[Zope-Checkins] CVS: Zope3/lib/python/Zope/Security/tests - testChecker.py:1.1.2.1 testRestrictedInterpreter.py:1.1.2.6 test_Proxy.py:1.1.2.12

Jim Fulton jim@zope.com
Thu, 18 Apr 2002 18:02:24 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv30502/lib/python/Zope/Security/tests

Modified Files:
      Tag: SecurityProxy-branch
	testRestrictedInterpreter.py test_Proxy.py 
Added Files:
      Tag: SecurityProxy-branch
	testChecker.py 
Log Message:
Added SecurityProxy checker implementation and checker registry.

I'm going to refactor the way the checker permission database is
expressed and add some convenience factories.



=== Added File Zope3/lib/python/Zope/Security/tests/testChecker.py ===
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
# All Rights Reserved.
# 
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
# 
##############################################################################
"""

Revision information:
$Id: testChecker.py,v 1.1.2.1 2002/04/18 22:02:23 jim Exp $
"""

from unittest import TestCase, TestSuite, main, makeSuite
from Zope.Security.Checker import Checker
from Zope.Testing.CleanUp import cleanUp
from Zope.App.Security.ISecurityPolicy import ISecurityPolicy
from Zope.Exceptions import Forbidden, Unauthorized
from Zope.App.Security.SecurityManagement import setSecurityPolicy
from Zope.Security._Proxy import getChecker, getObject
from Zope.Security.Proxy import Proxy, defineChecker

class SecurityPolicy:

    __implements__ =  ISecurityPolicy

    ############################################################
    # Implementation methods for interface
    # Zope.App.Security.ISecurityPolicy.

    def validate(self, name, value, context):
        'See Zope.App.Security.ISecurityPolicy.ISecurityPolicy'
        permission = getattr(value, '__permission__', None)
        if permission is None:
            raise Forbidden(name, value)

        if not self.checkPermission(permission, object, context):
            raise Unauthorized(name, value)

    def checkPermission(self, permission, object, context):
        'See Zope.App.Security.ISecurityPolicy.ISecurityPolicy'

        return permission == 'test_allowed'

    #
    ############################################################


class OldInst:
    a=1
    
    def b(self):
        pass
    
    c=2

    def gete(self): return 3
    e = property(gete)

    def __getitem__(self, x): return 5, x

    def __setitem__(self, x, v): pass

class NewInst(object, OldInst):

    def gete(self): return 3
    def sete(self, v): pass
    e = property(gete, sete)

class Test(TestCase):

    def setUp(self):
        self.__oldpolicy = setSecurityPolicy(SecurityPolicy())

    def tearDown(self):
        setSecurityPolicy(self.__oldpolicy)
        cleanUp()


    # check_getattr cases:
    #
    # - no attribute there
    # - method
    # - allow and disallow by permission
    def test_check_getattr(self):        

        oldinst = OldInst()
        oldinst.d = OldInst()

        newinst = NewInst()
        newinst.d = NewInst()

        for inst in oldinst, newinst:
            checker = Checker([({'a': 1, 'b': 1, 'c': 1,
                                 '__getitem__': 1}.has_key,
                                'perm')])

            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a')
            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b')
            self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c')
            self.assertRaises(Unauthorized, checker.check, inst, '__getitem__')
            self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')

            checker = Checker([({'a': 1, 'b': 1, 'c': 1,
                                 '__getitem__': 1}.has_key,
                                'test_allowed')])

            checker.check_getattr(inst, 'a')
            checker.check_getattr(inst, 'b')
            checker.check_getattr(inst, 'c')
            checker.check(inst, '__getitem__')
            self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
            self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')

    def test_proxy(self):
        checker = Checker(())


        for rock in (1, 1.0, 1l, 1j,
                     '1', u'1', None,
                     AttributeError, AttributeError(),
                     ):
            proxy = checker.proxy(rock)
            self.failUnless(proxy is rock, proxy)

        for class_ in OldInst, NewInst:
            inst = class_()

            for ob in inst, class_:
                proxy = checker.proxy(ob)
                self.failUnless(getObject(proxy) is ob)
                database = getChecker(proxy)._Checker__database
                if ob is inst:
                    self.failIf(database, database)
                else:
                    self.failUnless(database)
        
            special = Checker([({'a': 1, 'b': 1}.has_key, 'test_allowed')])
            defineChecker(class_, special)

            proxy = checker.proxy(inst)
            self.failUnless(getObject(proxy) is inst)
            checker = getChecker(proxy)
            self.failUnless(checker is special, checker.__dict__)

            proxy2 = checker.proxy(proxy)
            self.failUnless(proxy2 is proxy, [proxy, proxy2])


def test_suite():
    return TestSuite((
        makeSuite(Test),
        ))

if __name__=='__main__':
    main(defaultTest='test_suite')










=== Zope3/lib/python/Zope/Security/tests/testRestrictedInterpreter.py 1.1.2.5 => 1.1.2.6 ===
 
+import Zope.Security.Proxy
+
 from Zope.Security.RestrictedInterpreter import RestrictedInterpreter
-from Zope.Security.Proxy import Proxy
+from Zope.Security.Proxy import Proxy, defineChecker
+
+from Zope.Testing.CleanUp import cleanUp
 
-class Checker:
+class TestChecker:
     def check_getattr(self, object, name):
         pass
     def check(self, object, opname):
         pass
     def proxy(self, value):
-        return Proxy(value, self)
+        return Proxy(value)
 
 class RITests(unittest.TestCase):
 
     def setUp(self):
-        self.checker = Checker()
+        self.checker = TestChecker()
         self.rinterp = RestrictedInterpreter(self.checker)
 
+    def tearDown(self):
+        cleanUp()
+
     def testExec(self):
-        self.rinterp.ri_exec("print type(1)\n")
+        self.rinterp.ri_exec("str(type(1))\n")
 
     def testImport(self):
         self.rinterp.ri_exec("import Zope.Security.Proxy")
 
     def testWrapping(self):
         # make sure we've really got proxies
+        import types
+        from Zope.Security.Checker import Checker
+        checker = Checker([({'Proxy':1, '_Proxy':1}.has_key, None)])
+        defineChecker(Zope.Security.Proxy, checker)
+        checker = Checker([({'BuiltinFunctionType':1}.has_key, None)])
+        defineChecker(types, checker)
         code = ("from Zope.Security.Proxy import Proxy, _Proxy\n"
                 "import types\n"
                 "assert type(id) is not types.BuiltinFunctionType\n"
@@ -33,3 +46,8 @@
 
 def test_suite():
     return unittest.makeSuite(RITests)
+
+
+if __name__=='__main__':
+    from unittest import main
+    main(defaultTest='test_suite')


=== Zope3/lib/python/Zope/Security/tests/test_Proxy.py 1.1.2.11 => 1.1.2.12 ===
-
+from Zope.Exceptions import Forbidden
 from Zope.Security._Proxy import getObject, getChecker
 from Zope.Security.Proxy import Proxy
 
@@ -20,6 +20,8 @@
             raise RuntimeError
 
     def proxy(self, value):
+        if type(value) is str:
+            return value
         return Proxy(value, self)
 
 
@@ -170,3 +172,7 @@
 
 def test_suite():
     return unittest.makeSuite(ProxyTests)
+
+if __name__=='__main__':
+    from unittest import main
+    main(defaultTest='test_suite')