def test_restoreInteraction_after_new(self): from zope.security.management import newInteraction from zope.security.management import queryInteraction from zope.security.management import restoreInteraction newInteraction() self.assertTrue(queryInteraction() is not None) restoreInteraction() # restore to no interaction self.assertTrue(queryInteraction() is None)
def lockingSetUp(test): placelesssetup.setUp(test) z3c.etree.testing.etreeSetup(test) # create principal participation = TestRequest(environ = {"REQUEST_METHOD": "PUT"}) participation.setPrincipal(Principal("michael")) if queryInteraction() is not None: queryInteraction().add(participation) else: newInteraction(participation) events = test.globs["events"] = [] zope.event.subscribers.append(events.append) gsm = zope.component.getGlobalSiteManager() gsm.registerAdapter(DemoKeyReference, (IDemo,), zope.app.keyreference.interfaces.IKeyReference) gsm.registerAdapter(PhysicallyLocatable, (Demo,)) gsm.registerAdapter(PhysicallyLocatable, (DemoFolder,)) gsm.registerAdapter(DemoKeyReference, (IDemoFolder,), zope.app.keyreference.interfaces.IKeyReference) gsm.registerAdapter(SiteManagerAdapter, (zope.interface.Interface,), IComponentLookup) gsm.registerAdapter(DemoAbsoluteURL, (IDemo, zope.interface.Interface), zope.traversing.browser.interfaces.IAbsoluteURL) gsm.registerAdapter(DemoAbsoluteURL, (IDemoFolder, zope.interface.Interface), zope.traversing.browser.interfaces.IAbsoluteURL) # register some IDAVWidgets so that we can render the activelock and # supportedlock widgets. gsm.registerAdapter(z3c.dav.widgets.ListDAVWidget, (zope.schema.interfaces.IList, z3c.dav.interfaces.IWebDAVRequest)) gsm.registerAdapter(z3c.dav.widgets.ObjectDAVWidget, (zope.schema.interfaces.IObject, z3c.dav.interfaces.IWebDAVRequest)) gsm.registerAdapter(z3c.dav.widgets.TextDAVWidget, (zope.schema.interfaces.IText, z3c.dav.interfaces.IWebDAVRequest)) gsm.registerAdapter(z3c.dav.properties.OpaqueWidget, (z3c.dav.properties.DeadField, z3c.dav.interfaces.IWebDAVRequest)) gsm.registerAdapter(z3c.dav.widgets.TextDAVWidget, (zope.schema.interfaces.IURI, z3c.dav.interfaces.IWebDAVRequest)) # Need connection to a database to manage locking db = test.globs["db"] = ZODB.DB(ZODB.MappingStorage.MappingStorage()) test.globs["conn"] = db.open() # expose these classes to the test test.globs["Demo"] = Demo test.globs["DemoFolder"] = DemoFolder
def test_restoreInteraction_after_end(self): from zope.security.management import endInteraction from zope.security.management import newInteraction from zope.security.management import queryInteraction from zope.security.management import restoreInteraction newInteraction() interaction = queryInteraction() endInteraction() restoreInteraction() self.assertTrue(interaction is queryInteraction())
def test_endInteraction_repeated(self): from zope.security.management import endInteraction from zope.security.management import newInteraction from zope.security.management import queryInteraction newInteraction() interaction = queryInteraction() endInteraction() self.assertEqual(queryInteraction(), None) endInteraction() self.assertEqual(queryInteraction(), None)
def test_query_new_end_restore_Interaction(self): from zope.security.management import queryInteraction self.assertEquals(queryInteraction(), None) from zope.security.management import newInteraction newInteraction() interaction = queryInteraction() self.assert_(interaction is not None) self.assertRaises(AssertionError, newInteraction) from zope.security.management import endInteraction endInteraction() self.assertEquals(queryInteraction(), None) from zope.security.management import restoreInteraction restoreInteraction() self.assert_(interaction is queryInteraction()) endInteraction() self.assertEquals(queryInteraction(), None) endInteraction() self.assertEquals(queryInteraction(), None) newInteraction() self.assert_(queryInteraction() is not None) restoreInteraction() # restore to no interaction self.assert_(queryInteraction() is None)
def test_checkPermission(self): from zope.security import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction from zope.security.management import newInteraction, endInteraction from zope.security.interfaces import NoInteraction permission = 'zope.Test' obj = object() class PolicyStub(object): def checkPermission(s, p, o,): self.assert_(p is permission) self.assert_(o is obj) self.assert_(s is queryInteraction() or s is interaction) return s is interaction setSecurityPolicy(PolicyStub) newInteraction() interaction = queryInteraction() self.assertEquals(checkPermission(permission, obj), True) endInteraction() self.assertRaises(NoInteraction, checkPermission, permission, obj)
