[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testProtectClass.py:1.1.2.13 testProtectSubClass.py:1.1.2.3 testPublicClass.py:1.1.2.13 testZSP.py:1.1.2.13 testSecurityManagement.py:NONE testSecurityManager.py:NONE
Jim Fulton
jim@zope.com
Sun, 28 Apr 2002 13:17:11 -0400
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv17050/lib/python/Zope/App/Security/tests
Modified Files:
Tag: Zope-3x-branch
testProtectClass.py testProtectSubClass.py testPublicClass.py
testZSP.py
Removed Files:
Tag: Zope-3x-branch
testSecurityManagement.py testSecurityManager.py
Log Message:
HOTYB: Merged SecurityProxy-branch into main branch.
All tests pass and folders can be listed and added through the web.
It is likely that most other things don't work and will need to be
fixed. The reason is that many accesses that should have been checked
before are now being checked and additional checks and thinking about
permissions and security settings are needed.
I'm in the process of drafting a paper for the wiki that describes the
changes in more detail.
=== Zope3/lib/python/Zope/App/Security/tests/testProtectClass.py 1.1.2.12 => 1.1.2.13 ===
<directive namespace="http://namespaces.zope.org/security"
name="protectClass"
- attributes="name, permission, interface, methods"
+ attributes="name, permission, interface, methods, like_unto"
handler="Zope.App.Security.protectClass.">
- <subdirective namespace="http://namespaces.zope.org/security"
- name="protect"
- attributes="permission, interface, methods" />
- <subdirective namespace="http://namespaces.zope.org/security"
- name="instances"
- attributes="permission" />
+ <subdirective namespace="http://namespaces.zope.org/security"
+ name="protect"
+ attributes="permission, interface, methods, like_unto"
+ />
</directive>
<security:permission permission_id="extravagant" title="extravagant" />
<security:permission permission_id="paltry" title="paltry" />
@@ -56,16 +54,18 @@
def setUp(self):
defineDirectives()
- class C:
- __implements__ = I
+ class B:
def m1(self):
return "m1"
def m2(self):
return "m2"
+ class C(B):
+ __implements__ = I
def m3(self):
return "m3"
def m4(self):
return "m4"
+ TestModule.test_base = B
TestModule.test_class = C
TestModule.test_instance = C()
self.assertState()
@@ -78,18 +78,13 @@
m1P=NOTSET, m2P=NOTSET, m3P=NOTSET):
"Verify that class, instance, and methods have expected permissions."
- tclass, instance = TestModule.test_class, TestModule.test_instance
- self.assertEqual(
- (
- getattr(instance, "__permission__", NOTSET),
- getattr(tclass.m1, "__permission__", NOTSET),
- getattr(tclass.m2, "__permission__", NOTSET),
- getattr(tclass.m3, "__permission__", NOTSET),
- getattr(instance.m1, "__permission__", NOTSET),
- getattr(instance.m2, "__permission__", NOTSET),
- getattr(instance.m3, "__permission__", NOTSET),
- ),
- (instP, m1P, m2P, m3P, m1P, m2P, m3P))
+ from Zope.Security.Checker import selectChecker
+ from Zope.Exceptions import Forbidden
+
+ checker = selectChecker(TestModule.test_instance)
+ self.assertEqual(checker.permission_id('m1'), (m1P or None))
+ self.assertEqual(checker.permission_id('m2'), (m2P or None))
+ self.assertEqual(checker.permission_id('m3'), (m3P or None))
def assertDeclaration(self, declaration, **state):
apply_declaration(template_bracket % declaration)
@@ -105,18 +100,10 @@
# "testSimple*" exercises tags that do NOT have children. This mode
# inherently sets the instances as well as the class attributes.
- def testSimpleNoPerm(self):
- """Establish rejection of declarations lacking a permission spec."""
