+
+from zope.app.security.registries.permissionregistry \
+        import permissionRegistry as pregistry
+from zope.products.securitypolicy.roleregistry \
+        import roleRegistry as rregistry
+from zope.products.securitypolicy.rolepermission \
+        import rolePermissionManager as manager
+from zope.app.security.settings import Allow, Deny
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+
+        services.defineService(Permissions, IPermissionService)
+        services.provideService(Permissions, pregistry)
+
+        services.defineService("Roles", IRoleService)
+        services.provideService("Roles", rregistry)
+
+    def testUnboundRolePermission(self):
+        permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        self.assertEqual(manager.getRolesForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForRole(role), [])
+
+    def testRolePermission(self):
+        permission = pregistry.definePermission('APerm', 'aPerm title').getId()
+        role = rregistry.defineRole('ARole', 'A Role').getId()
+        manager.grantPermissionToRole(permission, role)
+        self.assertEqual(manager.getRolesForPermission(permission),
+                                                        [(role,Allow)])
+        self.assertEqual(manager.getPermissionsForRole(role),
+                                                    [(permission,Allow)])
+
+    def testManyPermissionsOneRole(self):
+        perm1 = pregistry.definePermission('Perm One', 'P1').getId()
+        perm2 = pregistry.definePermission('Perm Two', 'P2').getId()
+        perm3 = pregistry.definePermission('Perm Three', 'P3').getId()
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        perms = manager.getPermissionsForRole(role1)
+        self.assertEqual(len(perms), 0)
+        manager.grantPermissionToRole(perm1, role1)
+        manager.grantPermissionToRole(perm2, role1)
+        manager.grantPermissionToRole(perm2, role1)
+        manager.denyPermissionToRole(perm3, role1)
+        perms = manager.getPermissionsForRole(role1)
+        self.assertEqual(len(perms), 3)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+        self.failUnless((perm3,Deny) in perms)
+        manager.unsetPermissionFromRole(perm1, role1)
+        perms = manager.getPermissionsForRole(role1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm2,Allow) in perms)
+
+    def testManyRolesOnePermission(self):
+        perm1 = pregistry.definePermission('Perm One', 'title').getId()
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        role2 = rregistry.defineRole('Role Two', 'Role #2').getId()
+        roles = manager.getRolesForPermission(perm1)
+        self.assertEqual(len(roles), 0)
+        manager.grantPermissionToRole(perm1, role1)
+        manager.grantPermissionToRole(perm1, role2)
+        manager.grantPermissionToRole(perm1, role2)
+        manager.denyPermissionToRole(perm1, role1)
+        roles = manager.getRolesForPermission(perm1)
+        self.assertEqual(len(roles), 2)
+        self.failIf((role1,Allow) in roles)
+        self.failUnless((role1,Deny) in roles)
+        self.failUnless((role2,Allow) in roles)
+        manager.unsetPermissionFromRole(perm1, role1)
+        roles = manager.getRolesForPermission(perm1)
+        self.assertEqual(len(roles), 1)
+        self.failUnless((role2,Allow) in roles)
+
+    def test_invalidRole(self):
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToRole, 'perm1', 'role1'
+                          )
+        perm1 = pregistry.definePermission('Perm One', 'title').getId()
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToRole, perm1, 'role1'
+                          )
+
+    def test_invalidPerm(self):
+        role1 = rregistry.defineRole('Role One', 'Role #1').getId()
+        self.assertRaises(ValueError,
+                          manager.grantPermissionToRole, 'perm1', role1
+                          )
+        
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_roleregistry.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:05 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_roleregistry.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,62 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+""" Test handler for 'defineRole' directive """
+
+import unittest
+
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.interfaces import IRole
+from zope.interface.verify import verifyObject
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+class Test(CleanUp, unittest.TestCase):
+
+    def testEmptyRoles(self):
+        self.assertEqual(None, roleRegistry.getRole('Foo'))
+        self.failIf(roleRegistry.definedRole('Foo'))
+
+    def testRoleIsAnIRole(self):
+        r = roleRegistry.defineRole('Foo', 'Foo role')
+        role = roleRegistry.getRole(r.getId())
+        self.assertEqual(verifyObject(IRole, role), 1)
+
+    def testDefineRole(self):
+        role = roleRegistry.defineRole('Foo', 'foo role')
+        self.failUnless(verifyObject(IRole, role))
+        self.failUnless(roleRegistry.definedRole(role.getId()))
+        role = roleRegistry.getRole(role.getId())
+        self.assertEquals(role.getTitle(), 'foo role')
+
+    def testDefineRoleWithTitle(self):
+        eq = self.assertEqual
+        r = roleRegistry.defineRole('Foo', 'Foo-able')
+        role = roleRegistry.getRole(r.getId())
+        eq(role.getTitle(), 'Foo-able')
+        eq(role.getDescription(), '')
+
+    def testDefineRoleWithTitleAndDescription(self):
+        eq = self.assertEqual
+        r = roleRegistry.defineRole('Foo', 'Foo-able', 'A foo-worthy role')
+        role = roleRegistry.getRole(r.getId())
+        eq(role.getTitle(), 'Foo-able')
+        eq(role.getDescription(), 'A foo-worthy role')
+
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_roleservice.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_roleservice.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,89 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Test the Role service.
