[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Traversing/tests - testTraverser.py:1.1.2.10.6.1 testZopeWrapper.py:NONE

Jim Fulton jim@zope.com
Fri, 26 Apr 2002 14:23:18 -0400


Update of /cvs-repository/Zope3/lib/python/Zope/App/Traversing/tests
In directory cvs.zope.org:/tmp/cvs-serv26237/lib/python/Zope/App/Traversing/tests

Modified Files:
      Tag: SecurityProxy-branch
	testTraverser.py 
Removed Files:
      Tag: SecurityProxy-branch
	testZopeWrapper.py 
Log Message:
Changed security code to use security proxies and name-based
security. This has pretty far-reaching implications:

- You now protect names/operations, *not* values. This means it's as
  easy yo protect data attributes that have simple values as it is to
  protect methods.

- There is no longer a __permissions__ attribute. :)

- There is no longer a validate method in either security managers or
  policies. 

- No more need to have a special compiler for restricted code.
  In exchange, lots of objects are proxies and code sometimes needs to
  be prepared to remove proxies.

In addition:

- Basic objects (None, strings, numbers, etc.) are not wrapped in
  context wrappers.

- There is a test that fails unless Python 2.3 is used.



=== Zope3/lib/python/Zope/App/Traversing/tests/testTraverser.py 1.1.2.10 => 1.1.2.10.6.1 ===
 from Zope.App.Traversing.Traverser import Traverser
 from Zope.App.Traversing.DefaultTraversable import DefaultTraversable
-from Zope.ContextWrapper import wrapper, Wrapper
+from Zope.Proxy.ContextWrapper import ContextWrapper
 from Zope.Exceptions import NotFoundError, Unauthorized
 from Zope.ComponentArchitecture import provideAdapter
 from Zope.App.Security.SecurityManagement import setSecurityPolicy, \
     noSecurityManager
-from Zope.App.Security.SimpleSecurityPolicies import NameBasedSecurityPolicy
 from Zope.Testing.CleanUp import CleanUp # Base class w registry cleanup
 
 from Interface.Verify import verifyClass
 from Interface.Implements import instancesOfObjectImplements
+from Zope.Security.Checker \
+     import ProxyFactory, defineChecker, NamesChecker, CheckerPublic, Checker
+from Zope.App.Security.SecurityManagement import newSecurityManager
 
 class C:
     def __init__(self, name):
@@ -39,9 +41,9 @@
 class TraverserTests(CleanUp, unittest.TestCase):
     def setUp(self):
         # Build up a wrapper chain
-        self.root =   Wrapper(C('root'),   None,        name='')
-        self.folder = Wrapper(C('folder'), self.root,   name='folder')
-        self.item =   Wrapper(C('item'),   self.folder, name='item')
+        self.root =   ContextWrapper(C('root'),   None,        name='')
+        self.folder = ContextWrapper(C('folder'), self.root,   name='folder')
+        self.item =   ContextWrapper(C('item'),   self.folder, name='item')
         self.tr = Traverser(self.item)
 
     def testImplementsITraverser(self):
@@ -76,7 +78,7 @@
         self.tr = Traverser(root)
 
     def testNoTraversable(self):
-        self.assertRaises(NotFoundError, self.tr.unrestrictedTraverse,
+        self.assertRaises(NotFoundError, self.tr.traverse,
                           'folder')
 
 class UnrestrictedTraverseTests(CleanUp, unittest.TestCase):
@@ -96,51 +98,57 @@
         tr = self.tr
         item = self.item
 
-        self.assertEquals(tr.unrestrictedTraverse('/folder/item'), item)
-        self.assertEquals(tr.unrestrictedTraverse('folder/item'), item)
-        self.assertEquals(tr.unrestrictedTraverse('/folder/item/'), item)
+        self.assertEquals(tr.traverse('/folder/item'), item)
+        self.assertEquals(tr.traverse('folder/item'), item)
+        self.assertEquals(tr.traverse('/folder/item/'), item)
 
     def testSimplePathUnicode(self):
         tr = self.tr
         item = self.item
 
-        self.assertEquals(tr.unrestrictedTraverse(u'/folder/item'), item)
-        self.assertEquals(tr.unrestrictedTraverse(u'folder/item'), item)
-        self.assertEquals(tr.unrestrictedTraverse(u'/folder/item/'), item)
+        self.assertEquals(tr.traverse(u'/folder/item'), item)
+        self.assertEquals(tr.traverse(u'folder/item'), item)
+        self.assertEquals(tr.traverse(u'/folder/item/'), item)
 
