[Checkins] SVN: z3c.securitytool/trunk/src/z3c/securitytool/
Updated doctests, added smoke tests for views
Daniel Blackburn
blackburnd at gmail.com
Sat Jan 26 11:58:47 EST 2008
Log message for revision 83253:
Updated doctests, added smoke tests for views
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/README.txt
U z3c.securitytool/trunk/src/z3c/securitytool/ftesting.zcml
U z3c.securitytool/trunk/src/z3c/securitytool/site.zcml
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-01-26 16:25:13 UTC (rev 83252)
+++ z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-01-26 16:58:45 UTC (rev 83253)
@@ -208,84 +208,21 @@
[u'firstIssue']
------------------
-Okay, Now lets see what security tool thinks the user has assigned for
-roles, permissions and groups.
+---------------------------------------------------------------------
+To fully test the tool we added the principals, permissions and roles
+to the ftesting.zcml
+---------------------------------------------------------------------
-TODO: Find out why I cannot access the principals without defining Principal
+Okay, Now lets see what security tool thinks the user has assigned for
+roles, permissions and groups.
+
>>> from z3c.securitytool.interfaces import ISecurityChecker
>>> principals = zapi.principals()
>>> first = ISecurityChecker(firstIssue)
-As we can see below securitytool tells us that daniel and stephanonly has
-ReadIssue given by the concord.Janitor Role
-
- >>> daniel = principals.definePrincipal('daniel','daniel','daniel')
- >>> pprint(first.principalPermissions('daniel') )
- {'groups': {},
- 'permissions': [],
- 'roles': {'concord.Janitor': [{'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}]}}
-
- >>> principals._clear()
- >>> stephan = principals.definePrincipal('stephan','stephan','stephan')
- >>> pprint(first.principalPermissions('stephan') )
- {'groups': {},
- 'permissions': [],
- 'roles': {'concord.Janitor': [{'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}]}}
-
-
-We can see here that Randy has the role concord.Writer which is
-allowed to perform the concord.createArticle actions.
- >>> principals._clear()
- >>> randy = principals.definePrincipal('randy','randy','randy')
- >>> pprint(first.principalPermissions('randy') )
- {'groups': {},
- 'permissions': [],
- 'roles': {'concord.Writer': [{'permission': 'concord.CreateArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}]}}
-
-
-We can see here that Markus has the role concord.Writer which is
-allowed to perform the concord.createArticle actions.
- >>> principals._clear()
- >>> markus = principals.definePrincipal('markus','markus','markus')
- >>> pprint(first.principalPermissions('markus') )
- {'groups': {},
- 'permissions': [],
- 'roles': {'concord.Writer': [{'permission': 'concord.CreateArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.ReadIssue',
- 'setting': 'Allow'}]}}
-
-
-We can see here that Martin has the role concord.Editor which is
-allowed to perform all the actions for the Concord Times
- >>> principals._clear()
- >>> martin = principals.definePrincipal('martin','martin','martin')
- >>> pprint(first.principalPermissions('martin') )
- {'groups': {},
- 'permissions': [],
- 'roles': {'concord.Editor': [{'permission': 'concord.PublishIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.CreateArticle',
- 'setting': 'Allow'},
- {'permission': 'concord.ReadIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.CreateIssue',
- 'setting': 'Allow'},
- {'permission': 'concord.DeleteArticle',
- 'setting': 'Allow'}]}}
-
-
-
-
Lets get all the permission settings for the zope.interface.Interface
of course an empty set should get returned
>>> first.getPermissionSettingsForAllViews(zope.interface.Interface)
@@ -306,11 +243,36 @@
u'OPTIONS': 'Allow',
u'PUT': 'Allow',
u'absolute_url': 'Allow'},
+ 'zope.daniel': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.markus': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.martin': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
+ 'zope.randy': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'},
'zope.sample_manager': {u'<i>no name</i>': 'Allow',
u'DELETE': 'Allow',
u'OPTIONS': 'Allow',
u'PUT': 'Allow',
- u'absolute_url': 'Allow'}},
+ u'absolute_url': 'Allow'},
+ 'zope.stephan': {u'<i>no name</i>': 'Allow',
+ u'DELETE': 'Allow',
+ u'OPTIONS': 'Allow',
+ u'PUT': 'Allow',
+ u'absolute_url': 'Allow'}},
{u'<i>no name</i>': 'zope.Public',
u'DELETE': 'zope.Public',
u'OPTIONS': 'zope.Public',
@@ -320,13 +282,20 @@
+ >>> daniel = principals.definePrincipal('daniel','daniel','daniel')
+ >>> pprint(first.principalPermissions('daniel') )
+ {'groups': {},
+ 'permissions': [],
+ 'roles': {'concord.Janitor': [{'permission': 'concord.ReadIssue',
+ 'setting': 'Allow'}]}}
- >>> print first.permissionDetails('martin', None)
+
+ >>> print first.permissionDetails('daniel', None)
{'read_perm': 'zope.Public', 'groups': {}, 'roles': {}, 'permissions': []}
-Lets make sure all the views work properly
+Lets make sure all the views work properly. Just a simple smoke test
>>> from zope.testbrowser.testing import Browser
>>> manager = Browser()
@@ -334,9 +303,8 @@
>>> manager.addHeader('Authorization', authHeader)
>>> manager.handleErrors = False
- >>> manager.open('http://localhost:8080/')
+ >>> manager.open('http://localhost:8080/@@vum.html')
+ >>> manager.open('http://localhost:8080/@@ud.html?principal=daniel')
-
-
-
+ >>> manager.open('http://localhost:8080/@@pd.html?principal=daniel&view=PUT')
Modified: z3c.securitytool/trunk/src/z3c/securitytool/ftesting.zcml
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/ftesting.zcml 2008-01-26 16:25:13 UTC (rev 83252)
+++ z3c.securitytool/trunk/src/z3c/securitytool/ftesting.zcml 2008-01-26 16:58:45 UTC (rev 83253)
@@ -16,14 +16,65 @@
<include package="z3c.securitytool" file="configure.zcml" />
+ <include package="z3c.layer.minimal" />
+
+ <interface
+ interface="z3c.securitytool.browser.IConcordTimesSkin"
+ type="zope.publisher.interfaces.browser.IBrowserSkinType"
+ name="ConcordTimes"
+ />
+
<browser:defaultView for="*" name="vum.html" />
<securityPolicy
component="zope.securitypolicy.zopepolicy.ZopeSecurityPolicy" />
+
<role id="zope.Anonymous" title="Everybody" />
<role id="zope.Manager" title="Manager" />
+ <role id="zope.Janitor" title="Janitor" />
+ <role id="zope.Editor" title="Editor" />
+ <role id="zope.Writer" title="Writer" />
+
+<permission
+ id="concord.CreateArticle"
+ title="View Perm."
