[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testPrincipalPermissionManager.py:1.1.2.6

[Anthony Baxter]

Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv29142/tests

Modified Files:
      Tag: Zope-3x-branch
	testPrincipalPermissionManager.py 
Log Message:
Checking in new PrincipalPermissionManager. The Security unit tests will
be broken for a short while until we finish the whiteboarding and fix the
code. (wasn't planning to break it immediately, but what the heck, Andreas
already broke it with the RolePermissionManager changes :)


=== Zope3/lib/python/Zope/App/Security/tests/testPrincipalPermissionManager.py 1.1.2.5 => 1.1.2.6 ===
 from Zope.App.Security.PrincipalPermissionManager \
     import principalPermissionManager as manager
+from Zope.App.Security.Settings import Allow, Deny
 
 class Test(unittest.TestCase):
 
@@ -32,7 +33,6 @@
             title or 'A Principal',
             login = id or 'APrincipal')
         return id or 'APrincipal'
-             
 
     def testUnboundPrincipalPermission(self):
         permission = permregistry.definePermission('APerm', 'title')
@@ -43,11 +43,39 @@
     def testPrincipalPermission(self):
         permission = permregistry.definePermission('APerm', 'title')
         principal = self._make_principal()
+        # check that an allow permission is saved correctly
         manager.grantPermissionToPrincipal(permission, principal)
         self.assertEqual(manager.getPrincipalsForPermission(permission),
-                         [principal])
+                         [(principal, Allow)])
         self.assertEqual(manager.getPermissionsForPrincipal(principal),
-                         [permission])
+                         [(permission, Allow)])
+        # check that the allow permission is removed.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
+        # now put a deny in there, check it's set.
+        manager.denyPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Deny)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Deny)])
+        # test for deny followed by allow . The latter should override.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+        # check that allow followed by allow is just a single allow.
+        manager.grantPermissionToPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission),
+                         [(principal, Allow)])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal),
+                         [(permission, Allow)])
+        # check that two unsets in a row quietly ignores the second one.
+        manager.unsetPermissionForPrincipal(permission, principal)
+        manager.unsetPermissionForPrincipal(permission, principal)
+        self.assertEqual(manager.getPrincipalsForPermission(permission), [])
+        self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
 
     def testManyPermissionsOnePrincipal(self):
         perm1 = permregistry.definePermission('Perm One', 'title')
@@ -57,19 +85,24 @@
         manager.grantPermissionToPrincipal(perm2, prin1)
         perms = manager.getPermissionsForPrincipal(prin1)
         self.assertEqual(len(perms), 2)
-        self.failUnless(perm1 in perms)
-        self.failUnless(perm2 in perms)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Allow) in perms)
+        manager.denyPermissionToPrincipal(perm2, prin1)
+        perms = manager.getPermissionsForPrincipal(prin1)
+        self.assertEqual(len(perms), 2)
+        self.failUnless((perm1,Allow) in perms)
+        self.failUnless((perm2,Deny) in perms)
 
     def testManyPrincipalsOnePermission(self):
         perm1 = permregistry.definePermission('Perm One', 'title').getId()
         prin1 = self._make_principal()
         prin2 = self._make_principal('Principal 2', 'Principal Two')
         manager.grantPermissionToPrincipal(perm1, prin1)
-        manager.grantPermissionToPrincipal(perm1, prin2)
+        manager.denyPermissionToPrincipal(perm1, prin2)
         principals = manager.getPrincipalsForPermission(perm1)
         self.assertEqual(len(principals), 2)
-        self.failUnless(prin1 in principals)
-        self.failUnless(prin2 in principals)
+        self.failUnless((prin1,Allow) in principals)
+        self.failUnless((prin2,Deny) in principals)
 
 def test_suite():
     loader=unittest.TestLoader()