- declaration = ("""<security:protectClass name="%s" />"""
- % (PREFIX+"test_class"))
- self.assertRaises(protectClass.ProtectionDeclarationException,
- self.assertDeclaration,
- declaration)
-
def testSimpleMethodsPlural(self):
declaration = ("""<security:protectClass
name="%s" permission_id="%s"
- methods="m1, m3" />"""
+ names="m1, m3" />"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
instP=P1, m1P=P1, m3P=P1)
@@ -136,7 +123,7 @@
def testCompositeNoPerm(self):
"""Establish rejection of declarations lacking a permission spec."""
declaration = ("""<security:protectClass name="%s">
- <security:protect methods="m1"/>
+ <security:protect names="m1"/>
</security:protectClass>"""
% (PREFIX+"test_class"))
self.assertRaises(protectClass.ProtectionDeclarationException,
@@ -145,17 +132,17 @@
# Permission not in top tag and in one subtag but not in the other:
declaration = ("""<security:protectClass name="%s">
<security:protect permission_id="%s"
- methods="m1"/>
- <security:instances/>
+ names="m1"/>
+ <security:protect
+ names="m2"/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertRaises(protectClass.ProtectionDeclarationException,
- self.assertDeclaration,
- declaration)
+ self.assertDeclaration, declaration, m1P=P1)
def testCompositeMethodTopPerm(self):
declaration = ("""<security:protectClass name="%s" permission_id="%s">
- <security:protect methods="m1"/>
+ <security:protect names="m1"/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
@@ -163,7 +150,7 @@
def testCompositeMethodElementPerm(self):
declaration = ("""<security:protectClass name="%s">
- <security:protect permission_id="%s" methods="m1"/>
+ <security:protect permission_id="%s" names="m1"/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
@@ -171,7 +158,7 @@
def testCompositeMethodsPluralTopPerm(self):
declaration = ("""<security:protectClass name="%s" permission_id="%s">
- <security:protect methods="m1, m2"/>
+ <security:protect names="m1, m2"/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
@@ -180,7 +167,7 @@
def testCompositeMethodsPluralElementPerm(self):
declaration = ("""<security:protectClass name="%s">
<security:protect permission_id="%s"
- methods="m1, m3"/>
+ names="m1, m3"/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
@@ -205,29 +192,11 @@
def testCompositeInstancesTopPerm(self):
declaration = ("""<security:protectClass name="%s" permission_id="%s">
- <security:instances/>
</security:protectClass>"""
% (PREFIX+"test_class", P1))
self.assertDeclaration(declaration,
instP=P1)
- def testCompositeInstancesElementPerm(self):
- declaration = ("""<security:protectClass name="%s">
- <security:instances permission_id="%s"/>
- </security:protectClass>"""
- % (PREFIX+"test_class", P1))
- self.assertDeclaration(declaration,
- instP=P1)
-
- def testBadPermission(self):
- declaration = ("""<security:protectClass name="%s">
- <security:instances permission_id="%s"/>
- </security:protectClass>"""
- % (PREFIX+"test_class", 'bad'))
- self.assertRaises(UndefinedPermissionError, self.assertDeclaration,
- declaration, instP='bad')
-
-
def testSubInterfaces(self):
