[Checkins] SVN: zmi.core/trunk/src/zmi/core/container/tests/test_view_permissions.py Backport a change on zope.app.container.

Yusei Tahara yusei at domen.cx
Thu Nov 26 10:40:19 EST 2009 

Log message for revision 106033:
  Backport a change on zope.app.container.
  

Changed:
  A   zmi.core/trunk/src/zmi/core/container/tests/test_view_permissions.py

-=-
Added: zmi.core/trunk/src/zmi/core/container/tests/test_view_permissions.py
===================================================================
--- zmi.core/trunk/src/zmi/core/container/tests/test_view_permissions.py	                        (rev 0)
+++ zmi.core/trunk/src/zmi/core/container/tests/test_view_permissions.py	2009-11-26 15:40:19 UTC (rev 106033)
@@ -0,0 +1,103 @@
+##############################################################################
+#
+# Copyright (c) 2004 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Container View Permissions Tests
+
+$Id: test_view_permissions.py 106029 2009-11-26 14:31:39Z yusei $
+"""
+import unittest
+import transaction
+
+from zope.security.interfaces import Unauthorized
+
+from zope.app.testing.functional import BrowserTestCase
+from zope.app.file import File
+from zope.dublincore.interfaces import IZopeDublinCore
+from zope.securitypolicy.interfaces import IRolePermissionManager
+from zope.app.container.testing import AppContainerLayer
+
+class Tests(BrowserTestCase):
+
+    def test_default_view_permissions(self):
+        """Tests the default view permissions.
+
+        See zope/app/securitypolicy/configure.zcml for the grants of
+        zope.View and zope.app.dublincore.view to zope.Anonymous. These
+        ensure that, by default, anonymous users can view container contents.
+        """
+        # add an item that can be viewed from the root folder
+        file = File()
+        self.getRootFolder()['file'] = file
+        IZopeDublinCore(file).title = u'My File'
+        transaction.commit()
+
+        response = self.publish('/')
+        self.assertEquals(response.getStatus(), 200)
+        body = response.getBody()
+
+        # confirm we can see the file name
+        self.assert_(body.find('<a href="file">file</a>') != -1)
+
+        # confirm we can see the metadata title
+        self.assert_(body.find('<td><span>My File</span></td>') != -1)
+
+    def test_deny_view(self):
+        """Tests the denial of view permissions to anonymous.
+
+        This test uses the ZMI interface to deny anonymous zope.View permission
+        to the root folder.
+        """
+        # deny zope.View to zope.Anonymous
+        prm = IRolePermissionManager(self.getRootFolder())
+        prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
+        transaction.commit()
+
+        # confirm Unauthorized when viewing root folder
+        self.assertRaises(Unauthorized, self.publish, '/')
+
+    def test_deny_dublincore_view(self):
+        """Tests the denial of dublincore view permissions to anonymous.
+
+        Users who can view a folder contents page but cannot view dublin core
+        should still be able to see the folder items' names, but not their
+        title, modified, and created info.
+        """
+        # add an item that can be viewed from the root folder
+        file = File()
+        self.getRootFolder()['file'] = file
+        IZopeDublinCore(file).title = u'My File'
+
+        # deny zope.app.dublincore.view to zope.Anonymous
+        prm = IRolePermissionManager(self.getRootFolder())
+        prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
+        transaction.commit()
+
+        response = self.publish('/')
+        self.assertEquals(response.getStatus(), 200)
+        body = response.getBody()
+
+        # confirm we can see the file name
+        self.assert_(body.find('<a href="file">file</a>') != -1)
+
+        # confirm we *cannot* see the metadata title
+        self.assert_(body.find('My File') == -1)
+
+
+def test_suite():
+    suite = unittest.TestSuite()
+    Tests.layer = AppContainerLayer
+    suite.addTest(unittest.makeSuite(Tests))
+    return suite
+
+if __name__=='__main__':
+    unittest.main(defaultTest='test_suite')

More information about the checkins mailing list