+
+$Id$
+"""
+
+from unittest import TestCase, TestLoader, TextTestRunner
+from zope.app.tests import setup
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.component import getServiceManager
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.role import RoleService
+from zope.products.securitypolicy.role import Role
+
+class RoleServiceTests(PlacefulSetup, TestCase):
+
+    def _Test__new(self):
+        return RoleService()
+
+    def setUp(self):
+        sm = PlacefulSetup.setUp(self, site=True)
+
+        root_sm = getServiceManager(None)
+
+        root_sm.defineService("Roles", IRoleService)
+        self.roleRegistry = roleRegistry
+        root_sm.provideService("Roles", roleRegistry)
+
+        self.rs = setup.addService(sm, 'Roles', RoleService())
+
+    def testGetRole(self):
+        self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
+
+        r = Role("zope.Hacker","","")
+        self.rs["zope.Hacker"] = r
+        self.assertEqual(self.rs.getRole('zope.Hacker').getId(), 'zope.Hacker')
+        self.assertEqual(self.rs.getRole('zope.Manager').getId(),
+                         'zope.Manager')
+
+        roles = [role.getId() for role in self.rs.getRoles()]
+        roles.sort()
+
+        self.assertEqual(roles,
+                         ['zope.Anonymous', 'zope.Hacker', 'zope.Manager'])
+
+    def testGetRoleFromLayeredServices(self):
+        self.roleRegistry.defineRole('zope.Manager', 'Manager', '')
+
+        r = Role("zope.Hacker","","")
+        self.rs["zope.Hacker"] = r
+
+        sm1 = self.makeSite('folder1')
+        rs1 = setup.addService(sm1, 'Roles', RoleService())
+
+        r1 = Role("zope.Reviewer",'','')
+        rs1["zope.Reviewer"] = r1
+
+        self.assertEqual(rs1.getRole('zope.Hacker').getId(), 'zope.Hacker')
+        self.assertEqual(rs1.getRole('zope.Manager').getId(), 'zope.Manager')
+        self.assertEqual(rs1.getRole('zope.Reviewer').getId(), 'zope.Reviewer')
+
+        roles = [role.getId() for role in rs1.getRoles()]
+        roles.sort()
+
+        self.assertEqual(
+            roles,
+            ['zope.Anonymous', 'zope.Hacker', 'zope.Manager','zope.Reviewer'])
+
+
+
+def test_suite():
+    loader=TestLoader()
+    return loader.loadTestsFromTestCase(RoleServiceTests)
+
+if __name__=='__main__':
+    TextTestRunner().run(test_suite())


=== Zope3/src/zope/products/securitypolicy/tests/test_securitydirectives.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_securitydirectives.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,127 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Security Directives Tests
+
+$Id$
+"""
+import unittest
+
+from zope.component.service import serviceManager as services
+from zope.app.services.servicenames import Permissions, Authentication
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.configuration.config import ConfigurationConflictError
+from zope.configuration import xmlconfig
+
+from zope.testing.cleanup import CleanUp # Base class w registry cleanup
+
+import zope.products.securitypolicy.tests
+import zope.products.securitypolicy.tests
+from zope.app.security.settings import Allow
+from zope.app.security.registries.principalregistry import principalRegistry
+from zope.app.security.registries.permissionregistry \
+        import permissionRegistry as pregistry
+from zope.products.securitypolicy.roleregistry import roleRegistry as rregistry
+from zope.products.securitypolicy.rolepermission \
+        import rolePermissionManager as role_perm_mgr
+from zope.products.securitypolicy.principalpermission \
+    import principalPermissionManager as principal_perm_mgr
+from zope.products.securitypolicy.principalrole \
+    import principalRoleManager as principal_role_mgr
+
+
+class TestBase(CleanUp):
+
+    def setUp(self):
+        CleanUp.setUp(self)