def __init__(self, **data): """ constructor of Superclass """ Persistent.__init__(self) ISuperclass['objectID'].readonly = False self.objectID = generateOid(self) self.ikName = self.objectID for (name, value) in data.items(): if name in ISuperclass.names(): setattr(self, name, value) ISuperclass['objectID'].readonly = True self.ikAuthor = u"" self.dbgLevel = NOTSET self.history = RingBuffer(20) self.inpEQueue = Queue() self.outEQueue = Queue() self.outEReceiver = None self.workflows = {} self.wf_worklist = [] interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: #principalid = participation.principal.id principal_title = participation.principal.title self.ikAuthor += unicode(principal_title) self.myFactory = str(self.__class__).split("'")[1] self.ikRevision = __version__
def check(self): interaction = queryInteraction() if interaction is None: return False request = None for participation in interaction.participations: request = participation if request is not None: break if request is None: return False contenttype = self.draftct container = queryMultiAdapter( (request.principal, contenttype), IDraftContainer) if container is None: return False if contenttype.submit: if interaction.checkPermission(contenttype.submit, self.context): return True if contenttype.publish: if interaction.checkPermission(contenttype.publish, self.context): return True return False
def test_newInteraction(self): from zope.security.management import newInteraction from zope.security.management import queryInteraction newInteraction() interaction = queryInteraction() self.assertTrue(interaction is not None)
def getCurrentPrincipal(): interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation.principal is not None: return participation.principal return None
def testPlacefulAuth(self): self.publication.beforeTraversal(self.request) self.assertEqual(list(queryInteraction().participations), [self.request]) self.assertEqual(self.request.principal.id, "anonymous") root = self.publication.getApplication(self.request) self.publication.callTraversalHooks(self.request, root) self.assertEqual(self.request.principal.id, "anonymous") ob = self.publication.traverseName(self.request, root, "f1") self.publication.callTraversalHooks(self.request, ob) self.assertEqual(self.request.principal.id, "test.anonymous") ob = self.publication.traverseName(self.request, ob, "f2") self.publication.afterTraversal(self.request, ob) self.assertEqual(self.request.principal.id, "test.bob") self.assertEqual(list(queryInteraction().participations), [self.request]) self.publication.endRequest(self.request, ob) self.assertEqual(queryInteraction(), None)
def test_checkPermission(self): from zope.security import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction from zope.security.management import newInteraction, endInteraction from zope.security.interfaces import NoInteraction permission = 'zope.Test' obj = object() class PolicyStub(object): def checkPermission( s, p, o, ): self.assert_(p is permission) self.assert_(o is obj) self.assert_(s is queryInteraction() or s is interaction) return s is interaction setSecurityPolicy(PolicyStub) newInteraction() interaction = queryInteraction() self.assertEquals(checkPermission(permission, obj), True) endInteraction() self.assertRaises(NoInteraction, checkPermission, permission, obj)
def getRequest(): interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation is not None: return participation
def invitationAcceptedHandler(invitation, event): owner = IOwnership(invitation).owner if owner is None: return messaging = IMessageStorage(owner, None) if messaging is None: return interaction = queryInteraction() if interaction is not None: for request in interaction.participations: principal = invitation.principal view = queryMultiAdapter( (principal, request), IPagelet, 'personal.message') if view is None: return view.update() data = {'title': u'Your invitation has been accepted', 'text': view.render(), 'sender': unicode(principal.id)} messaging.create(SERVICE_ID, **data)
def resetingPassword(event): email = IMailAddress(event.principal, None) if email is None: return request = queryInteraction().participations[0] template = getMultiAdapter((event, request), IMailTemplate) template.send((formataddr((event.principal.title, email.address)),))
