def test_define_and_undefineChecker(self): class SomeClass(object): pass obj = SomeClass() checker = NamesChecker() from zope.security.checker import _defaultChecker, selectChecker self.assert_(selectChecker(obj) is _defaultChecker) defineChecker(SomeClass, checker) self.assert_(selectChecker(obj) is checker) undefineChecker(SomeClass) self.assert_(selectChecker(obj) is _defaultChecker)
def __get__(self, inst, cls=None): if inst is None: # pragma: no cover (Not sure how we can get here) return self proxied_object = getProxiedObject(inst) checker = getattr(proxied_object, '__Security_checker__', None) if checker is None: checker = selectChecker(proxied_object) wrapper_checker = selectChecker(inst) if wrapper_checker is None: # pragma: no cover return checker if checker is None: return wrapper_checker return CombinedChecker(wrapper_checker, checker)
def __get__(self, inst, cls=None): if inst is None: return self else: proxied_object = getProxiedObject(inst) checker = getattr(proxied_object, '__Security_checker__', None) if checker is None: checker = selectChecker(proxied_object) wrapper_checker = selectChecker(inst) if wrapper_checker is None: return checker elif checker is None: return wrapper_checker else: return CombinedChecker(wrapper_checker, checker)
def test_multiple_set_schema(self): from zope.component.interface import queryInterface from zope.security.checker import selectChecker from zope.security.tests import module self.assertEqual(queryInterface(_pfx("S")), None) self.assertEqual(queryInterface(_pfx("S2")), None) declaration = ('''<class class="%s"> <require permission="%s" set_schema="%s %s"/> </class>''' % (_pfx("test_class"), P1, _pfx("S"), _pfx("S2"))) apply_declaration(module.template_bracket % declaration) self.assertEqual(queryInterface(_pfx("S")), module.S) self.assertEqual(queryInterface(_pfx("S2")), module.S2) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), None) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), None) self.assertEqual(checker.setattr_permission_id('foo'), P1) self.assertEqual(checker.setattr_permission_id('bar'), P1) self.assertEqual(checker.setattr_permission_id('foo2'), P1) self.assertEqual(checker.setattr_permission_id('bar2'), P1) self.assertEqual(checker.setattr_permission_id('baro'), None)
def assertState(self, m1P=NOTSET, m2P=NOTSET, m3P=NOTSET): "Verify that class, instance, and methods have expected permissions." checker = selectChecker(module.test_instance) self.assertEqual(checker.permission_id('m1'), (m1P or None)) self.assertEqual(checker.permission_id('m2'), (m2P or None)) self.assertEqual(checker.permission_id('m3'), (m3P or None))
def test_multiple_set_schema(self): self.assertEqual(queryInterface(PREFIX + "S"), None) self.assertEqual(queryInterface(PREFIX + "S2"), None) declaration = """<class class="%s"> <require permission="%s" set_schema="%s %s"/> </class>""" % ( PREFIX + "test_class", P1, PREFIX + "S", PREFIX + "S2", ) apply_declaration(module.template_bracket % declaration) self.assertEqual(queryInterface(PREFIX + "S"), module.S) self.assertEqual(queryInterface(PREFIX + "S2"), module.S2) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id("m1"), None) self.assertEqual(checker.setattr_permission_id("m2"), None) self.assertEqual(checker.setattr_permission_id("m3"), None) self.assertEqual(checker.setattr_permission_id("foo"), P1) self.assertEqual(checker.setattr_permission_id("bar"), P1) self.assertEqual(checker.setattr_permission_id("foo2"), P1) self.assertEqual(checker.setattr_permission_id("bar2"), P1) self.assertEqual(checker.setattr_permission_id("baro"), None)
def __get__(self, inst, cls=None): if inst is None: return selectChecker(cls) else: # This is *VERY* tricky. There is a possibility that # the object was loaded, but not active by the time # __proxied__ needs to be accessed, which results # in an AttributeError here, which is swallowed # somewere inside the security machinery, # and then the object ends up using _defaultChecker # # Added the same code below, in ClassDescriptor, # though I'm not sure it is really needed there. if inst._p_state == GHOST: inst._p_activate() return selectChecker(inst.__proxied__)