+    
+        services.defineService(Permissions, IPermissionService)
+        services.provideService(Permissions, pregistry)
+    
+        services.defineService("Roles", IRoleService)
+        services.provideService("Roles", rregistry)
+    
+        services.defineService(Authentication, IAuthenticationService)
+        services.provideService(Authentication, principalRegistry)
+
+
+class TestRoleDirective(TestBase, unittest.TestCase):
+
+    def testRegister(self):
+        context = xmlconfig.file("role.zcml",
+                                 zope.products.securitypolicy.tests)
+
+        role = rregistry.getRole("zope.Everyperson")
+        self.failUnless(role.getId().endswith('Everyperson'))
+        self.assertEqual(role.getTitle(), 'Tout le monde')
+        self.assertEqual(role.getDescription(),
+                         'The common man, woman, person, or thing')
+
+    def testDuplicationRegistration(self):
+        self.assertRaises(ConfigurationConflictError, xmlconfig.file,
+                          "role_duplicate.zcml",
+                          zope.products.securitypolicy.tests)
+
+
+class TestSecurityMapping(TestBase, unittest.TestCase):
+
+    def setUp(self):
+        TestBase.setUp(self)
+        pregistry.definePermission("zope.Foo", '', '')
+        rregistry.defineRole("zope.Bar", '', '')
+        principalRegistry.definePrincipal("zope.Blah", '', '')
+        self.context = xmlconfig.file("mapping.zcml",
+                                      zope.products.securitypolicy.tests)
+
+    def test_PermRoleMap(self):
+        roles = role_perm_mgr.getRolesForPermission("zope.Foo")
+        perms = role_perm_mgr.getPermissionsForRole("zope.Bar")
+
+        self.assertEqual(len(roles), 1)
+        self.failUnless(("zope.Bar",Allow) in roles)
+
+        self.assertEqual(len(perms), 1)
+        self.failUnless(("zope.Foo",Allow) in perms)
+
+    def test_PermPrincipalMap(self):
+        principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
+        perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")
+
+        self.assertEqual(len(principals), 1)
+        self.failUnless(("zope.Blah", Allow) in principals)
+
+        self.assertEqual(len(perms), 1)
+        self.failUnless(("zope.Foo", Allow) in perms)
+
+    def test_RolePrincipalMap(self):
+        principals = principal_role_mgr.getPrincipalsForRole("zope.Bar")
+        roles = principal_role_mgr.getRolesForPrincipal("zope.Blah")
+
+        self.assertEqual(len(principals), 1)
+        self.failUnless(("zope.Blah", Allow) in principals)
+
+        self.assertEqual(len(roles), 1)
+        self.failUnless(("zope.Bar", Allow) in roles)
+
+
+def test_suite():
+    return unittest.TestSuite((
+        unittest.makeSuite(TestRoleDirective),
+        unittest.makeSuite(TestSecurityMapping),
+        ))
+
+if __name__ == '__main__':
+    unittest.main()


=== Zope3/src/zope/products/securitypolicy/tests/test_securitymap.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_securitymap.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,39 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+#############################################################################
+import unittest
+from zope.interface.verify import verifyClass
+from zope.products.securitypolicy.interfaces import ISecurityMap
+from zope.products.securitypolicy.securitymap import SecurityMap
+from zope.products.securitypolicy.securitymap import PersistentSecurityMap
+
+class TestSecurityMap(unittest.TestCase):
+
+    def testInterface(self):
+        verifyClass(ISecurityMap, SecurityMap)
+
+    # XXX Test the map. Grrrrr.
+
+class TestPersistentSecurityMap(TestSecurityMap):
+
+    def testInterface(self):
+        verifyClass(ISecurityMap, PersistentSecurityMap)
+
+    # XXX test persistence...
