[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
Added some more tests for coverage
Daniel Blackburn
blackburnd at gmail.com
Fri Feb 22 10:23:10 EST 2008
Log message for revision 84142:
Added some more tests for coverage
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/README.txt
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-02-22 15:22:45 UTC (rev 84141)
+++ z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-02-22 15:23:09 UTC (rev 84142)
@@ -42,6 +42,286 @@
roles, groups or specifically assigned will be displayed.
+ >>> import zope
+ >>> from zope.app import zapi
+ >>> from pprint import pprint
+
+ >>> from z3c.securitytool.interfaces import ISecurityChecker
+ >>> from z3c.securitytool.interfaces import IPrincipalDetails
+ >>> from z3c.securitytool.interfaces import IPermissionDetails
+
+
+ >>> root = getRootFolder()
+
+Lets make sure the items were added with demoSetup.py
+ >>> sorted(root.keys())
+ [u'Folder1']
+
+ >>> folder1 = ISecurityChecker(root['Folder1'])
+
+We can see that the permissions for zope.interface.Interface should
+return an empty set.
+ >>> folder1.getPermissionSettingsForAllViews(zope.interface.Interface)
+ [{}, {}, set([])]
+
+
+ >>> from zope.interface import providedBy
+ >>> ifaces = tuple(providedBy(folder1))
+ >>> permDetails = folder1.getPermissionSettingsForAllViews(ifaces)
+ >>> pprint(permDetails)
+ [{'zope.anybody': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.daniel': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.globalmgr': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.markus': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.martin': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.mgr': {u'absolute_url': 'Allow', u'<i>no name</i>': 'Allow'},
+ 'zope.randy': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.sample_manager': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.stephan': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'}},
+ {u'<i>no name</i>': 'zope.Public',
+ u'DELETE': 'zope.Public',
+ u'OPTIONS': 'zope.Public',
+ u'PUT': 'zope.Public',
+ u'absolute_url': 'zope.Public'},
+ set(['zope.Public'])]
+
+
+Following are the helper functions used within the securitytool, These
+contain a set of common functionality that is used in many places.
+
+Lets see if the `hasPermissionSetting` method returns True if there is
+a permission or role and False if there is not.
+ >>> from z3c.securitytool.securitytool import *
+ >>> hasPermissionSetting({'permissions':'Allow'})
+ True
+
+We need to make some dummy objects to test the `hasPermissionSetting` method
+ >>> emptySettings = {'permissions': [],
+ ... 'roles': {},
+ ... 'groups': {}}
+
+ >>> fullSettings = {'permissions': 'Allow',
+ ... 'roles': {},
+ ... 'groups': {}}
+
+We also need to make sure the recursive functionality works for this method
+ >>> hasPermissionSetting({'permissions':{},'roles':{},
+ ... 'groups':{'group1':emptySettings,
+ ... 'group2':fullSettings}})
+ True
+
+
+ >>> from zope.securitypolicy.interfaces import Allow, Unset, Deny
+
+
+ >>> prinPermMap = ({'principal':'daniel',
+ ... 'permission':'takeOverTheWORLD',
+ ... 'setting': Allow})
+
+ >>> rolePermMap = ({'role':'Janitor',
+ ... 'permission':'takeOverTheWORLD',
+ ... 'setting': Allow})
+
+ >>> prinRoleMap = ({'principal':'daniel',
+ ... 'role':'Janitor',
+ ... 'setting': Allow})
+
+
+Lets test the method with our new dummy data
+ >>> principalDirectlyProvidesPermission([prinPermMap],'daniel',
+ ... 'takeOverTheWORLD')
+ 'Allow'
+
+And we also need to test the roleProvidesPermission
+ >>> roleProvidesPermission([rolePermMap], 'Janitor', 'takeOverTheWORLD')
+ 'Allow'
+
+And we also need to test the roleProvidesPermission
+ >>> principalRoleProvidesPermission([prinRoleMap],
+ ... [rolePermMap],
+ ... 'daniel',
+ ... 'takeOverTheWORLD')
+ ('Janitor', 'Allow')
+
+See janitors CAN take over the world!!!!!
+
+
+And of course the rendered name to display on the page template
+If we do not receive a name that means we are on the root level.
+ >>> renderedName(None)
+ u'Root Folder'
+
+ >>> renderedName('Daniel')
+ 'Daniel'
+
+
+
+ >>> folder1.populatePermissionMatrix('takeOverTheWORLD',[prinPermMap])
+
+
+Now we test the meat of the SecurityChecker Class
+
+
+ >>> settings = {'principalPermissions': [prinPermMap],
+ ... 'rolePermissions' : [rolePermMap],
+ ... 'principalRoles' : [prinRoleMap]}
+
+
+ >>> permDetails = PermissionDetails(folder1)
+
+ permDetails(daniel, 'takeOverTheWorld',IBrowserRequest)
+ {'groups': {},
+ 'roles': {'Janitor': [{'setting': 'Allow', 'name': 'viewName'}]},
+ 'permissions': [{'setting': 'Allow', 'name': 'viewName'}]}
+
+
+Here we will test with the principal that was populated earlier.
