def test_checkPermission_delegated_cache_unauthenticated(self):
     # checkPermission caches the result of checkUnauthenticated for a
     # particular object and permission, even if that object's
     # authorization has been delegated.
     request = self.makeRequest()
     policy = LaunchpadSecurityPolicy(request)
     # Delegate auth for Object to AnotherObject{One,Two}.
     permission = self.factory.getUniqueString()
     self.useFixture(
         ZopeAdapterFixture(Delegate, [Object], name=permission))
     # Allow auth to AnotherObjectOne.
     self.useFixture(
         ZopeAdapterFixture(
             Allow, [AnotherObjectOne], name=Delegate.permission))
     # Deny auth to AnotherObjectTwo.
     self.useFixture(
         ZopeAdapterFixture(
             Deny, [AnotherObjectTwo], name=Delegate.permission))
     # Calling checkPermission() populates the participation cache.
     objecttoauthorize = Object()
     policy.checkPermission(permission, objecttoauthorize)
     # It contains results for objecttoauthorize and the two objects that
     # its authorization was delegated to.
     cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY]
     cache_expected = {
         objecttoauthorize: {permission: False},
         Delegate.object_one: {Delegate.permission: True},
         Delegate.object_two: {Delegate.permission: False},
         }
     self.assertEqual(cache_expected, dict(cache))
 def setUp(self):
     zope.testing.cleanup.cleanUp()
     cls = TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel
     super(cls, self).setUp()
     self.principal = LaunchpadPrincipal(
         '*****@*****.**', 'foo', 'foo', object())
     self.security = LaunchpadSecurityPolicy()
     provideAdapter(
         adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)
     self.addCleanup(zope.testing.cleanup.cleanUp)
Example #3
0
 def test_checkPermission_cache_unauthenticated(self):
     # checkPermission caches the result of checkUnauthenticated for a
     # particular object and permission.
     request = self.makeRequest()
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkPermission for the first time, the security policy
     # calls the checker.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     # A subsequent identical call does not call the checker.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
Example #4
0
 def test_checkPermission_commit_clears_cache(self):
     # Committing a transaction clears the cache.
     request = self.makeRequest()
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkPermission before setting the principal, the
     # security policy calls checkUnauthenticated on the checker.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     transaction.commit()
     # After committing a transaction, the policy calls
     # checkUnauthenticated again rather than finding a value in the cache.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
                      checker_factory.calls)
Example #5
0
 def test_checkPermission_clearSecurityPolicyCache_resets_cache(self):
     # Calling clearSecurityPolicyCache on the request clears the cache.
     request = self.makeRequest()
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkPermission for the first time, the security policy
     # calls checkUnauthenticated on the checker.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     request.clearSecurityPolicyCache()
     # After clearing the cache the policy calls checkUnauthenticated
     # again.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
                      checker_factory.calls)
Example #6
0
 def test_checkPermission_setPrincipal_resets_cache(self):
     # Setting the principal on the request clears the cache of results
     # (this is important during login).
     principal = FakeLaunchpadPrincipal()
     request = self.makeRequest()
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkPermission before setting the principal, the
     # security policy calls checkUnauthenticated on the checker.
     policy.checkPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     request.setPrincipal(principal)
     # After setting the principal, the policy calls checkAuthenticated
     # rather than finding a value in the cache.
     policy.checkPermission(permission, obj)
     self.assertEqual(
         ['checkUnauthenticated',
          ('checkAuthenticated', principal.person)], checker_factory.calls)
Example #7
0
 def test_checkUnauthenticatedPermission_commit_clears_cache(self):
     # Committing a transaction clears the cache.
     # We set a principal to ensure that it is not used even if set.
     provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility)
     zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility,
                                     (IPlacelessAuthUtility, ))
     principal = FakeLaunchpadPrincipal()
     request = self.makeRequest()
     request.setPrincipal(principal)
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkUnauthenticatedPermission before setting the
     # principal, the security policy calls checkUnauthenticated on the
     # checker.
     policy.checkUnauthenticatedPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     transaction.commit()
     # After committing a transaction, the policy calls
     # checkUnauthenticated again rather than finding a value in the cache.
     policy.checkUnauthenticatedPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
                      checker_factory.calls)
Example #8
0
 def test_checkUnauthenticatedPermission_cache_unauthenticated(self):
     # checkUnauthenticatedPermission caches the result of
     # checkUnauthenticated for a particular object and permission.
     # We set a principal to ensure that it is not used even if set.
     provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility)
     zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility,
                                     (IPlacelessAuthUtility, ))
     principal = FakeLaunchpadPrincipal()
     request = self.makeRequest()
     request.setPrincipal(principal)
     policy = LaunchpadSecurityPolicy(request)
     obj, permission, checker_factory = (
         self.getObjectPermissionAndCheckerFactory())
     # When we call checkUnauthenticatedPermission for the first time,
     # the security policy calls the checker.
     policy.checkUnauthenticatedPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     # A subsequent identical call does not call the checker.
     policy.checkUnauthenticatedPermission(permission, obj)
     self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
     # The result is stored in the correct cache.
     cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_UNAUTH_KEY]
     self.assertEqual({obj: {permission: False}}, dict(cache))
 def setUp(self):
     self.principal = LaunchpadPrincipal('*****@*****.**', 'foo',
                                         'foo', object())
     self.security = LaunchpadSecurityPolicy()
     provideAdapter(adapt_loneobject_to_container, [ILoneObject],
                    ILaunchpadContainer)