def test_checkPermission_delegated_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission, even if that object's # authorization has been delegated. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) # Delegate auth for Object to AnotherObject{One,Two}. permission = self.factory.getUniqueString() self.useFixture( ZopeAdapterFixture(Delegate, [Object], name=permission)) # Allow auth to AnotherObjectOne. self.useFixture( ZopeAdapterFixture( Allow, [AnotherObjectOne], name=Delegate.permission)) # Deny auth to AnotherObjectTwo. self.useFixture( ZopeAdapterFixture( Deny, [AnotherObjectTwo], name=Delegate.permission)) # Calling checkPermission() populates the participation cache. objecttoauthorize = Object() policy.checkPermission(permission, objecttoauthorize) # It contains results for objecttoauthorize and the two objects that # its authorization was delegated to. cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY] cache_expected = { objecttoauthorize: {permission: False}, Delegate.object_one: {Delegate.permission: True}, Delegate.object_two: {Delegate.permission: False}, } self.assertEqual(cache_expected, dict(cache))
def test_checkPermission_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) # A subsequent identical call does not call the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) # A subsequent identical call does not call the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self): # Committing a transaction clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) transaction.commit() # After committing a transaction, the policy calls # checkUnauthenticated again rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self): # Calling clearSecurityPolicyCache on the request clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) request.clearSecurityPolicyCache() # After clearing the cache the policy calls checkUnauthenticated # again. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self): # Committing a transaction clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) transaction.commit() # After committing a transaction, the policy calls # checkUnauthenticated again rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self): # Calling clearSecurityPolicyCache on the request clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) request.clearSecurityPolicyCache() # After clearing the cache the policy calls checkUnauthenticated # again. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self): # Setting the principal on the request clears the cache of results # (this is important during login). principal = FakeLaunchpadPrincipal() request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) request.setPrincipal(principal) # After setting the principal, the policy calls checkAuthenticated # rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', ('checkAuthenticated', principal.person)], checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self): # Setting the principal on the request clears the cache of results # (this is important during login). principal = FakeLaunchpadPrincipal() request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) request.setPrincipal(principal) # After setting the principal, the policy calls checkAuthenticated # rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', ('checkAuthenticated', principal.person)], checker_factory.calls)