def test_checkPermission_delegated_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission, even if that object's
# authorization has been delegated.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
# Delegate auth for Object to AnotherObject{One,Two}.
permission = self.factory.getUniqueString()
self.useFixture(
ZopeAdapterFixture(Delegate, [Object], name=permission))
# Allow auth to AnotherObjectOne.
self.useFixture(
ZopeAdapterFixture(
Allow, [AnotherObjectOne], name=Delegate.permission))
# Deny auth to AnotherObjectTwo.
self.useFixture(
ZopeAdapterFixture(
Deny, [AnotherObjectTwo], name=Delegate.permission))
# Calling checkPermission() populates the participation cache.
objecttoauthorize = Object()
policy.checkPermission(permission, objecttoauthorize)
# It contains results for objecttoauthorize and the two objects that
# its authorization was delegated to.
cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY]
cache_expected = {
objecttoauthorize: {permission: False},
Delegate.object_one: {Delegate.permission: True},
Delegate.object_two: {Delegate.permission: False},
}
self.assertEqual(cache_expected, dict(cache))
def test_checkPermission_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
# A subsequent identical call does not call the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
# A subsequent identical call does not call the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self):
# Committing a transaction clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
transaction.commit()
# After committing a transaction, the policy calls
# checkUnauthenticated again rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self):
# Calling clearSecurityPolicyCache on the request clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
request.clearSecurityPolicyCache()
# After clearing the cache the policy calls checkUnauthenticated
# again.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_commit_clears_cache(self):
# Committing a transaction clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
transaction.commit()
# After committing a transaction, the policy calls
# checkUnauthenticated again rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self):
# Calling clearSecurityPolicyCache on the request clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
request.clearSecurityPolicyCache()
# After clearing the cache the policy calls checkUnauthenticated
# again.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self):
# Setting the principal on the request clears the cache of results
# (this is important during login).
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
request.setPrincipal(principal)
# After setting the principal, the policy calls checkAuthenticated
# rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated',
('checkAuthenticated', principal.person)], checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self):
# Setting the principal on the request clears the cache of results
# (this is important during login).
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
request.setPrincipal(principal)
# After setting the principal, the policy calls checkAuthenticated
# rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', ('checkAuthenticated',
principal.person)],
checker_factory.calls)