+
+
+def test_suite():
+    return unittest.TestSuite((
+        unittest.makeSuite(TestSecurityMap),
+        unittest.makeSuite(TestPersistentSecurityMap),
+        ))


=== Zope3/src/zope/products/securitypolicy/tests/test_zopepolicy.py 1.1 => 1.2 ===
--- /dev/null	Wed Jan 14 17:56:06 2004
+++ Zope3/src/zope/products/securitypolicy/tests/test_zopepolicy.py	Wed Jan 14 17:55:35 2004
@@ -0,0 +1,342 @@
+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Tests the standard zope policy.
+
+$Id$
+"""
+
+import unittest
+
+from zope.app.tests import ztapi
+from zope.component.service import serviceManager as services
+from zope.interface import implements
+
+from zope.app.interfaces.security import IPermissionService
+from zope.products.securitypolicy.interfaces import IRoleService
+from zope.app.interfaces.security import IAuthenticationService
+
+from zope.component import getService
+from zope.app.services.servicenames import Permissions, Adapters
+from zope.app.services.servicenames import Authentication
+from zope.products.securitypolicy.interfaces import IRolePermissionManager
+from zope.app.security.registries.permissionregistry import permissionRegistry
+from zope.app.security.registries.principalregistry import principalRegistry
+from zope.app.security.registries.principalregistry import PrincipalBase
+from zope.products.securitypolicy.roleregistry import roleRegistry
+from zope.products.securitypolicy.principalpermission \
+     import principalPermissionManager
+from zope.products.securitypolicy.rolepermission import rolePermissionManager
+from zope.products.securitypolicy.principalrole import principalRoleManager
+from zope.products.securitypolicy.principalpermission \
+    import AnnotationPrincipalPermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalPermissionManager
+from zope.products.securitypolicy.principalrole \
+     import AnnotationPrincipalRoleManager
+from zope.products.securitypolicy.rolepermission \
+    import AnnotationRolePermissionManager
+from zope.products.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.app.interfaces.annotation import IAttributeAnnotatable
+from zope.app.interfaces.annotation import IAnnotations
+from zope.app.attributeannotations import AttributeAnnotations
+from zope.app.services.tests.placefulsetup import PlacefulSetup
+from zope.products.securitypolicy.zopepolicy import permissionsOfPrincipal
+
+class Context:
+    def __init__(self, user, stack=[]):
+        self.user, self.stack = user, stack
+
+class Unprotected:
+    pass
+
+class Principal(PrincipalBase):
+    pass
+
+
+class Test(PlacefulSetup, unittest.TestCase):
+
+    def setUp(self):
+        PlacefulSetup.setUp(self)
+
+
+        services.defineService(Permissions, IPermissionService)
+        services.provideService(Permissions, permissionRegistry)
+
+        services.defineService("Roles", IRoleService)
+        services.provideService("Roles", roleRegistry)
+
+        services.defineService(Authentication, IAuthenticationService)
+        services.provideService(Authentication, principalRegistry)
+
+
+
+        ztapi.provideAdapter(
+            IAttributeAnnotatable, IAnnotations,
+            AttributeAnnotations)
+
+        # set up some principals
+        self.jim = principalRegistry.definePrincipal('jim', 'Jim', 'Jim Fulton',
+                                                     'jim', '123')
+
+        self.tim = principalRegistry.definePrincipal('tim', 'Tim', 'Tim Peters',
+                                                     'tim', '456')
+
+        self.unknown = principalRegistry.defineDefaultPrincipal('unknown',
+                    'Unknown', 'Nothing is known about this principal')
+
+        # set up some permissions
+        read = permissionRegistry.definePermission('read', 'Read',
+                                                   'Read something')
+        self.read = read.getId()
+        write = permissionRegistry.definePermission('write', 'Write',
+                                                    'Write something')
+        self.write = write.getId()
+        create = permissionRegistry.definePermission('create', 'Create',
+                                                     'Create something')
+        self.create = create.getId()
+        update = permissionRegistry.definePermission('update', 'Update',
+                                                     'Update something')
+        self.update = update.getId()
+
+        # ... and some roles...