+ >>> prinDetails = PrincipalDetails(root[u'Folder1'])
+ >>> pprint(prinDetails('zope.daniel') )
+ {'groups': {},
+ 'permissionTree': [{u'Folder1_2': {'name': None,
+ 'parentList': [u'Folder1',
+ 'Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.DeleteIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow}]}},
+ {'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.DeleteArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny}]}}],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.ReadIssue',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.DeleteIssue',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.DeleteArticle',
+ 'setting': PermissionSetting: Deny}],
+ 'roleTree': [{u'Folder1_2': {'name': None,
+ 'parentList': [u'Folder1', 'Root Folder'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Writer',
+ 'setting': PermissionSetting: Allow}]}},
+ {'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Writer',
+ 'setting': PermissionSetting: Allow},
+ {'principal': 'zope.daniel',
+ 'role': 'zope.Editor',
+ 'setting': PermissionSetting: Allow}]}},
+ {'global settings': {'name': None,
+ 'parentList': ['global settings'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Janitor',
+ 'setting': PermissionSetting: Allow}]}}],
+ 'roles': {'zope.Editor': [{'permission': 'concord.CreateIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.DeleteArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.PublishIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.DeleteIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.CreateArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.ReadIssue',
+ 'setting': 'Allow'}],
+ 'zope.Janitor': [{'permission': 'concord.ReadIssue',
+ 'setting': 'Allow'}],
+ 'zope.Writer': [{'permission': 'concord.DeleteArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.CreateArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.ReadIssue',
+ 'setting': 'Allow'}]}}
+
+
+
+
+Now lets see what the permission details returns
+ >>> from zope.publisher.interfaces.browser import IBrowserRequest
+ >>> from z3c.securitytool.interfaces import IPermissionDetails
+
+ >>> permAdapter = zapi.getMultiAdapter((root[u'Folder1'],
+ ... ),IPermissionDetails)
+
+ >>> prinPerms = permAdapter('zope.daniel',
+ ... 'ReadIssue.html',
+ ... )
+
+ >>> print permAdapter.principal.id
+ zope.daniel
+
+ >>> print permAdapter.skin
+ <InterfaceClass zope.publisher.interfaces.browser.IBrowserRequest>
+
+ >>> print permAdapter.read_perm
+ zope.Public
+
+ >>> print permAdapter.view_name
+ ReadIssue.html
+
+ >>> pprint(permAdapter.principalMatrix)
+ {'groups': {},
+ 'permissionTree': [],
+ 'permissions': [],
+ 'roleTree': [],
+ 'roles': {}}
+
+ >>> pprint(prinPerms)
+ {'groups': {},
+ 'permissionTree': [],
+ 'permissions': [],
+ 'roleTree': [],
+ 'roles': {}}
+
+
Lets make sure all the views work properly. Just a simple smoke test
>>> from zope.testbrowser.testing import Browser
@@ -54,7 +334,10 @@
First we will check if the main page is available
>>> manager.open('http://localhost:8080/@@securityMatrix.html')
+ >>> manager.open('http://localhost:8080/Folder1/@@securityMatrix.html')
+ >>> manager.open('http://localhost:8080/Folder1/Folder2/@@securityMatrix.html')
+
Now lets send the filter variable so our test is complete
>>> manager.open('http://localhost:8080/@@securityMatrix.html?'
... 'FILTER=None&selectedSkin=ConcordTimes')
@@ -71,11 +354,19 @@
... 'FILTER=None&selectedSkin=ConcordTimes&'
... 'selectedPermission=zope.dummy')
+And with the None permission
+ >>> manager.open('http://localhost:8080/@@securityMatrix.html?'
+ ... 'FILTER=None&selectedSkin=ConcordTimes&'
+ ... 'selectedPermission=None')
This is the principal detail page, you can get to by clicking on the
principals name at the top of the form.
>>> manager.open('http://localhost:8080/@@principalDetails.html?principal=zope.daniel')
+
+ >>> manager.open('http://localhost:8080/Folder1/Folder2/Folder3/@@principalDetails.html?principal=zope.daniel')
+
+
>>> 'Permission settings' in manager.contents
True
@@ -103,3 +394,6 @@
And now we will test it without the view name
>>> manager.open('http://localhost:8080/@@permissionDetails.html?principal=zope.daniel')
+
+Lets also test with a different context level
+ >>> manager.open('http://localhost:8080/Folder1/Folder2/Folder3/@@permissionDetails.html?principal=zope.daniel&view=ReadIssue.html')
More information about the Checkins
mailing list