[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/Security/tests - testZSP.py:1.1.2.8.2.5
Casey Duncan
casey_duncan@yahoo.com
Tue, 12 Feb 2002 10:34:37 -0500
Update of /cvs-repository/Zope3/lib/python/Zope/App/Security/tests
In directory cvs.zope.org:/tmp/cvs-serv31197/tests
Modified Files:
Tag: Zope-3x-security_defactor-branch
testZSP.py
Log Message:
Additional refactoring of ZopeSecurityPolicy. Conflicting role permissions are now handled correctly (deny always wins). Role computation is now inlined and combined with principal permission checking, this allows principal permissions to be asserted sooner so they Read from remote host cvs.zope.org: Connection reset by peera bit easier to follow.
=== Zope3/lib/python/Zope/App/Security/tests/testZSP.py 1.1.2.8.2.4 => 1.1.2.8.2.5 ===
manager = roleRegistry.defineRole('Manager', 'Site Manager')
self.manager = manager.getId()
+
+ arole = roleRegistry.defineRole('Another', 'Another Role')
+ self.arole = arole.getId()
rolePermissionManager.grantPermissionToRole(self.read, self.peon)
@@ -173,6 +176,18 @@
test, ob, Context(self.jim)))
principalPermissionManager.unsetPermissionForPrincipal(
test, self.jim)
+ # Make sure multiple conflicting role permissions resolve correctly
+ ARPM(ob2).grantPermissionToRole(test, 'Anonymous')
+ ARPM(ob2).grantPermissionToRole(test, self.arole)
+ ARPM(ob3).denyPermissionToRole(test, self.peon)
+
+ new = principalRegistry.definePrincipal('new', 'Newbie',
+ 'Newbie User', 'new', '098')
+ new = new.getId()
+ principalRoleManager.assignRoleToPrincipal(self.arole, new)
+ self.failUnless(self.policy.checkPermission(test, ob, Context(new)))
+ principalRoleManager.assignRoleToPrincipal(self.peon, new)
+ self.failIf(self.policy.checkPermission(test, ob, Context(new)))
def testPlayfulPrinciplePermissions(self):
APPM = AttributePrincipalPermissionManager