+        peon = roleRegistry.defineRole('Peon', 'Site Peon')
+        self.peon = peon.getId()
+
+        manager = roleRegistry.defineRole('Manager', 'Site Manager')
+        self.manager = manager.getId()
+
+        arole = roleRegistry.defineRole('Another', 'Another Role')
+        self.arole = arole.getId()
+
+        # grant and deny some permissions to a principal
+        principalPermissionManager.grantPermissionToPrincipal(self.create,
+                                                              self.jim.getId())
+        principalPermissionManager.denyPermissionToPrincipal(self.update,
+                                                             self.jim.getId())
+
+        # grant and deny some permissions to the roles
+        rolePermissionManager.grantPermissionToRole(self.read, self.peon)
+
+        rolePermissionManager.grantPermissionToRole(self.read, self.manager)
+        rolePermissionManager.grantPermissionToRole(self.write, self.manager)
+
+        # ... and assign roles to principals
+        principalRoleManager.assignRoleToPrincipal(self.peon, self.jim.getId())
+        principalRoleManager.assignRoleToPrincipal(self.manager,
+                                                   self.tim.getId())
+
+        self.policy = self._makePolicy()
+
+    def _makePolicy(self):
+
+        from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
+        return ZopeSecurityPolicy()
+
+    def __assertPermissions(self, user, expected, object=None):
+        permissions = list(permissionsOfPrincipal(user, object))
+        permissions.sort()
+        self.assertEqual(permissions, expected)
+
+    def testImport(self):
+        from zope.products.securitypolicy.zopepolicy import ZopeSecurityPolicy
+
+    def testGlobalCheckPermission(self):
+        self.failUnless(
+            self.policy.checkPermission(self.read, None, Context(self.jim)))
+        self.failUnless(
+            self.policy.checkPermission(self.read, None, Context(self.tim)))
+        self.failUnless(
+            self.policy.checkPermission(self.write, None, Context(self.tim)))
+
+        self.failIf(self.policy.checkPermission(
+            self.read, None, Context(self.unknown)))
+        self.failIf(self.policy.checkPermission(
+            self.write, None, Context(self.unknown)))
+
+        self.failIf(
+            self.policy.checkPermission(
+            self.read, None, Context(self.unknown)))
+
+        self.__assertPermissions(self.jim, ['create', 'read'])
+        self.__assertPermissions(self.tim, ['read', 'write'])
+        self.__assertPermissions(self.unknown, [])
+
+        rolePermissionManager.grantPermissionToRole(
+            self.read, 'zope.Anonymous')
+
+        self.failUnless(
+            self.policy.checkPermission(
+            self.read, None, Context(self.unknown)))
+
+        self.__assertPermissions(self.unknown, ['read'])
+
+        principalPermissionManager.grantPermissionToPrincipal(
+            self.write, self.jim.getId())
+        self.failUnless(
+            self.policy.checkPermission(self.write, None, Context(self.jim)))
+
+        self.__assertPermissions(self.jim, ['create', 'read', 'write'])
+
+    def testPlaylessPrincipalRole(self):
+        self.failIf(self.policy.checkPermission(
+            self.write, None, Context(self.jim)))
+        principalRoleManager.assignRoleToPrincipal(
+            self.manager, self.jim.getId())
+        self.failUnless(self.policy.checkPermission(
+            self.write, None, Context(self.jim)))
+        principalRoleManager.removeRoleFromPrincipal(
+            self.manager, self.jim.getId())
+        self.failIf(self.policy.checkPermission(
+            self.write, None, Context(self.jim)))
+
+    def testPlayfulPrincipalRole(self):
+        ztapi.provideAdapter(
+            ITest,
+            IPrincipalRoleManager, AnnotationPrincipalRoleManager)
+
+        ob1 = TestClass()
+        ob2 = TestClass(); ob2.__parent__ = ob1
+        ob3 = TestClass(); ob3.__parent__ = ob2
+
+        self.failIf(self.policy.checkPermission(
+            self.write, ob3, Context(self.jim)))
+        AnnotationPrincipalRoleManager(ob3).assignRoleToPrincipal(
+            self.manager, self.jim.getId())
+        self.failUnless(self.policy.checkPermission(
+            self.write, ob3, Context(self.jim)))
+        AnnotationPrincipalRoleManager(ob3).removeRoleFromPrincipal(
+            self.manager, self.jim.getId())
+        self.failIf(self.policy.checkPermission(
+            self.write, ob3, Context(self.jim)))
+
+    def testPlayfulRolePermissions(self):
+
+        ARPM = AnnotationRolePermissionManager
+        ztapi.provideAdapter(ITest,
+                            IRolePermissionManager, ARPM)
+        test = permissionRegistry.definePermission('test', 'Test', '')
