[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
Updated tests to handle the groups for each principal
Daniel Blackburn
blackburnd at gmail.com
Tue Feb 26 15:40:28 EST 2008
Log message for revision 84282:
Updated tests to handle the groups for each principal
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/README.txt
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-02-26 20:39:41 UTC (rev 84281)
+++ z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-02-26 20:40:27 UTC (rev 84282)
@@ -69,55 +69,55 @@
>>> ifaces = tuple(providedBy(folder1))
>>> permDetails = folder1.getPermissionSettingsForAllViews(ifaces)
>>> pprint(permDetails)
- [{'zope.anybody': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.daniel': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.globalmgr': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.markus': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.martin': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.mgr': {u'absolute_url': 'Allow', u'<i>no name</i>': 'Allow'},
- 'zope.randy': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'},
- 'zope.sample_manager': {u'<i>no name</i>': 'Allow',
+ [{'zope.anybody': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.daniel': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.globalmgr': {u'<i>no name</i>': 'Allow',
u'DELETE': 'Allow',
u'OPTIONS': 'Allow',
u'PUT': 'Allow',
u'absolute_url': 'Allow'},
- 'zope.stephan': {u'<i>no name</i>': 'Allow',
- u'DELETE': 'Allow',
- u'OPTIONS': 'Allow',
- u'PUT': 'Allow',
- u'absolute_url': 'Allow'}},
- {u'<i>no name</i>': 'zope.Public',
- u'DELETE': 'zope.Public',
- u'OPTIONS': 'zope.Public',
- u'PUT': 'zope.Public',
- u'absolute_url': 'zope.Public'},
- set(['zope.Public'])]
+ 'zope.group1': {u'absolute_url': 'Allow', u'<i>no name</i>': 'Allow'},
+ 'zope.markus': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.martin': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.mgr': {u'absolute_url': 'Allow', u'<i>no name</i>': 'Allow'},
+ 'zope.randy': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.sample_manager': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.stephan': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'}},
+ {u'<i>no name</i>': 'zope.Public',
+ u'DELETE': 'zope.Public',
+ u'OPTIONS': 'zope.Public',
+ u'PUT': 'zope.Public',
+ u'absolute_url': 'zope.Public'},
+ set(['zope.Public'])]
-
Following are the helper functions used within the securitytool, These
contain a set of common functionality that is used in many places.
@@ -209,81 +209,122 @@
Here we will test with the principal that was populated earlier.
>>> prinDetails = PrincipalDetails(root[u'Folder1'])
- >>> pprint(prinDetails('zope.daniel') )
- {'groups': {},
- 'permissionTree': [{u'Folder1_2': {'name': None,
- 'parentList': [u'Folder1',
- 'Root Folder'],
- 'permissions': [{'permission': 'concord.CreateArticle',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Allow},
- {'permission': 'concord.ReadIssue',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Deny},
- {'permission': 'concord.DeleteIssue',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Allow}]}},
- {'Root Folder': {'name': 'Root Folder',
- 'parentList': ['Root Folder'],
- 'permissions': [{'permission': 'concord.CreateArticle',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Deny},
- {'permission': 'concord.ReadIssue',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Allow},
- {'permission': 'concord.DeleteArticle',
- 'principal': 'zope.daniel',
- 'setting': PermissionSetting: Deny}]}}],
- 'permissions': [{'permission': 'concord.CreateArticle',
- 'setting': PermissionSetting: Allow},
- {'permission': 'concord.ReadIssue',
- 'setting': PermissionSetting: Deny},
- {'permission': 'concord.DeleteIssue',
- 'setting': PermissionSetting: Allow},
- {'permission': 'concord.DeleteArticle',
- 'setting': PermissionSetting: Deny}],
- 'roleTree': [{u'Folder1_2': {'name': None,
- 'parentList': [u'Folder1', 'Root Folder'],
- 'roles': [{'principal': 'zope.daniel',
- 'role': 'zope.Writer',
- 'setting': PermissionSetting: Allow}]}},
- {'Root Folder': {'name': 'Root Folder',
- 'parentList': ['Root Folder'],
- 'roles': [{'principal': 'zope.daniel',
- 'role': 'zope.Writer',
- 'setting': PermissionSetting: Allow},
- {'principal': 'zope.daniel',
- 'role': 'zope.Editor',
- 'setting': PermissionSetting: Allow}]}},
- {'global settings': {'name': None,
- 'parentList': ['global settings'],
- 'roles': [{'principal': 'zope.daniel',
- 'role': 'zope.Janitor',
- 'setting': PermissionSetting: Allow}]}}],
- 'roles': {'zope.Editor': [{'permission': 'concord.CreateIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.DeleteArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.PublishIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.DeleteIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.CreateArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}],
