[Checkins] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/ Make _canMasquerade aware of groups.
Stefan H. Holek
stefan at epy.co.at
Thu Mar 5 07:45:33 EST 2009
Log message for revision 97528:
Make _canMasquerade aware of groups.
Changed:
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_MoreCaching.py
U Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
-=-
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-05 12:21:09 UTC (rev 97527)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/PluggableAuthService.py 2009-03-05 12:45:33 UTC (rev 97528)
@@ -742,15 +742,12 @@
if not masquerading():
return False
- user = self._createUser( plugins, user_id, name )
+ user = self._findUser( plugins, user_id, name, request )
- rolemakers = plugins.listPlugins( IRolesPlugin )
+ if user is not None:
+ roles = user.getRoles()
- for rolemaker_id, rolemaker in rolemakers:
-
- roles = rolemaker.getRolesForPrincipal( user, request )
-
- if roles and ('Manager' in roles or 'Masquerader' in roles):
+ if 'Manager' in roles or 'Masquerader' in roles:
return True
return False
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py 2009-03-05 12:21:09 UTC (rev 97527)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/pastc.py 2009-03-05 12:45:33 UTC (rev 97528)
@@ -27,6 +27,7 @@
from Products.PluggableAuthService.interfaces.plugins import \
IAuthenticationPlugin, IUserEnumerationPlugin, IRolesPlugin, \
IRoleEnumerationPlugin, IRoleAssignerPlugin, \
+ IGroupsPlugin, IGroupEnumerationPlugin, \
IChallengePlugin, IExtractionPlugin, IUserAdderPlugin
from base64 import encodestring
@@ -50,6 +51,7 @@
factory.addHTTPBasicAuthHelper('http_auth')
factory.addZODBUserManager('users')
factory.addZODBRoleManager('roles')
+ factory.addZODBGroupManager('groups')
plugins = pas.plugins
plugins.activatePlugin(IChallengePlugin, 'http_auth')
plugins.activatePlugin(IExtractionPlugin, 'http_auth')
@@ -59,6 +61,8 @@
plugins.activatePlugin(IRolesPlugin, 'roles')
plugins.activatePlugin(IRoleAssignerPlugin, 'roles')
plugins.activatePlugin(IRoleEnumerationPlugin, 'roles')
+ plugins.activatePlugin(IGroupsPlugin, 'groups')
+ plugins.activatePlugin(IGroupEnumerationPlugin, 'groups')
def _setupUser(self):
"""Creates the default user."""
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_MoreCaching.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_MoreCaching.py 2009-03-05 12:21:09 UTC (rev 97527)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_MoreCaching.py 2009-03-05 12:45:33 UTC (rev 97528)
@@ -283,7 +283,6 @@
password = 'secret'
factory = self.pas.manage_addProduct['PluggableAuthService']
- factory.addZODBGroupManager( 'groups' )
self.pas._doAddUser(user_id, password, [], [])
groups = self.pas.groups
groups.addGroup( group_id )
@@ -298,7 +297,6 @@
password = 'secret'
factory = self.pas.manage_addProduct['PluggableAuthService']
- factory.addZODBGroupManager( 'groups' )
self.pas._doAddUser(user_id, password, [], [])
groups = self.pas.groups
groups.addGroup( group_id )
Modified: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py
===================================================================
--- Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py 2009-03-05 12:21:09 UTC (rev 97527)
+++ Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/tests/test_masquerading.py 2009-03-05 12:45:33 UTC (rev 97528)
@@ -57,22 +57,40 @@
def afterSetUp(self):
self.pas = self.folder.acl_users
+
# Create a masquerading user (Manager)
self.pas.users.addUser('fred_id', 'fred', 'r0ck')
self.pas.roles.assignRoleToPrincipal('Manager', 'fred_id')
+
# Create a masquerading user (Masquerader)
self.pas.users.addUser('barney_id', 'barney', 'p4per')
self.pas.roles.addRole('Masquerader')
self.pas.roles.assignRoleToPrincipal('Masquerader', 'barney_id')
+
+ # Create a masquerading user (Masquerader via group)
+ self.pas.users.addUser('pebbles_id', 'pebbles', 'sci55ors')
+ self.pas.groups.addGroup('flintstone_id', 'flintstone')
+ self.pas.groups.addPrincipalToGroup('pebbles_id', 'flintstone_id')