declaration = ("""<security:protectClass
name="%s" permission_id="%s" interface="%s" />"""
@@ -235,6 +204,29 @@
# m1 and m2 are in the interface, so should be set, and m3 should not:
self.assertDeclaration(declaration,
instP=P1, m1P=P1, m2P=P1)
+
+
+ def testLikeUntoOnly(self):
+ declaration = ("""
+ <security:protectClass name="%s" names="m1,m2" permission_id="%s" />
+ <security:protectClass name="%s" like_unto="%s" />
+ """ % (PREFIX+"test_base", P1,
+ PREFIX+"test_class", PREFIX+"test_base"))
+ # m1 and m2 are in the interface, so should be set, and m3 should not:
+ self.assertDeclaration(declaration,
+ m1P=P1, m2P=P1)
+
+
+ def testLikeUntoAsDefault(self):
+ declaration = ("""
+ <security:protectClass name="%s" names="m1,m2" permission_id="%s" />
+ <security:protectClass name="%s" like_unto="%s"
+ names="m2,m3" permission_id="%s"/>
+ """ % (PREFIX+"test_base", P1,
+ PREFIX+"test_class", PREFIX+"test_base", P2))
+ # m1 and m2 are in the interface, so should be set, and m3 should not:
+ self.assertDeclaration(declaration,
+ m1P=P1, m2P=P2, m3P=P2)
=== Zope3/lib/python/Zope/App/Security/tests/testProtectSubClass.py 1.1.2.2 => 1.1.2.3 ===
from unittest import TestCase, TestSuite, main, makeSuite
from Zope.Testing.CleanUp import CleanUp # Base class w registry cleanup
-from Zope.App.Security.protectClass import protectMethod
+from Zope.App.Security.protectClass import protectName
from Zope.App.Security.PermissionRegistry import permissionRegistry
+from Zope.Security.Checker import selectChecker
class Test(CleanUp, TestCase):
@@ -37,28 +38,17 @@
permissionRegistry.definePermission('B1', '')
permissionRegistry.definePermission('S', '')
- protectMethod(B1, 'g', 'B1')
- protectMethod(S, 'g', 'S')
- protectMethod(S, 'h', 'S')
-
- self.assertEqual(B1.__dict__['g'].__permission__, 'B1')
- self.assertEqual(getattr(B2.__dict__['h'], '__permission__', ''), '')
- self.assertEqual(S().g.__permission__, 'S')
- self.assertEqual(S().h.__permission__, 'S')
+ protectName(B1, 'g', 'B1')
+ protectName(S, 'g', 'S')
+ protectName(S, 'h', 'S')
+
+ self.assertEqual(selectChecker(B1()).permission_id('g'), 'B1')
+ self.assertEqual(selectChecker(B2()).permission_id('h'), None)
+ self.assertEqual(selectChecker(S()).permission_id('g'), 'S')
+ self.assertEqual(selectChecker(S()).permission_id('h'), 'S')
self.assertEqual(S().g(), 'B1.g')
self.assertEqual(S().h(), 'B2.h')
-
- def testOldStyleClass(self):
-
- class B1:
- def g(self): return 'B1.g'
-
- class S(B1):
- pass
-
- permissionRegistry.definePermission('S', '')
- self.assertRaises(TypeError, protectMethod, S, 'g', 'S')
def test_suite():
=== Zope3/lib/python/Zope/App/Security/tests/testPublicClass.py 1.1.2.12 => 1.1.2.13 ===
from Zope.Configuration.meta import InvalidDirective
from TestModuleHookup import *
+from Zope.Security.Checker import CheckerPublic as PublicPermission
NOTSET = []
-PublicPermission = publicClass.PublicPermission
-
class Test(CleanUp, unittest.TestCase):
def setUp(self):
@@ -61,15 +60,12 @@
def assertState(self, instP=NOTSET,
m1P=NOTSET, m2P=NOTSET, m3P=NOTSET):
"Verify that class, instance, and methods have expected permissions."