def testPlacefulAuth(self): setup.setUpTraversal() setup.setUpSiteManagerLookup() principalRegistry.defineDefaultPrincipal('anonymous', '') root = self.db.open().root() app = root[ZopePublication.root_name] app['f1'] = rootFolder() f1 = app['f1'] f1['f2'] = Folder() sm1 = setup.createSiteManager(f1) setup.addUtility(sm1, '', IAuthenticationUtility, AuthUtility1()) f2 = f1['f2'] sm2 = setup.createSiteManager(f2) setup.addUtility(sm2, '', IAuthenticationUtility, AuthUtility2()) transaction.commit() from zope.app.container.interfaces import ISimpleReadContainer from zope.app.container.traversal import ContainerTraverser ztapi.provideView(ISimpleReadContainer, IRequest, IPublishTraverse, '', ContainerTraverser) from zope.app.folder.interfaces import IFolder from zope.security.checker import defineChecker, InterfaceChecker defineChecker(Folder, InterfaceChecker(IFolder)) self.publication.beforeTraversal(self.request) self.assertEqual(list(queryInteraction().participations), [self.request]) self.assertEqual(self.request.principal.id, 'anonymous') root = self.publication.getApplication(self.request) self.publication.callTraversalHooks(self.request, root) self.assertEqual(self.request.principal.id, 'anonymous') ob = self.publication.traverseName(self.request, root, 'f1') self.publication.callTraversalHooks(self.request, ob) self.assertEqual(self.request.principal.id, 'test.anonymous') ob = self.publication.traverseName(self.request, ob, 'f2') self.publication.afterTraversal(self.request, ob) self.assertEqual(self.request.principal.id, 'test.bob') self.assertEqual(list(queryInteraction().participations), [self.request]) self.publication.endRequest(self.request, ob) self.assertEqual(queryInteraction(), None)
def test_contextmanager_ends_interaction_on_exception(self): from zope.security.management import queryInteraction from zope.security.testing import interaction try: with interaction('foo'): raise RuntimeError() except RuntimeError: pass self.assertFalse(queryInteraction())
def checkPermission( s, p, o, ): self.assertTrue(p is permission) self.assertTrue(o is obj) self.assertTrue(s is queryInteraction() or s is interaction) return s is interaction
def test_usable_as_contextmanager(self): from zope.security.management import getInteraction from zope.security.management import queryInteraction from zope.security.testing import interaction with interaction('foo'): ix = getInteraction() participation = ix.participations[0] self.assertEqual('foo', participation.principal.id) self.assertFalse(queryInteraction())
def testPlacefulAuth(self): self.publication.beforeTraversal(self.request) self.assertEqual(list(queryInteraction().participations), [self.request]) self.assertEqual(self.request.principal.id, 'anonymous') root = self.publication.getApplication(self.request) self.publication.callTraversalHooks(self.request, root) self.assertEqual(self.request.principal.id, 'anonymous') ob = self.publication.traverseName(self.request, root, 'f1') self.publication.callTraversalHooks(self.request, ob) self.assertEqual(self.request.principal.id, 'test.anonymous') ob = self.publication.traverseName(self.request, ob, 'f2') self.publication.afterTraversal(self.request, ob) self.assertEqual(self.request.principal.id, 'test.bob') self.assertEqual(list(queryInteraction().participations), [self.request]) self.publication.endRequest(self.request, ob) self.assertEqual(queryInteraction(), None)
def checkPermissionForPrincipal(principal, permission, object): interaction = queryInteraction() if IZojaxSecurityPolicy.providedBy(interaction): return interaction.cached_decision( removeSecurityProxy(object), principal.id, interaction._groupsFor(principal), permission) return False
def isNotSelf(group): principal_id = None interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: principal_id = participation.principal.id break return principal_id != group.__principal__.id
def test_contextmanager_ends_interaction_on_exception(self): from zope.security.management import queryInteraction class MyError(Exception): pass with self.assertRaises(MyError): with testing.interaction('foo'): raise MyError() self.assertFalse(queryInteraction())
def _invalidated_interaction_cache(self): # Invalidate this threads interaction cache interaction = queryInteraction() if interaction is not None: try: invalidate_cache = interaction.invalidate_cache except AttributeError: pass else: invalidate_cache()
def contentModifiedHandler(revision, event): revision = removeAllProxies(revision) revision.__date__ = datetime.now(pytz.utc) interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation is not None: revision.__principal__ = participation.principal.id
def get_interaction_extras(): """Return the active provider of `IInteractionExtras`. This is looked up from the interaction. If there is no interaction then return None. """ interaction = queryInteraction() if interaction is None: return None return interaction.extras
def getPrincipal(): """ get current interaction principal """ interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation.principal is not None: return participation.principal raise UnknownPrincipalException()
def principalLoggingOut(event): if IRPXNowPrincipalMarker.providedBy(event.principal): request = None interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: request = participation if request is not None: ISession(request)[SESSION_KEY]['token'] = None
