def test_both_wrapper_and_object_have_checkers_not_security_proxied(self):
from zope.proxy import ProxyBase
from zope.security.checker import CombinedChecker
from zope.security.checker import NamesChecker
from zope.security.checker import defineChecker
from zope.security.interfaces import ForbiddenAttribute
class Foo(object):
a = 'a'
fooChecker = NamesChecker(['a']) # a is public
defineChecker(Foo, fooChecker)
foo = Foo()
fooChecker.check(foo, 'a') # no raise
self.assertRaises(ForbiddenAttribute,
fooChecker.check, foo, 'b')
class Wrapper(ProxyBase):
b = 'b'
__Security_checker__ = self._makeOne()
wrapperChecker = NamesChecker(['b']) # b is public
defineChecker(Wrapper, wrapperChecker)
wrapper = Wrapper(foo)
self.assertRaises(ForbiddenAttribute,
wrapperChecker.check, foo, 'a')
wrapperChecker.check(foo, 'b') # no raise
checker = wrapper.__Security_checker__
self.assertTrue(isinstance(checker, CombinedChecker))
checker.check(wrapper, 'a') # no raise
checker.check(wrapper, 'b') # no raise
def test_both_wrapper_and_object_have_checkers_not_security_proxied(self):
from zope.proxy import ProxyBase
from zope.security.checker import CombinedChecker
from zope.security.checker import NamesChecker
from zope.security.checker import defineChecker
from zope.security.interfaces import ForbiddenAttribute
class Foo(object):
a = 'a'
fooChecker = NamesChecker(['a']) # a is public
defineChecker(Foo, fooChecker)
foo = Foo()
fooChecker.check(foo, 'a') # no raise
self.assertRaises(ForbiddenAttribute, fooChecker.check, foo, 'b')
class Wrapper(ProxyBase):
b = 'b'
__Security_checker__ = self._makeOne()
wrapperChecker = NamesChecker(['b']) # b is public
defineChecker(Wrapper, wrapperChecker)
wrapper = Wrapper(foo)
self.assertRaises(ForbiddenAttribute, wrapperChecker.check, foo, 'a')
wrapperChecker.check(foo, 'b') # no raise
checker = wrapper.__Security_checker__
self.assertTrue(isinstance(checker, CombinedChecker))
checker.check(wrapper, 'a') # no raise
checker.check(wrapper, 'b') # no raise
def test_check_getattr(self):
oldinst = OldInst()
oldinst.d = OldInst()
newinst = NewInst()
newinst.d = NewInst()
for inst in oldinst, newinst:
checker = NamesChecker(['a', 'b', 'c', '__getitem__'], 'perm')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c')
self.assertRaises(Unauthorized, checker.check, inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
'test_allowed')
checker.check_getattr(inst, 'a')
checker.check_getattr(inst, 'b')
checker.check_getattr(inst, 'c')
checker.check(inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
CheckerPublic)
checker.check_getattr(inst, 'a')
checker.check_getattr(inst, 'b')
checker.check_getattr(inst, 'c')
checker.check(inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
def test_check_getattr(self):
oldinst = OldInst()
oldinst.d = OldInst()
newinst = NewInst()
newinst.d = NewInst()
for inst in oldinst, newinst:
checker = NamesChecker(['a', 'b', 'c', '__getitem__'], 'perm')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b')
self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c')
self.assertRaises(Unauthorized, checker.check, inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
'test_allowed')
checker.check_getattr(inst, 'a')
checker.check_getattr(inst, 'b')
checker.check_getattr(inst, 'c')
checker.check(inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
checker = NamesChecker(['a', 'b', 'c', '__getitem__'],
CheckerPublic)
checker.check_getattr(inst, 'a')
checker.check_getattr(inst, 'b')
checker.check_getattr(inst, 'c')
checker.check(inst, '__getitem__')
self.assertRaises(Forbidden, checker.check, inst, '__setitem__')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'd')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'e')
self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
def testAlwaysAvailable(self):
from zope.security.checker import NamesChecker
checker = NamesChecker(())
class C(object): pass
self.assertEqual(checker.check(C, '__hash__'), None)
self.assertEqual(checker.check(C, '__nonzero__'), None)
self.assertEqual(checker.check(C, '__class__'), None)
self.assertEqual(checker.check(C, '__implements__'), None)
self.assertEqual(checker.check(C, '__lt__'), None)
self.assertEqual(checker.check(C, '__le__'), None)
self.assertEqual(checker.check(C, '__gt__'), None)
self.assertEqual(checker.check(C, '__ge__'), None)
self.assertEqual(checker.check(C, '__eq__'), None)
self.assertEqual(checker.check(C, '__ne__'), None)
self.assertEqual(checker.check(C, '__name__'), None)
self.assertEqual(checker.check(C, '__parent__'), None)
def testAlwaysAvailable(self):
from zope.security.checker import NamesChecker
checker = NamesChecker(())
class C(object):
pass
self.assertEqual(checker.check(C, '__hash__'), None)
self.assertEqual(checker.check(C, '__nonzero__'), None)
self.assertEqual(checker.check(C, '__class__'), None)
self.assertEqual(checker.check(C, '__implements__'), None)
self.assertEqual(checker.check(C, '__lt__'), None)
self.assertEqual(checker.check(C, '__le__'), None)
self.assertEqual(checker.check(C, '__gt__'), None)
self.assertEqual(checker.check(C, '__ge__'), None)
self.assertEqual(checker.check(C, '__eq__'), None)
self.assertEqual(checker.check(C, '__ne__'), None)
self.assertEqual(checker.check(C, '__name__'), None)
self.assertEqual(checker.check(C, '__parent__'), None)