def test_multiple_set_schema(self): self.assertEqual(queryInterface(PREFIX + "S"), None) self.assertEqual(queryInterface(PREFIX + "S2"), None) declaration = ( '''<class class="%s"> <require permission="%s" set_schema="%s %s"/> </class>''' % (PREFIX + "test_class", P1, PREFIX + "S", PREFIX + "S2")) apply_declaration(module.template_bracket % declaration) self.assertEqual(queryInterface(PREFIX + "S"), module.S) self.assertEqual(queryInterface(PREFIX + "S2"), module.S2) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), None) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), None) self.assertEqual(checker.setattr_permission_id('foo'), P1) self.assertEqual(checker.setattr_permission_id('bar'), P1) self.assertEqual(checker.setattr_permission_id('foo2'), P1) self.assertEqual(checker.setattr_permission_id('bar2'), P1) self.assertEqual(checker.setattr_permission_id('baro'), None)
def test_multiple_set_schema(self): self.assertEqual(queryInterface(PREFIX+"S"), None) self.assertEqual(queryInterface(PREFIX+"S2"), None) declaration = ('''<class class="%s"> <require permission="%s" set_schema="%s %s"/> </class>''' % (PREFIX+"test_class", P1, PREFIX+"S", PREFIX+"S2")) apply_declaration(module.template_bracket % declaration) self.assertEqual(queryInterface(PREFIX+"S"), module.S) self.assertEqual(queryInterface(PREFIX+"S2"), module.S2) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), None) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), None) self.assertEqual(checker.setattr_permission_id('foo'), P1) self.assertEqual(checker.setattr_permission_id('bar'), P1) self.assertEqual(checker.setattr_permission_id('foo2'), P1) self.assertEqual(checker.setattr_permission_id('bar2'), P1) self.assertEqual(checker.setattr_permission_id('baro'), None)
def assertState(self, m1P=NOTSET, m2P=NOTSET, m3P=NOTSET): "Verify that class, instance, and methods have expected permissions." checker = selectChecker(module.test_instance) self.assertEqual(checker.permission_id("m1"), (m1P or None)) self.assertEqual(checker.permission_id("m2"), (m2P or None)) self.assertEqual(checker.permission_id("m3"), (m3P or None))
def GreenerPastures(agent): """ where do they want to go today """ import random _homes = sandbox._homes possible_homes = _homes.keys() possible_homes.remove(agent.getHome().getId()) new_home = _homes.get(random.choice(possible_homes)) return checker.selectChecker(new_home).proxy(new_home)
def assertState(self, m1P=NOTSET, m2P=NOTSET, m3P=NOTSET): #Verify that class, instance, and methods have expected permissions from zope.security.checker import selectChecker from zope.security.tests import module checker = selectChecker(module.test_instance) self.assertEqual(checker.permission_id('m1'), (m1P or None)) self.assertEqual(checker.permission_id('m2'), (m2P or None)) self.assertEqual(checker.permission_id('m3'), (m3P or None))
def assertSetattrState(self, m1P=NOTSET, m2P=NOTSET, m3P=NOTSET): # Verify that class, instance, and methods have expected permissions from zope.security.checker import selectChecker from zope.security.tests import module checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), (m1P or None)) self.assertEqual(checker.setattr_permission_id('m2'), (m2P or None)) self.assertEqual(checker.setattr_permission_id('m3'), (m3P or None))
def addAgent(self, agent): if not self._agents.has_key(agent.getId()) \ and sandbox.IAgent.providedBy(agent): self._agents[agent.getId()]=agent agentChecker = checker.selectChecker(self) wrapped_home = agentChecker.proxy(self) agent.setHome(wrapped_home) else: raise sandbox.SandboxError("couldn't add agent %s" %agent)
def addAgent(self, agent): if not self._agents.has_key(agent.getId()) \ and sandbox.IAgent.providedBy(agent): self._agents[agent.getId()] = agent agentChecker = checker.selectChecker(self) wrapped_home = agentChecker.proxy(self) agent.setHome(wrapped_home) else: raise sandbox.SandboxError("couldn't add agent %s" % agent)
def test_set_attributes(self): declaration = ('''<class class="%s"> <require permission="%s" set_attributes="m1 m3"/> </class>''' % (PREFIX + "test_class", P1)) apply_declaration(module.template_bracket % declaration) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), P1) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), P1)
