Ejemplo n.º 1
0
    def test_deny_dublincore_view(self):
        """Tests the denial of dublincore view permissions to anonymous.

        Users who can view a folder contents page but cannot view dublin core
        should still be able to see the folder items' names, but not their
        title, modified, and created info.
        """
        # add an item that can be viewed from the root folder
        file = File()
        self.getRootFolder()['file'] = file
        IZopeDublinCore(file).title = u'My File'

        # deny zope.app.dublincore.view to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.app.dublincore.view', 'zope.Anonymous')
        transaction.commit()

        response = self.publish('/')
        self.assertEquals(response.getStatus(), 200)
        body = response.getBody()

        # confirm we can see the file name
        self.assert_(body.find('<a href="file">file</a>') != -1)

        # confirm we *cannot* see the metadata title
        self.assert_(body.find('My File') == -1)
Ejemplo n.º 2
0
 def setPermissionRoles(self):
     """Set permissions of roles.
     """
     prm = IRolePermissionManager(self.context)
     permissions = [perm.id for perm in self.permissions]
     for perm in permissions:
         rperm = self.request.get(u'perm%s' % perm)
         if rperm not in permissions:
             continue
         for role in self.roles:
             rrole = self.request.get('role%s' % role)
             if rrole not in self.roles:
                 continue
             setting = self.request.get(u'prole%s%s' % (perm, role))
             if setting is None:
                 continue
             if setting == Unset.getName():
                 prm.unsetPermissionFromRole(rperm, rrole)
             elif setting == Allow.getName():
                 prm.grantPermissionToRole(rperm, rrole)
             elif setting == Deny.getName():
                 prm.denyPermissionToRole(rperm, rrole)
             else:
                 # Unknown value. Ignore it.
                 pass
     self.msg = u"Permissions successfully updated."
Ejemplo n.º 3
0
    def test_deny_view(self):
        """Tests the denial of view permissions to anonymous.

        This test uses the ZMI interface to deny anonymous zope.View permission
        to the root folder.
        """
        # deny zope.View to zope.Anonymous
        prm = IRolePermissionManager(self.getRootFolder())
        prm.denyPermissionToRole('zope.View', 'zope.Anonymous')
        transaction.commit()

        # confirm Unauthorized when viewing root folder
        self.assertRaises(Unauthorized, self.publish, '/')