+ from Zope.Security.Checker import selectChecker
- tclass, instance = TestModule.test_class, TestModule.test_instance
- self.assertEqual(getattr(instance, "__permission__", NOTSET), instP)
- self.assertEqual(getattr(tclass.m1, "__permission__", NOTSET), m1P)
- self.assertEqual(getattr(tclass.m2, "__permission__", NOTSET), m2P)
- self.assertEqual(getattr(tclass.m3, "__permission__", NOTSET), m3P)
- self.assertEqual(getattr(instance.m1, "__permission__", NOTSET), m1P)
- self.assertEqual(getattr(instance.m2, "__permission__", NOTSET), m2P)
- self.assertEqual(getattr(instance.m3, "__permission__", NOTSET), m3P)
+ checker = selectChecker(TestModule.test_instance)
+ self.assertEqual(checker.permission_id('m1'), (m1P or None))
+ self.assertEqual(checker.permission_id('m2'), (m2P or None))
+ self.assertEqual(checker.permission_id('m3'), (m3P or None))
def assertDeclaration(self, declaration, **state):
apply_declaration(template_bracket % declaration)
@@ -91,14 +87,14 @@
declaration)
def testMethod(self):
- declaration = ("""<security:publicClass name="%s" methods="m1" />"""
+ declaration = ("""<security:publicClass name="%s" names="m1" />"""
% (PREFIX+"test_class"))
self.assertDeclaration(declaration,
instP=PublicPermission, m1P=PublicPermission)
def testMethodsPlural(self):
declaration = ("""<security:publicClass
- name="%s" methods="m1, m3" />"""
+ name="%s" names="m1, m3" />"""
% (PREFIX+"test_class"))
self.assertDeclaration(declaration,
instP=PublicPermission, m1P=PublicPermission,
=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.12 => 1.1.2.13 ===
from Interface import Interface
-from Zope.ContextWrapper import Wrapper
+from Zope.Proxy.ContextWrapper import ContextWrapper
from Zope.ComponentArchitecture import provideAdapter
from Zope.App.Security.IRolePermissionManager import IRolePermissionManager
from Zope.App.Security.PermissionRegistry import permissionRegistry
@@ -58,10 +58,6 @@
pass
-class Protected:
- def __init__(self, permission):
- self.__permission__ = permission
-
class Test(CleanUp, unittest.TestCase):
@@ -154,7 +150,7 @@
ob2 = TestClass()
ob3 = TestClass()
- ob = Wrapper(ob3, Wrapper(ob2, ob1))
+ ob = ContextWrapper(ob3, ContextWrapper(ob2, ob1))
self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
ARPM(ob2).grantPermissionToRole(test, self.manager)
@@ -196,7 +192,7 @@
test = permissionRegistry.definePermission('test', 'Test', '')
test = test.getId()
- ob = Wrapper(ob3, Wrapper(ob2, ob1))
+ ob = ContextWrapper(ob3, ContextWrapper(ob2, ob1))
self.failIf(self.policy.checkPermission(test, ob, Context(self.tim)))
APPM(ob2).grantPermissionToPrincipal(test, self.tim)
self.failUnless(self.policy.checkPermission(test, ob,
@@ -220,32 +216,6 @@
principalPermissionManager.unsetPermissionForPrincipal(
test, self.tim)
-
-
-
- def test_validate(self):
- self.policy.validate('_', Protected(self.read), Context(self.jim))
- self.policy.validate('_', Protected(self.read), Context(self.tim))
- self.policy.validate('_', Protected(self.write), Context(self.tim))
-
- self.assertRaises(Unauthorized,
- self.policy.validate,
- 'x', Protected(self.read), Context(self.unknown))
- self.assertRaises(Unauthorized,
- self.policy.validate,
- 'x', Protected(self.write), Context(self.unknown))
-
- rolePermissionManager.grantPermissionToRole(self.read, 'Anonymous')
-
- self.policy.validate('_', Protected(self.read), Context(self.unknown))
-
- principalPermissionManager.grantPermissionToPrincipal(self.write,
- self.jim)
- self.policy.validate('_', Protected(self.write), Context(self.jim))
-
- self.assertRaises(Forbidden,
- self.policy.validate,
- 'x', Unprotected(), Context(self.tim))
class ITest(IAttributeMementoStorable):
pass
=== Removed File Zope3/lib/python/Zope/App/Security/tests/testSecurityManagement.py ===
=== Removed File Zope3/lib/python/Zope/App/Security/tests/testSecurityManager.py ===