def test_set_attributes(self): declaration = ('''<class class="%s"> <require permission="%s" set_attributes="m1 m3"/> </class>''' % (PREFIX+"test_class", P1)) apply_declaration(module.template_bracket % declaration) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), P1) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), P1)
def callObject(self, request, ob): orig = ob if not IHTTPException.providedBy(ob): ob = component.queryMultiAdapter((ob, request), name=request.method) checker = selectChecker(ob) if checker is not None: checker.check(ob, '__call__') ob = getattr(ob, request.method, None) if ob is None: raise GrokMethodNotAllowed(orig, request) return mapply(ob, request.getPositionalArguments(), request)
def __get__(self, inst, cls=None): if inst is None: return self else: proxied_object = getProxiedObject(inst) if type(proxied_object) is Proxy: checker = getChecker(proxied_object) else: checker = getattr(proxied_object, '__Security_checker__', None) if checker is None: checker = selectChecker(proxied_object) wrapper_checker = selectChecker(inst) if wrapper_checker is None and checker is None: raise AttributeError("%r has no attribute %r" % (proxied_object.__class__.__name__, '__Security_checker__')) elif wrapper_checker is None: return checker elif checker is None: return wrapper_checker else: return CombinedChecker(wrapper_checker, checker)
def test_set_attributes(self): from zope.security.checker import selectChecker from zope.security.tests import module declaration = ('''<class class="%s"> <require permission="%s" set_attributes="m1 m3"/> </class>''' % (_pfx("test_class"), P1)) apply_declaration(module.template_bracket % declaration) checker = selectChecker(module.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), P1) self.assertEqual(checker.setattr_permission_id('m2'), None) self.assertEqual(checker.setattr_permission_id('m3'), P1)
def testInherited(self): class B1(object): def g(self): return 'B1.g' class B2(object): def h(self): return 'B2.h' class S(B1, B2): pass component.provideUtility(Permission('B1', ''), IPermission, 'B1') component.provideUtility(Permission('S', ''), IPermission, 'S') protectName(B1, 'g', 'B1') protectName(S, 'g', 'S') protectName(S, 'h', 'S') self.assertEqual(selectChecker(B1()).permission_id('g'), 'B1') self.assertEqual(selectChecker(B2()).permission_id('h'), None) self.assertEqual(selectChecker(S()).permission_id('g'), 'S') self.assertEqual(selectChecker(S()).permission_id('h'), 'S') self.assertEqual(S().g(), 'B1.g') self.assertEqual(S().h(), 'B2.h')
def callObject(self, request, ob): if getattr(ob, 'context', None) is None: return super(SkinnedBrowserPublication, self).callObject(request, ob) checker = selectChecker(ob) if checker is not None: checker.check(ob, '__call__') managers = dict( zope.component.getAdapters((ob.context, request, ob), zope.interface.Interface)) for manager in managers.values(): manager.update() # TODO: make template configurable (pick up from layer?) template = PageTemplateFile('main_template.pt') return template.pt_render({'managers': managers})
def test_featured_projects_view_requires_edit(self): view = create_view(self.root, '+featuredprojects') checker = selectChecker(view) self.assertEquals('launchpad.Edit', checker.permission_id('__call__'))
def _proxied(*args): return Proxy(args, selectChecker(args))
def assertSetattrState(self, m1P=NOTSET, m2P=NOTSET, m3P=NOTSET): "Verify that class, instance, and methods have expected permissions." checker = selectChecker(TestModule.test_instance) self.assertEqual(checker.setattr_permission_id('m1'), (m1P or None)) self.assertEqual(checker.setattr_permission_id('m2'), (m2P or None)) self.assertEqual(checker.setattr_permission_id('m3'), (m3P or None))
def callObject(self, request, ob): checker = selectChecker(ob) if checker is not None: checker.check(ob, '__call__') return super(ZopePublicationSansProxy, self).callObject(request, ob)
def test_featured_projects_view_requires_edit(self): view = create_view(self.root, '+featuredprojects') checker = selectChecker(view) self.assertEqual('launchpad.Edit', checker.permission_id('__call__'))