def test_edit_package_build(self):
# An authenticated user who belongs to the owning archive team
# can edit the build.
login_person(self.package_build.archive.owner)
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertTrue(checkPermission('launchpad.Edit', self.package_build))
# But other users cannot.
other_person = self.factory.makePerson()
login_person(other_person)
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_edit_package_build(self):
# An authenticated user who belongs to the owning archive team
# can edit the build.
login_person(self.package_build.archive.owner)
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertTrue(checkPermission('launchpad.Edit', self.package_build))
# But other users cannot.
other_person = self.factory.makePerson()
login_person(other_person)
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_distro_owner_have_launchpad_Edit(self):
sourcepackage = self.factory.makeSourcePackage()
with person_logged_in(sourcepackage.distribution.owner):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Distribution owner should have launchpad.Edit on source "
"packages.")
def test_user_with_account_age_can_edit(self):
person = self.factory.makePerson()
naked_account = removeSecurityProxy(person.account)
naked_account.date_created = (
naked_account.date_created - timedelta(days=10))
with person_logged_in(person):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def get_file(self, name):
if not checkPermission('zope.View', self.context):
raise Unauthorized(name)
handler = IImageMiniaturizer(self.context, None)
if handler is not None:
return handler.get(name)
return None
def test_private_bug_subscriber_can_edit(self):
person = self.factory.makePerson()
with admin_logged_in() as admin:
self.bug.setPrivate(True, admin)
self.bug.subscribe(person, admin)
with person_logged_in(person):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_distro_owner_have_launchpad_Edit(self):
sourcepackage = self.factory.makeSourcePackage()
with person_logged_in(sourcepackage.distribution.owner):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Distribution owner should have launchpad.Edit on source "
"packages.")
def __call__(node, request):
if not checkPermission(permission, node.context):
# You are not allowed here.
if IUnauthenticatedPrincipal.providedBy(request.principal):
raise Unauthorized
raise Forbidden
return method(node, request)
def test_admins_have_launchpad_Edit(self):
admin = self.factory.makeAdministrator()
sourcepackage = self.factory.makeSourcePackage()
with person_logged_in(admin):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Administrators should have launchpad.Edit on source "
"packages.")
def test_john_doe_cannot_edit(self):
sourcepackage = self.factory.makeSourcePackage()
john_doe = self.factory.makePerson()
with person_logged_in(john_doe):
self.failIf(
checkPermission('launchpad.Edit', sourcepackage),
"Random user shouldn't have launchpad.Edit on source "
"packages.")
def test_checkPermission_forbidden_policy(self):
from zope.security import checkPermission
from zope.security.checker import CheckerPublic
from zope.security.management import setSecurityPolicy
from zope.security.management import newInteraction
obj = object()
class ForbiddenPolicyStub(object):
def checkPermission(s, p, o):
return False
setSecurityPolicy(ForbiddenPolicyStub)
newInteraction()
self.assertEqual(checkPermission('zope.Test', obj), False)
self.assertEqual(checkPermission(None, obj), True)
self.assertEqual(checkPermission(CheckerPublic, obj), True)
def test_admins_have_launchpad_Edit(self):
admin = self.factory.makeAdministrator()
sourcepackage = self.factory.makeSourcePackage()
with person_logged_in(admin):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Administrators should have launchpad.Edit on source "
"packages.")
def test_john_doe_cannot_edit(self):
sourcepackage = self.factory.makeSourcePackage()
john_doe = self.factory.makePerson()
with person_logged_in(john_doe):
self.failIf(
checkPermission('launchpad.Edit', sourcepackage),
"Random user shouldn't have launchpad.Edit on source "
"packages.")
def test_checkPermission_forbidden_policy(self):
from zope.security import checkPermission
from zope.security.checker import CheckerPublic
from zope.security.management import setSecurityPolicy
from zope.security.management import newInteraction
obj = object()
class ForbiddenPolicyStub(object):
def checkPermission(s, p, o):
return False
setSecurityPolicy(ForbiddenPolicyStub)
newInteraction()
self.assertEqual(checkPermission("zope.Test", obj), False)
self.assertEqual(checkPermission(None, obj), True)
self.assertEqual(checkPermission(CheckerPublic, obj), True)
def test_uploader_has_launchpad_edit(self):
sourcepackage = self.factory.makeSourcePackage()
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages.")
