def test_both_wrapper_and_object_have_checkers_not_security_proxied(self): from zope.proxy import ProxyBase from zope.security.checker import CombinedChecker from zope.security.checker import NamesChecker from zope.security.checker import defineChecker from zope.security.interfaces import ForbiddenAttribute class Foo(object): a = 'a' fooChecker = NamesChecker(['a']) # a is public defineChecker(Foo, fooChecker) foo = Foo() fooChecker.check(foo, 'a') # no raise self.assertRaises(ForbiddenAttribute, fooChecker.check, foo, 'b') class Wrapper(ProxyBase): b = 'b' __Security_checker__ = self._makeOne() wrapperChecker = NamesChecker(['b']) # b is public defineChecker(Wrapper, wrapperChecker) wrapper = Wrapper(foo) self.assertRaises(ForbiddenAttribute, wrapperChecker.check, foo, 'a') wrapperChecker.check(foo, 'b') # no raise checker = wrapper.__Security_checker__ self.assertTrue(isinstance(checker, CombinedChecker)) checker.check(wrapper, 'a') # no raise checker.check(wrapper, 'b') # no raise
def test_check_getattr(self): oldinst = OldInst() oldinst.d = OldInst() newinst = NewInst() newinst.d = NewInst() for inst in oldinst, newinst: checker = NamesChecker(['a', 'b', 'c', '__getitem__'], 'perm') self.assertRaises(Unauthorized, checker.check_getattr, inst, 'a') self.assertRaises(Unauthorized, checker.check_getattr, inst, 'b') self.assertRaises(Unauthorized, checker.check_getattr, inst, 'c') self.assertRaises(Unauthorized, checker.check, inst, '__getitem__') self.assertRaises(Forbidden, checker.check, inst, '__setitem__') self.assertRaises(Forbidden, checker.check_getattr, inst, 'd') self.assertRaises(Forbidden, checker.check_getattr, inst, 'e') self.assertRaises(Forbidden, checker.check_getattr, inst, 'f') checker = NamesChecker(['a', 'b', 'c', '__getitem__'], 'test_allowed') checker.check_getattr(inst, 'a') checker.check_getattr(inst, 'b') checker.check_getattr(inst, 'c') checker.check(inst, '__getitem__') self.assertRaises(Forbidden, checker.check, inst, '__setitem__') self.assertRaises(Forbidden, checker.check_getattr, inst, 'd') self.assertRaises(Forbidden, checker.check_getattr, inst, 'e') self.assertRaises(Forbidden, checker.check_getattr, inst, 'f') checker = NamesChecker(['a', 'b', 'c', '__getitem__'], CheckerPublic) checker.check_getattr(inst, 'a') checker.check_getattr(inst, 'b') checker.check_getattr(inst, 'c') checker.check(inst, '__getitem__') self.assertRaises(Forbidden, checker.check, inst, '__setitem__') self.assertRaises(Forbidden, checker.check_getattr, inst, 'd') self.assertRaises(Forbidden, checker.check_getattr, inst, 'e') self.assertRaises(Forbidden, checker.check_getattr, inst, 'f')
def testAlwaysAvailable(self): from zope.security.checker import NamesChecker checker = NamesChecker(()) class C(object): pass self.assertEqual(checker.check(C, '__hash__'), None) self.assertEqual(checker.check(C, '__nonzero__'), None) self.assertEqual(checker.check(C, '__class__'), None) self.assertEqual(checker.check(C, '__implements__'), None) self.assertEqual(checker.check(C, '__lt__'), None) self.assertEqual(checker.check(C, '__le__'), None) self.assertEqual(checker.check(C, '__gt__'), None) self.assertEqual(checker.check(C, '__ge__'), None) self.assertEqual(checker.check(C, '__eq__'), None) self.assertEqual(checker.check(C, '__ne__'), None) self.assertEqual(checker.check(C, '__name__'), None) self.assertEqual(checker.check(C, '__parent__'), None)