[Checkins]
SVN: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
Updated README.txt, better documentation for tests
Daniel Blackburn
blackburnd at gmail.com
Fri Mar 7 13:05:59 EST 2008
Log message for revision 84535:
Updated README.txt, better documentation for tests
Changed:
U z3c.securitytool/trunk/src/z3c/securitytool/README.txt
-=-
Modified: z3c.securitytool/trunk/src/z3c/securitytool/README.txt
===================================================================
--- z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-03-07 16:23:06 UTC (rev 84534)
+++ z3c.securitytool/trunk/src/z3c/securitytool/README.txt 2008-03-07 18:05:59 UTC (rev 84535)
@@ -2,7 +2,6 @@
z3c.securitytool
================
-
z3c.securitytool is a Zope3 package aimed at providing component level
security information to assist in analyzing security problems and to
potentially expose weaknesses. The goal of the security tool is to
@@ -41,48 +40,69 @@
context. The interesting information is when you select the skins.
A future release of this tool will offer a selection to view all
information for all skins as well as each skin individually.
-
You can also truncate the results by selecting the permission from
-the filter select box.
+the filter select box. When you click on the "Allow" or "Deny" security
+tool will explain where these permissions were specified whether by
+role, group, or in local context.
-When you click on the "Allow" or "Deny" security tool will explain
-where these permissions were specified whether by role, group, or
-in local context.
-
When you click on a user-name all the permissions inherited from
roles, groups or specifically assigned will be displayed.
+Detailed Documentation
+----------------------
+
>>> import zope
>>> from zope.app import zapi
>>> from pprint import pprint
-
>>> from z3c.securitytool.interfaces import ISecurityChecker
>>> from z3c.securitytool.interfaces import IPrincipalDetails
>>> from z3c.securitytool.interfaces import IPermissionDetails
-
>>> root = getRootFolder()
Several things are added to the database on the IDatabaseOpenedEvent when
-starting the demo. These settings are used to test the functionality
-in the tests as well as populate a matrix for the demo.Lets make sure
-the items were added with demoSetup.py
+starting the demo or running the tests. These settings are used to test
+the functionality in the tests as well as populate a matrix for the demo.
+Lets make sure the items were added with demoSetup.py
+
>>> sorted(root.keys())
[u'Folder1']
>>> folder1 = ISecurityChecker(root['Folder1'])
-We can see that the permissions for zope.interface.Interface should
-return an empty set.
+The security tool uses a tuple of interfaces to determine what views
+are registered at this context level. Since nothing should be
+registerd for only zope.interface.Interface we should recieve an empty
+set, of permissions, roles and groups.
>>> folder1.getPermissionSettingsForAllViews(zope.interface.Interface)
[{}, {}, set([])]
+
+Now lets see what the actual securityMatrix looks like in the context level
+of folder1. We first get the interfaces registered for this context
+level and then list all the view names that are registered for this context
+and Interface.
+
>>> from zope.interface import providedBy
+ >>> from z3c.securitytool.securitytool import getViews
>>> ifaces = tuple(providedBy(folder1))
+ >>> pprint(ifaces)
+ (<InterfaceClass z3c.securitytool.interfaces.ISecurityChecker>,)
-Now lets see what the actual securityMatrix looks like in the context level
-of folder1.
+ >>> pprint(sorted([x.name for x in getViews(ifaces[0])]))
+ [u'acquire',
+ u'adapter',
+ u'attribute',
+ u'etc',
+ u'item',
+ u'lang',
+ u'resource',
+ u'skin',
+ u'vh',
+ u'view']
+
+
>>> permDetails = folder1.getPermissionSettingsForAllViews(ifaces)
>>> pprint(permDetails)
[{'zope.anybody': {u'<i>no name</i>': 'Allow',
@@ -270,9 +290,7 @@
'setting': 'Allow'},
{'permission': 'concord.ReadIssue',
'setting': 'Allow'}]}}}
-
-
>>> pprint(matrix['permissionTree'])
[{u'Folder1_2': {'name': None,
'parentList': [u'Folder1', 'Root Folder'],
@@ -315,7 +333,6 @@
>>> for item in matrix['roleTree']:
... tmpDict.update(item)
-
>>> pprint(tmpDict['Root Folder'])
{'name': 'Root Folder',
'parentList': ['Root Folder'],
@@ -336,11 +353,7 @@
'roles': [{'principal': 'zope.daniel',
'role': 'zope.Janitor',
'setting': PermissionSetting: Allow}]}
-
-
-
-
>>> pprint(matrix['roles'])
{'zope.Janitor': [{'setting': 'Allow', 'permission': 'concord.ReadIssue'}],
'zope.Writer': [{'setting': 'Allow', 'permission': 'concord.DeleteArticle'},
@@ -368,7 +381,6 @@
>>> print permAdapter.view_name
ReadIssue.html
-
>>> pprint(prinPerms)
{'groups': {'zope.group1': {'groups': {},
'permissionTree': [],
@@ -379,8 +391,10 @@
'permissions': [],
'roleTree': [],
'roles': {}}
-
+TestBrowser Smoke Tests
+-----------------------
+
Lets make sure all the views work properly. Just a simple smoke test
>>> from zope.testbrowser.testing import Browser
@@ -461,7 +475,7 @@
And now we will test it without the view name
>>> manager.open(server + '/@@permissionDetails.html?'
- ... principal=zope.daniel')
+ ... 'principal=zope.daniel')
And now with a view name that does not exist
More information about the Checkins
mailing list