def test_uploader_has_launchpad_edit(self):
sourcepackage = self.factory.makeSourcePackage()
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages.")
def test_uploader_have_launchpad_edit_on_supported_series(self):
supported_series = self.factory.makeDistroSeries(
status=SeriesStatus.SUPPORTED)
sourcepackage = self.factory.makeSourcePackage(
distroseries=supported_series)
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages in a SUPPORTED series.")
def test_uploader_have_launchpad_edit_on_supported_series(self):
supported_series = self.factory.makeDistroSeries(
status=SeriesStatus.SUPPORTED)
sourcepackage = self.factory.makeSourcePackage(
distroseries=supported_series)
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages in a SUPPORTED series.")
def navtreequery(self):
self.intid = getUtility(IIntIds)
self.current = absoluteURL(self.context, self.request)
root = self.request.form.get('root')
if root == u"source" or not root:
node = getSite()
else:
node = self.intid.queryObject(int(root))
if not node:
raise NotImplementedError("Unexisiting node.")
if (root == u"source" or not root) and checkPermission(grok.name.bind().get(security.CanAddContent), self.context):
# if we look at the site root, add in a root node which allows us to return to the site root/index easily
return self._buildTreeWithRoot(node)
else:
return self._buildTree(node)
def __call__(self):
item = IHarvestedRSSItem(self.context)
self.title = item.title
self.description = item.summary
self.url = item.url
self.author = item.author
self.source = item.sourceTitle
self.feedTitle = u""
self.ratable = IRatable.providedBy(self.context)
self.saveable = ISaveable.providedBy(self.context)
self.canSave = self.saveable and checkPermission('gadoz.portfolio.Save', self.context)
self.showActions = self.ratable or self.saveable
return self.template()
def test_uploader_has_launchpad_edit_on_obsolete_series(self):
obsolete_series = self.factory.makeDistroSeries(
status=SeriesStatus.OBSOLETE)
archive = obsolete_series.distribution.main_archive
removeSecurityProxy(archive).permit_obsolete_series_uploads = True
sourcepackage = self.factory.makeSourcePackage(
distroseries=obsolete_series)
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages in an OBSOLETE series.")
def test_uploader_has_launchpad_edit_on_obsolete_series(self):
obsolete_series = self.factory.makeDistroSeries(
status=SeriesStatus.OBSOLETE)
archive = obsolete_series.distribution.main_archive
removeSecurityProxy(archive).permit_obsolete_series_uploads = True
sourcepackage = self.factory.makeSourcePackage(
distroseries=obsolete_series)
uploader = self.factory.makePerson()
archive = sourcepackage.get_default_archive()
with person_logged_in(sourcepackage.distribution.main_archive.owner):
archive.newPackageUploader(uploader, sourcepackage.name)
with person_logged_in(uploader):
self.assertTrue(
checkPermission('launchpad.Edit', sourcepackage),
"Uploader to the package should have launchpad.Edit on "
"source packages in an OBSOLETE series.")
def __checkSecurity(self, data):
"""
Returns a boolean indicating whether *data* passes the security
checks defined for this subscription.
If we are not able to make the security check because the principal or
permission we are supposed to use is not defined, returns the special
(false) value `None`. This can be used to distinguish the case where
access is denied by the security policy from the case where requested
principals are missing.
"""
if not self.permission_id and not self.owner_id:
# If no security is requested, we're good.
return True
# OK, now we need to find the permission and the principal.
# Both should be found in the context of the data; if not
# there, then check the currently installed site.
principal = self._find_principal(data)
permission = self._find_permission(data)
if principal is None or permission is None:
