def test__checkPermission(self): from AccessControl import getSecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy from AccessControl.Permission import Permission from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.utils import _checkPermission setSecurityPolicy(ZopeSecurityPolicy()) site = self._makeSite() newSecurityManager(None, site.acl_users.user_foo) o = site.bar_dummy Permission('View', (), o).setRoles(('Anonymous',)) Permission('WebDAV access', (), o).setRoles(('Authenticated',)) Permission('Manage users', (), o).setRoles(('Manager',)) eo = site.foo_dummy eo._owner = (['acl_users'], 'all_powerful_Oz') getSecurityManager().addContext(eo) self.assertTrue(_checkPermission('View', o)) self.assertTrue(_checkPermission('WebDAV access', o)) self.assertFalse(_checkPermission('Manage users', o)) eo._proxy_roles = ('Authenticated',) self.assertFalse(_checkPermission('View', o)) self.assertTrue(_checkPermission('WebDAV access', o)) self.assertFalse(_checkPermission('Manage users', o)) eo._proxy_roles = ('Manager',) self.assertFalse(_checkPermission('View', o)) self.assertFalse(_checkPermission('WebDAV access', o)) self.assertTrue(_checkPermission('Manage users', o))
def test_FakeExecutableObject(self): from AccessControl import getSecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy from AccessControl.Permission import Permission from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from ..utils import FakeExecutableObject setSecurityPolicy(ZopeSecurityPolicy()) site = self._makeSite() newSecurityManager(None, site.acl_users.user_foo) obj = site.bar_dummy Permission('FOO', (), obj).setRoles(('FOO_ROLE',)) sm = getSecurityManager() self.assertFalse(sm.checkPermission('FOO', obj)) eo = FakeExecutableObject(('FOO_ROLE',)) sm.addContext(eo) try: self.assertTrue(sm.checkPermission('FOO', obj)) finally: sm.removeContext(eo) self.assertFalse(sm.checkPermission('FOO', obj))
def afterSetUp(self): # Set verbose security policy, making debugging Unauthorized # exceptions great deal easier in unit tests setSecurityPolicy(ZopeSecurityPolicy(verbose=True))