def test__checkPermission(self):
from AccessControl import getSecurityManager
from AccessControl.ImplPython import ZopeSecurityPolicy
from AccessControl.Permission import Permission
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.utils import _checkPermission
setSecurityPolicy(ZopeSecurityPolicy())
site = self._makeSite()
newSecurityManager(None, site.acl_users.user_foo)
o = site.bar_dummy
Permission('View', (), o).setRoles(('Anonymous',))
Permission('WebDAV access', (), o).setRoles(('Authenticated',))
Permission('Manage users', (), o).setRoles(('Manager',))
eo = site.foo_dummy
eo._owner = (['acl_users'], 'all_powerful_Oz')
getSecurityManager().addContext(eo)
self.assertTrue(_checkPermission('View', o))
self.assertTrue(_checkPermission('WebDAV access', o))
self.assertFalse(_checkPermission('Manage users', o))
eo._proxy_roles = ('Authenticated',)
self.assertFalse(_checkPermission('View', o))
self.assertTrue(_checkPermission('WebDAV access', o))
self.assertFalse(_checkPermission('Manage users', o))
eo._proxy_roles = ('Manager',)
self.assertFalse(_checkPermission('View', o))
self.assertFalse(_checkPermission('WebDAV access', o))
self.assertTrue(_checkPermission('Manage users', o))
def test_FakeExecutableObject(self):
from AccessControl import getSecurityManager
from AccessControl.ImplPython import ZopeSecurityPolicy
from AccessControl.Permission import Permission
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from ..utils import FakeExecutableObject
setSecurityPolicy(ZopeSecurityPolicy())
site = self._makeSite()
newSecurityManager(None, site.acl_users.user_foo)
obj = site.bar_dummy
Permission('FOO', (), obj).setRoles(('FOO_ROLE',))
sm = getSecurityManager()
self.assertFalse(sm.checkPermission('FOO', obj))
eo = FakeExecutableObject(('FOO_ROLE',))
sm.addContext(eo)
try:
self.assertTrue(sm.checkPermission('FOO', obj))
finally:
sm.removeContext(eo)
self.assertFalse(sm.checkPermission('FOO', obj))
def afterSetUp(self):
# Set verbose security policy, making debugging Unauthorized
# exceptions great deal easier in unit tests
setSecurityPolicy(ZopeSecurityPolicy(verbose=True))