+ self.pas.roles.assignRoleToPrincipal('Masquerader', 'flintstone_id')
+
# Create a masqueraded user
self.pas.users.addUser('wilma_id', 'wilma', 'geheim')
self.pas.roles.assignRoleToPrincipal(pastc.user_role, 'wilma_id')
+
# Create a protected document
self.folder.manage_addDTMLMethod('doc', file='the document')
self.doc = self.folder.doc
self.doc.manage_permission(View, [pastc.user_role], acquire=False)
+
+ # Rig the request so it looks like we traversed to doc
+ request = self.app.REQUEST
+ request['PUBLISHED'] = self.doc
+ request['PARENTS'] = [self.folder, self.app]
+ request.steps = list(self.doc.getPhysicalPath())
+
# Start out as Anonymous User
self.logout()
+
# Enable masquerading
masquerading(True)
@@ -102,6 +120,17 @@
self.assertEqual(user_id, 'wilma_id')
self.assertEqual(info, 'wilma')
+ def test__extractUserIds_Masquerader_via_group(self):
+ request = self.app.REQUEST
+ request._auth = 'Basic %s' % pastc.mkauth('pebbles/wilma', 'sci55ors')
+
+ uids = self.pas._extractUserIds(request, self.pas.plugins)
+ self.assertEqual(len(uids), 1)
+
+ user_id, info = uids[0]
+ self.assertEqual(user_id, 'wilma_id')
+ self.assertEqual(info, 'wilma')
+
def test__extractUserIds_masquerading_disabled(self):
request = self.app.REQUEST
request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
@@ -140,11 +169,7 @@
self.assertEqual(info, None)
def test_validate_Manager(self):
- # Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
- request['PUBLISHED'] = self.doc
- request['PARENTS'] = [self.folder, self.app]
- request.steps = list(self.doc.getPhysicalPath())
request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
user = self.pas.validate(request)
@@ -160,11 +185,7 @@
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
def test_validate_Masquerader(self):
- # Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
- request['PUBLISHED'] = self.doc
- request['PARENTS'] = [self.folder, self.app]
- request.steps = list(self.doc.getPhysicalPath())
request._auth = 'Basic %s' % pastc.mkauth('barney/wilma', 'p4per')
user = self.pas.validate(request)
@@ -179,12 +200,24 @@
self.assertEqual(user.getUserName(), 'wilma')
self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+ def test_validate_Masquerader_via_group(self):
+ request = self.app.REQUEST
+ request._auth = 'Basic %s' % pastc.mkauth('pebbles/wilma', 'sci55ors')
+
+ user = self.pas.validate(request)
+ self.failIfEqual(user, None)
+ self.assertEqual(user.getId(), 'wilma_id')
+ self.assertEqual(user.getUserName(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
+ user = getSecurityManager().getUser()
+ self.failIfEqual(user, None)
+ self.assertEqual(user.getId(), 'wilma_id')
+ self.assertEqual(user.getUserName(), 'wilma')
+ self.assertEqual(user.getRoles(), ['Authenticated', pastc.user_role])
+
def test_validate_masquerading_disabled(self):
- # Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
- request['PUBLISHED'] = self.doc
- request['PARENTS'] = [self.folder, self.app]
- request.steps = list(self.doc.getPhysicalPath())
request._auth = 'Basic %s' % pastc.mkauth('fred/wilma', 'r0ck')
masquerading(False)
@@ -199,11 +232,7 @@
self.assertEqual(user.getRoles(), ('Anonymous',))
def test_validate_masquerading_denied(self):
- # Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
- request['PUBLISHED'] = self.doc
- request['PARENTS'] = [self.folder, self.app]
- request.steps = list(self.doc.getPhysicalPath())
request._auth = 'Basic %s' % pastc.mkauth('wilma/fred', 'geheim')
user = self.pas.validate(request)
@@ -216,11 +245,7 @@
self.assertEqual(user.getRoles(), ('Anonymous',))
def test_validate_bad_role_user(self):
- # Rig the request so it looks like we traversed to doc
request = self.app.REQUEST
- request['PUBLISHED'] = self.doc
- request['PARENTS'] = [self.folder, self.app]
- request.steps = list(self.doc.getPhysicalPath())
request._auth = 'Basic %s' % pastc.mkauth('fred/betty', 'r0ck')
user = self.pas.validate(request)
More information about the Checkins
mailing list