     def testSimplePathTuple(self):
         tr = self.tr
         item = self.item
 
-        self.assertEquals(tr.unrestrictedTraverse(('', 'folder', 'item')),
+        self.assertEquals(tr.traverse(('', 'folder', 'item')),
                           item)
-        self.assertEquals(tr.unrestrictedTraverse(('folder', 'item')), item)
+        self.assertEquals(tr.traverse(('folder', 'item')), item)
 
     def testComplexPathString(self):
         tr = self.tr
         item = self.item
 
-        self.assertEquals(tr.unrestrictedTraverse('/folder/../folder/./item'),
+        self.assertEquals(tr.traverse('/folder/../folder/./item'),
             item)
-        self.assertEquals(tr.unrestrictedTraverse(
+        self.assertEquals(tr.traverse(
             '/../folder/../../folder/item'), item)
-        self.assertEquals(tr.unrestrictedTraverse('../../folder/item'), item)
+        self.assertEquals(tr.traverse('../../folder/item'), item)
 
     def testNotFoundDefault(self):
-        self.assertEquals(self.tr.unrestrictedTraverse('foo', 'notFound'),
+        self.assertEquals(self.tr.traverse('foo', 'notFound'),
             'notFound')
 
     def testNotFoundNoDefault(self):
-        self.assertRaises(NotFoundError, self.tr.unrestrictedTraverse, 'foo')
+        self.assertRaises(NotFoundError, self.tr.traverse, 'foo')
+
+def Denied(*names):
+
+    def check(name):
+        if name in names:
+            return 'Waaaa'
+        return CheckerPublic
+
+    return Checker(check)
 
 class RestrictedTraverseTests(CleanUp, unittest.TestCase):
     _oldPolicy = None
     _deniedNames = ()
 
     def setUp(self):
-        self._oldPolicy = setSecurityPolicy(
-            NameBasedSecurityPolicy(self.denyNames))
-
         provideAdapter(None, ITraversable, DefaultTraversable)
 
         self.root = root = C('root')
@@ -150,52 +158,30 @@
         root.folder = folder
         folder.item = item
 
-        self.tr = Traverser(root)
-
-    def tearDown(self):
-        noSecurityManager()
-        setSecurityPolicy(self._oldPolicy)
-        CleanUp.tearDown(self)
-
-    def denyNames(self, name):
-        if name in self._deniedNames:
-            raise Unauthorized
+        self.tr = Traverser(ProxyFactory(root))
 
     def testAllAllowed(self):
-        tr = self.tr
+        defineChecker(C, Checker(lambda name: CheckerPublic)) 
+        tr = Traverser(ProxyFactory(self.root))
         item = self.item
 
-        self.assertEquals(tr.restrictedTraverse(('', 'folder', 'item')), item)
-        self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+        self.assertEquals(tr.traverse(('', 'folder', 'item')), item)
+        self.assertEquals(tr.traverse(('folder', 'item')), item)
         
     def testItemDenied(self):
-        self._deniedNames = ('item',)
-
-        tr = self.tr
+        newSecurityManager('no one')
+        defineChecker(C, Denied('item')) 
+        tr = Traverser(ProxyFactory(self.root))
         folder = self.folder
 
-        self.assertRaises(Unauthorized, tr.restrictedTraverse, 
+        self.assertRaises(Unauthorized, tr.traverse, 
             ('', 'folder', 'item'))
-        self.assertRaises(Unauthorized, tr.restrictedTraverse, 
+        self.assertRaises(Unauthorized, tr.traverse, 
             ('folder', 'item'))
-        self.assertEquals(tr.restrictedTraverse(('', 'folder')), folder)
-        self.assertEquals(tr.restrictedTraverse(('folder', '..', 'folder')),
+        self.assertEquals(tr.traverse(('', 'folder')), folder)
+        self.assertEquals(tr.traverse(('folder', '..', 'folder')),
                           folder)
-        self.assertEquals(tr.restrictedTraverse(('folder',)), folder)
-
-    def testNoneDenied(self):
-        # If traversing up ('..') or to the root, None is passed as a name to
-        # validate.
-        self._deniedNames = (None,)
-
-        tr = self.tr
-        item = self.item
-
-        self.assertRaises(Unauthorized, tr.restrictedTraverse, 
-            ('', 'folder'))
-        self.assertRaises(Unauthorized, tr.restrictedTraverse, 
-            ('folder', '..', 'folder'))
-        self.assertEquals(tr.restrictedTraverse(('folder', 'item')), item)
+        self.assertEquals(tr.traverse(('folder',)), folder)
 
 class DefaultTraversableTests(CleanUp, unittest.TestCase):
     def testImplementsITraversable(self):

=== Removed File Zope3/lib/python/Zope/App/Traversing/tests/testZopeWrapper.py ===