# A missing permission causes zope.security to grant full access.
# It's treated the same as zope.Public. So don't let that happen.
return None
# Now, we need to set up the interaction and do the security check.
participation = Participation(principal)
current_interaction = queryInteraction()
if current_interaction is not None:
# Cool, we can add our participation to the interaction.
current_interaction.add(participation)
else:
newInteraction(participation)
try:
# Yes, this needs the ID of the permission, not the permission object.
return checkPermission(self.permission_id, data)
finally:
if current_interaction is not None:
current_interaction.remove(participation)
else:
endInteraction()
def test_checkPermission_w_interaction(self):
from zope.security.management import checkPermission
from zope.security.management import setSecurityPolicy
from zope.security.management import queryInteraction
from zope.security.management import newInteraction
permission = "zope.Test"
obj = object()
class PolicyStub(object):
def checkPermission(s, p, o):
self.assertTrue(p is permission)
self.assertTrue(o is obj)
self.assertTrue(s is queryInteraction() or s is interaction)
return s is interaction
setSecurityPolicy(PolicyStub)
newInteraction()
interaction = queryInteraction()
self.assertEqual(checkPermission(permission, obj), True)
def traverse(self, name, ignore):
"""See dolmen.content.interfaces.IFactory
"""
factory = queryUtility(dolmen.content.IFactory, name)
if factory is not None:
permission = dolmen.content.require.bind().get(factory.factory)
if checkPermission(permission, self.context):
self.factory = factory
app = grok.getApplication()
context = app["configuration"]["meta"]["p2_model"]
addform = context.plan.forms["add_model_view"]
view = queryMultiAdapter((addform, self.request, self), name=factory.addform)
if view is not None:
view.mode = "OPERATIONAL"
return view
else:
raise Unauthorized("%r requires the %r permission." % (factory.factory, permission))
raise NotFound(self.context, name, self.request)
def test_checkPermission_w_interaction(self):
from zope.security.management import checkPermission
from zope.security.management import setSecurityPolicy
from zope.security.management import queryInteraction
from zope.security.management import newInteraction
permission = 'zope.Test'
obj = object()
class PolicyStub(object):
def checkPermission(
s,
p,
o,
):
self.assertTrue(p is permission)
self.assertTrue(o is obj)
self.assertTrue(s is queryInteraction() or s is interaction)
return s is interaction
setSecurityPolicy(PolicyStub)
newInteraction()
interaction = queryInteraction()
self.assertEqual(checkPermission(permission, obj), True)
def test_private_bug_non_subscriber_cannot_edit(self):
with admin_logged_in() as admin:
self.bug.setPrivate(True, admin)
with person_logged_in(self.factory.makePerson()):
self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def checkEditing(self):
return checkPermission('zojax.contenttype.AddCalendarEvent', self.context)
def test_view_package_build(self):
# Anonymous access can read public builds, but not edit.
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_admin_package_build(self):
# Users with edit access can update attributes.
login('*****@*****.**')
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertTrue(checkPermission('launchpad.Edit', self.package_build))
def test_unauthenticated_user_cannot_edit(self):
self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def check_permission(self, permission_id):
permission_id = PERM_MAP[permission_id]
return checkPermission(permission_id, self.context)
def check_permission(self, permission_id):
permission_id = PERM_MAP[permission_id]
return checkPermission(permission_id, self.context)
def test_registry_expert_can_edit(self):
with celebrity_logged_in('registry_experts'):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_view_package_build(self):
# Anonymous access can read public builds, but not edit.
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_target_owner_can_edit(self):
with person_logged_in(self.bug.default_bugtask.target.owner):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_user_with_karma_can_edit(self):
person = self.factory.makePerson()
self._makeKarmaTotalCache(person, 10)
with person_logged_in(person):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_bug_reporter_can_edit(self):
with person_logged_in(self.bug.owner):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_admin_can_edit(self):
with admin_logged_in():
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_admin_package_build(self):
# Users with edit access can update attributes.
login('*****@*****.**')
self.assertTrue(checkPermission('launchpad.View', self.package_build))
self.assertTrue(checkPermission('launchpad.Edit', self.package_build))
def test_new_user_cannot_edit(self):
with person_logged_in(self.factory.makePerson()):
self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def __call__(self, permission):
if checkPermission(permission, self.context):
return "Yes, you have the %r permission." % permission
else:
return "No, you don't have the %r permission." % permission
def test_target_bug_supervisor_can_edit(self):
person = self.factory.makePerson()
removeSecurityProxy(self.bug.default_bugtask.target).bug_supervisor = (
person)
with person_logged_in(person):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_commercial_admin_can_edit(self):
with celebrity_logged_in('commercial_admin'):
self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def __call__(self, permission):
if checkPermission(permission, self.context):
return "Yes, you have the %r permission." % permission
else:
return "No, you don't have the %r permission." % permission
def isAvailable(self):
return self.view and checkPermission('zope.View', self.context)