+        test = test.getId()
+
+        ob1 = TestClass()
+        ob2 = TestClass(); ob2.__parent__ = ob1
+        ob3 = TestClass(); ob3.__parent__ = ob2
+
+        self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
+        self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+        ARPM(ob2).grantPermissionToRole(test, self.manager)
+        self.failUnless(self.policy.checkPermission(test, ob3,
+                                                    Context(self.tim)))
+        self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+
+        self.failIf(self.policy.checkPermission(test, ob3, Context(self.jim)))
+        self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+
+        ARPM(ob3).grantPermissionToRole(test, self.peon)
+        self.failUnless(self.policy.checkPermission(
+            test, ob3, Context(self.jim)))
+        self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
+
+
+
+        principalPermissionManager.denyPermissionToPrincipal(
+            test, self.jim.getId())
+        self.failIf(self.policy.checkPermission(
+            test, ob3, Context(self.jim)))
+        self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+        principalPermissionManager.unsetPermissionForPrincipal(
+            test, self.jim.getId())
+
+        # Make sure multiple conflicting role permissions resolve correctly
+        ARPM(ob2).grantPermissionToRole(test, 'zope.Anonymous')
+        ARPM(ob2).grantPermissionToRole(test, self.arole)
+        ARPM(ob3).denyPermissionToRole(test, self.peon)
+
+        new = principalRegistry.definePrincipal('new', 'Newbie',
+                                                'Newbie User', 'new', '098')
+        principalRoleManager.assignRoleToPrincipal(self.arole, new.getId())
+        self.failUnless(self.policy.checkPermission(test, ob3, Context(new)))
+        self.__assertPermissions(new, ['test'], ob3)
+
+        principalRoleManager.assignRoleToPrincipal(self.peon, new.getId())
+        self.failIf(self.policy.checkPermission(test, ob3, Context(new)))
+        self.__assertPermissions(new, ['read'], ob3)
+
+    def testPlayfulPrinciplePermissions(self):
+        APPM = AnnotationPrincipalPermissionManager
+        ztapi.provideAdapter(ITest,
+                       IPrincipalPermissionManager, APPM)
+
+        ob1 = TestClass()
+        ob2 = TestClass(); ob2.__parent__ = ob1
+        ob3 = TestClass(); ob3.__parent__ = ob2
+
+        test = permissionRegistry.definePermission('test', 'Test', '')
+        test = test.getId()
+
+        self.failIf(self.policy.checkPermission(test, ob3, Context(self.tim)))
+
+        self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+        APPM(ob2).grantPermissionToPrincipal(test, self.tim.getId())
+        self.failUnless(self.policy.checkPermission(test, ob3,
+                                                    Context(self.tim)))
+        self.__assertPermissions(self.tim, ['read', 'test', 'write'], ob3)
+
+        APPM(ob3).denyPermissionToPrincipal(test, self.tim.getId())
+        self.failIf(self.policy.checkPermission(test, ob3,
+                                                Context(self.tim)))
+        self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+        APPM(ob1).denyPermissionToPrincipal(test, self.jim.getId())
+        APPM(ob3).grantPermissionToPrincipal(test, self.jim.getId())
+        self.failUnless(self.policy.checkPermission(test, ob3,
+                                                    Context(self.jim)))
+        self.__assertPermissions(self.jim, ['create', 'read', 'test'], ob3)
+
+
+        APPM(ob3).unsetPermissionForPrincipal(test, self.jim.getId())
+        self.failIf(self.policy.checkPermission(test, ob3,
+                                                Context(self.jim)))
+        self.__assertPermissions(self.jim, ['create', 'read'], ob3)
+
+        # make sure placeless principal permissions override placeful ones
+        APPM(ob3).grantPermissionToPrincipal(test, self.tim.getId())
+        principalPermissionManager.denyPermissionToPrincipal(
+            test, self.tim.getId())
+        self.failIf(self.policy.checkPermission(test, ob3,
+                                                Context(self.tim)))
+
+        self.__assertPermissions(self.tim, ['read', 'write'], ob3)
+
+
+class ITest(IAttributeAnnotatable):
+    pass
+
+class TestClass:
+    implements(ITest)
+
+    __parent__ = None
+
+    def __init__(self):
+        self._roles       = { 'test' : {} }
+        self._permissions = { 'Manager' : {} , 'Peon' : {} }
+
+def test_suite():
+    loader=unittest.TestLoader()
+    return loader.loadTestsFromTestCase(Test)
+
+if __name__=='__main__':
+    unittest.TextTestRunner().run(test_suite())




More information about the Zope3-Checkins mailing list