def testUnicodeRolesForPermission(self):
r_item = self.a.r_item
context = self.context
v = self.policy.checkPermission(u'View', r_item, context)
self.assert_(not v, '_View_Permission should deny access to user')
o_context = SecurityContext(self.uf.getUserById('theowner'))
v = self.policy.checkPermission(u'View', r_item, o_context)
self.assert_(v, '_View_Permission should grant access to theowner')
def testOwnerAccess(self):
self.context = SecurityContext(self.uf.getUserById('theowner'))
item = self.item
self.assertPolicyAllows(item, 'public_m')
self.assertPolicyDenies(item, 'protected_m')
self.assertPolicyAllows(item, 'owned_m')
self.assertPolicyAllows(item, 'setuid_m')
self.assertPolicyDenies(item, 'dangerous_m')
def test_checkPermission_proxy_roles_limit_access(self):
r_item = self.a.r_item
context = self.context
self.failUnless(self.policy.checkPermission('Foo', r_item, context))
o_context = SecurityContext(self.uf.getUserById('joe'))
# Push an executable with proxy roles on the stack
eo = OwnedSetuidMethod().__of__(r_item)
eo._proxy_roles = sysadmin_roles
context.stack.append(eo)
self.failIf(self.policy.checkPermission('Foo', r_item, context))
def test_checkPermission_respects_proxy_roles(self):
r_item = self.a.r_item
context = self.context
self.assertFalse(self.policy.checkPermission('View', r_item, context))
o_context = SecurityContext(self.uf.getUserById('joe'))
# Push an executable with proxy roles on the stack
eo = OwnedSetuidMethod().__of__(r_item)
eo._proxy_roles = eo_roles
context.stack.append(eo)
self.assertTrue(self.policy.checkPermission('View', r_item, context))
def setUp(self):
a = App()
self.a = a
a.item = UnprotectedSimpleItem()
a.itemb = UnprotectedSimpleItemBool()
self.item = a.item
a.r_item = RestrictedSimpleItem()
a.item1 = PartlyProtectedSimpleItem1()
a.item2 = PartlyProtectedSimpleItem2()
a.item3 = PartlyProtectedSimpleItem3()
uf = UserFolder()
a.acl_users = uf
self.uf = a.acl_users
uf._doAddUser('joe', 'password', user_roles, ())
uf._doAddUser('theowner', 'password', eo_roles, ())
user = uf.getUserById('joe')
self.user = user
context = SecurityContext(user)
self.context = context
self.policy = self._makeOne()
def _makeContext(self):
from AccessControl.SecurityManagement import SecurityContext
from AccessControl.users import system # allows anything
return SecurityContext(system)
