Beispiel #1
0
    def test_deny_dublincore_view(self):
        """Tests the denial of dublincore view permissions to anonymous.

        Users who can view a folder contents page but cannot view dublin core
        should still be able to see the folder items' names, but not their
        title, modified, and created info.
        """
        # add an item that can be viewed from the root folder
        file = File()
        self.getRootFolder()['file'] = file
        IZopeDublinCore(file).title = u'My File'

        # deny zope.app.dublincore.view to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
        transaction.commit()

        response = self.publish('/')
        self.assertEquals(response.getStatus(), 200)
        body = response.getBody()

        # confirm we can see the file name
        self.assert_(body.find('<a href="file">file</a>') != -1)

        # confirm we *cannot* see the metadata title
        self.assert_(body.find('My File') == -1)
Beispiel #2
0
    def test_deny_view(self):
        """Tests the denial of view permissions to anonymous.

        This test uses the ZMI interface to deny anonymous zope.View permission
        to the root folder.
        """
        # deny zope.View to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
        transaction.commit()

        # confirm Unauthorized when viewing root folder
        self.assertRaises(Unauthorized, self.publish, '/')
Beispiel #3
0
 def setPermissionRoles(self):
     """Set permissions of roles.
     """
     prm = IRolePermissionManager(self.context)
     permissions = [perm.id for perm in self.permissions]
     for perm in permissions:
         rperm = self.request.get(u'perm%s' % perm)
         if rperm not in permissions:
             continue
         for role in self.roles:
             rrole = self.request.get('role%s' % role)
             if rrole not in self.roles:
                 continue
             setting = self.request.get(u'prole%s%s' % (perm, role))
             if setting is None:
                 continue
             if setting == Unset.getName():
                 prm.unsetPermissionFromRole(rperm, rrole)
             elif setting == Allow.getName():
                 prm.grantPermissionToRole(rperm, rrole)
             elif setting == Deny.getName():
                 prm.denyPermissionToRole(rperm, rrole)
             else:
                 # Unknown value. Ignore it.
                 pass
     self.msg = u"Permissions successfully updated."
Beispiel #4
0
 def getPermissionRoles(self):
     """Get a dict of dicts containing the current role->permission
     mappings.
     """
     prm = IRolePermissionManager(self.context)
     result = {}
     for perm in self.permissions:
         proles = prm.getRolesForPermission(perm.id)
         settings = {}
         for role, setting in proles:
             settings[role] = setting.getName()
         nosetting = Unset.getName()
         result[perm.id] = {}
         for role in self.roles:
             result[perm.id][role] = settings.get(role, nosetting)
     return result
Beispiel #5
0
def setQreatureFolderUtilities(event):
    """ This is a handler for custom event.
    All object hierarchies and site-level utilities are created here"""
    site = event.object
    sm = site.getSiteManager()
    
    internal_principal = InternalPrincipal(site.login, site.password, u'owner')
    quiz_site = site.__parent__
    quiz_site_manager = quiz_site.getSiteManager()
    quiz_site_pau = quiz_site_manager['pau']
    quiz_site_pf = quiz_site_pau['PrincipalFolder']
    quiz_site_pf.__setitem__(site.__name__, internal_principal)
    
    role = LocalRole(u'Quiz Creator',u'Registerde user, able to create and edit quizes')
    sm['role'] = role
    sm.registerUtility(role, IRole, site.__name__)
    
    role_perm_manager = IRolePermissionManager(site)
    role_perm_manager.grantPermissionToRole("qreature.edit_quiz", site.__name__)