- 'zope.Janitor': [{'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}],
- 'zope.Writer': [{'permission': 'concord.DeleteArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.CreateArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}]}}
+ >>> matrix = prinDetails('zope.daniel')
+ >>> pprint(matrix['groups'])
+ {'zope.group1':
+ {'groups': {},
+ 'permissionTree': [{u'Folder1_2': {'name': None,
+ 'parentList': [u'Folder1',
+ 'Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.DeleteIssue',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Allow}]}},
+ {'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.DeleteArticle',
+ 'principal': 'zope.group1',
+ 'setting': PermissionSetting: Deny}]}}],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.ReadIssue',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.DeleteIssue',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.DeleteArticle',
+ 'setting': PermissionSetting: Deny}],
+ 'roleTree': [{'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'roles': [{'principal': 'zope.group1',
+ 'role': 'zope.Editor',
+ 'setting': PermissionSetting: Allow}]}}],
+ 'roles': {'zope.Editor': [{'permission': 'concord.CreateIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.DeleteArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.PublishIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.DeleteIssue',
+ 'setting': 'Allow'},
+ {'permission': 'concord.CreateArticle',
+ 'setting': 'Allow'},
+ {'permission': 'concord.ReadIssue',
+ 'setting': 'Allow'}]}}}
+
+ >>> pprint(matrix['permissionTree'])
+ [{u'Folder1_2': {'name': None,
+ 'parentList': [u'Folder1', 'Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.DeleteIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow}]}},
+ {'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'permissions': [{'permission': 'concord.CreateArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny},
+ {'permission': 'concord.ReadIssue',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Allow},
+ {'permission': 'concord.DeleteArticle',
+ 'principal': 'zope.daniel',
+ 'setting': PermissionSetting: Deny}]}}]
+
+
+ >>> pprint(matrix['permissions'])
+ [{'setting': PermissionSetting: Allow, 'permission': 'concord.CreateArticle'},
+ {'setting': PermissionSetting: Deny, 'permission': 'concord.ReadIssue'},
+ {'setting': PermissionSetting: Allow, 'permission': 'concord.DeleteIssue'},
+ {'setting': PermissionSetting: Deny, 'permission': 'concord.DeleteArticle'}]
+
+
+
+ >>> pprint(matrix['roleTree'])
+ [{'Root Folder': {'name': 'Root Folder',
+ 'parentList': ['Root Folder'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Writer',
+ 'setting': PermissionSetting: Allow}]}},
+ {'global settings': {'name': None,
+ 'parentList': ['global settings'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Janitor',
+ 'setting': PermissionSetting: Allow}]}},
+ {u'Folder1_2': {'name': None,
+ 'parentList': [u'Folder1', 'Root Folder'],
+ 'roles': [{'principal': 'zope.daniel',
+ 'role': 'zope.Writer',
+ 'setting': PermissionSetting: Allow}]}}]
+
+
+
+ >>> pprint(matrix['roles'])
+ {'zope.Janitor': [{'setting': 'Allow', 'permission': 'concord.ReadIssue'}],
+ 'zope.Writer': [{'setting': 'Allow', 'permission': 'concord.DeleteArticle'},
+ {'setting': 'Allow', 'permission': 'concord.CreateArticle'},
+ {'setting': 'Allow', 'permission': 'concord.ReadIssue'}]}
+
+
Now lets see what the permission details returns
>>> from zope.publisher.interfaces.browser import IBrowserRequest
>>> from z3c.securitytool.interfaces import IPermissionDetails
@@ -295,9 +336,6 @@
... 'ReadIssue.html',
... )
- >>> print permAdapter.principal.id
- zope.daniel
-
>>> print permAdapter.skin
<InterfaceClass zope.publisher.interfaces.browser.IBrowserRequest>
@@ -307,21 +345,19 @@
>>> print permAdapter.view_name
ReadIssue.html
- >>> pprint(permAdapter.principalMatrix)
- {'groups': {},
+
+ >>> pprint(prinPerms)
+ {'groups': {'zope.group1': {'groups': {},
+ 'permissionTree': [],
+ 'permissions': [],
+ 'roleTree': [],
+ 'roles': {}}},
'permissionTree': [],
'permissions': [],
'roleTree': [],
'roles': {}}
+
- >>> pprint(prinPerms)
- {'groups': {},
- 'permissionTree': [],
- 'permissions': [],
- 'roleTree': [],
- 'roles': {}}
-
-
Lets make sure all the views work properly. Just a simple smoke test
>>> from zope.testbrowser.testing import Browser
@@ -336,7 +372,7 @@
>>> manager.open('http://localhost:8080/Folder1/@@securityMatrix.html')
- >>> manager.open('http://localhost:8080/Folder1/Folder2/@@securityMatrix.html')
+ >>> manager.open('http://localhost:8080/Folder1/Folder2/Folder3/@@securityMatrix.html')
Now lets send the filter variable so our test is complete
>>> manager.open('http://localhost:8080/@@securityMatrix.html?'
More information about the Checkins
mailing list