+ description="A Permission Used to View Issues"
+ />
+
+<permission
+ id="concord.DeleteArticle"
+ title="Del Article Perm."
+ description="A Permission Used to Delete Articles"
+ />
+
+<permission
+ id="concord.CreateIssue"
+ title="View Perm."
+ description="A Permission Used to Create Issues"
+ />
+
+<permission
+ id="concord.DeleteIssue"
+ title="View Perm."
+ description="A Permission Used to Delete Issues"
+ />
+
+<permission
+ id="concord.ReadIssue"
+ title="View Perm."
+ description="A Permission Used to View Issues"
+ />
+
+<permission
+ id="concord.PublishIssue"
+ title="View Perm."
+ description="A Permission Used to Publish Issues"
+ />
+
+
+
<unauthenticatedPrincipal
id="zope.anybody"
title="Unauthenticated User"
@@ -41,6 +92,42 @@
password="admin"
/>
+ <principal
+ id="zope.daniel"
+ title="Daniel "
+ login="daniel"
+ password="123"
+ />
+
+ <principal
+ id="zope.martin"
+ title="Martin"
+ login="martin"
+ password="123"
+ />
+
+ <principal
+ id="zope.randy"
+ title="Randy"
+ login="randy"
+ password="123"
+ />
+
+ <principal
+ id="zope.markus"
+ title="Markus"
+ login="markus"
+ password="123"
+ />
+
+ <principal
+ id="zope.stephan"
+ title="Stephan"
+ login="stephan"
+ password="123"
+ />
+
+
<grant
role="zope.Manager"
principal="zope.sample_manager"
@@ -48,7 +135,30 @@
<grantAll role="zope.Manager" />
+ <grant role="zope.Janitor" principal="zope.daniel" />
+ <grant role="zope.Janitor" principal="zope.stephan" />
+ <grant role="zope.Writer" principal="zope.randy" />
+ <grant role="zope.Writer" principal="zope.martin" />
+
+ <grant role="zope.Editor" principal="zope.markus" />
+
+
+ <grant permission="concord.CreateIssue" role="zope.Editor" />
+ <grant permission="concord.DeleteIssue" role="zope.Editor" />
+ <grant permission="concord.PublishIssue" role="zope.Editor" />
+
+ <grant permission="concord.CreateArticle" role="zope.Editor" />
+ <grant permission="concord.CreateArticle" role="zope.Writer" />
+
+ <grant permission="concord.DeleteArticle" role="zope.Writer" />
+ <grant permission="concord.DeleteArticle" role="zope.Editor" />
+
+ <grant permission="concord.ReadIssue" role="zope.Editor" />
+ <grant permission="concord.ReadIssue" role="zope.Janitor" />
+ <grant permission="concord.ReadIssue" role="zope.Writer" />
+
+
<!-- Replace the following directive if you don't want public access
<grant permission="zope.View"
role="zope.Anonymous" />
Modified: z3c.securitytool/trunk/src/z3c/securitytool/site.zcml
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/site.zcml 2008-01-26 16:25:13 UTC (rev 83252)
+++ z3c.securitytool/trunk/src/z3c/securitytool/site.zcml 2008-01-26 16:58:45 UTC (rev 83253)
@@ -3,8 +3,6 @@
xmlns:browser="http://namespaces.zope.org/browser"
i18n_domain="zope">
- <browser:defaultView for="*" name="vum.html" />
-
<include package="zope.app.zcmlfiles" />
<include package="zope.app.authentication" />
<include package="zope.app.securitypolicy" />
@@ -25,7 +23,9 @@
name="ConcordTimes"
/>
+ <browser:defaultView for="*" name="vum.html" />
+
<securityPolicy
component="zope.securitypolicy.zopepolicy.ZopeSecurityPolicy" />
More information about the Checkins
mailing list