def test_conflict(self): self.browser.open('http://localhost/conflict.html') self.assertEqual(self.browser.status, '503 Service Unavailable') self.assertEqual( get_event_names(), ['PublicationStart', 'PublicationAfterTraversal', 'PublicationBeforeAbort', 'PublicationFailure'] * 4 + ['EndRequestEvent'] * 4) self.assertIs(queryInteraction(), None)
def test_abort(self): self.browser.open('http://localhost/abort.html') self.assertEqual(self.browser.status, '400 Bad Request') self.assertEqual( get_event_names(), ['PublicationStart', 'PublicationAfterTraversal', 'PublicationBeforeAbort', 'PublicationFailure', 'EndRequestEvent']) self.assertIs(queryInteraction(), None)
def getAccessList(context, permission): context = removeAllProxies(context) grant = IExtendedGrantInfo(context) interaction = queryInteraction() if not IZojaxSecurityPolicy.providedBy(interaction): interaction = SecurityPolicy() allowed = {} for role, setting in grant.getRolesForPermission(permission): if role == 'content.Owner': for principal, setting in grant.getPrincipalsForRole('content.Owner'): if setting is Allow and principal: allowed['user:'******'user:'******'user:'******'user:'******'user:%s'%principal.id if checkPermissionForPrincipal(principal, permission, context): allowed[uid] = 1 else: if uid in allowed: del allowed[uid] return allowed.keys()
def principalLoggingOut(event): if IFacebookPrincipalMarker.providedBy(event.principal): request = None interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: request = participation if request is not None: product = getUtility(IFacebookAuthenticationProduct) expireCookies(request, product.apiKey)
def test_notfound_view(self): self.browser.open('http://localhost/nowhere') self.assertEqual(self.browser.status, '404 Not Found') self.assertEqual( get_event_names(), ['PublicationStart', 'PublicationBeforeError', 'PublicationAfterRender', 'PublicationBeforeAbort', 'PublicationFailure', 'EndRequestEvent']) self.assertIs(queryInteraction(), None)
def __init__(self, principal=None, **kw): if principal is None: interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: principal = participation.principal.id self.principal = principal for attr, value in kw.items(): setattr(self, attr, value)
def test_principal_from_iteraction(self): principal = _Principal('bob') participation = _Participation(principal) newInteraction(participation) try: interaction = queryInteraction() p_from_i = IPrincipal(interaction) assert_that(p_from_i.username, is_(principal.username)) finally: endInteraction()
def getRequestFromInteraction(request_type=IApplicationRequest): """Extract the browser request from the current interaction. Returns None when there is no interaction, or when the interaction has no participations that provide request_type. """ interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if request_type.providedBy(participation): return participation return None
def _zope_response(self): """Get the response.""" current_principal = None # End and save the current interaction, since HTTPCaller creates # its own interaction. if queryInteraction(): current_principal = get_current_principal() endInteraction() if self._response is None: self._response = self.caller(self._data_to_send) # Restore the interaction to what it was before. setupInteraction(current_principal) return self._response
def _render(self, form_values=None, method='GET'): self.request = self.request_class(method=method, form=form_values, PATH_INFO='/', environ=self.request_environ) if queryInteraction() is not None: self.request.setPrincipal(get_current_principal()) # Setup a new interaction using self.request, create the view, # initialize() it and then restore the original interaction. endInteraction() newInteraction(self.request) self.view = self.view_class(self.context, self.request) self.view.initialize() restoreInteraction()
def test_restoreInteraction_after_neither(self): from zope.security.management import queryInteraction from zope.security.management import restoreInteraction from zope.security._definitions import thread_local try: del thread_local.interaction except AttributeError: pass try: del thread_local.previous_interaction except AttributeError: pass restoreInteraction() self.assertTrue(queryInteraction() is None)
def __init__(self): # set date self.date = datetime.datetime.now() # set revisors revisor = () interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation.principal is None: continue principalid = participation.principal.id if not principalid in revisor: revisor = revisor + (unicode(principalid), ) self.revisor = revisor
def interaction(self): """Context manager for interaction as the given user. If an interaction is already in progress this is a no-op, otherwise it sets up an interaction on entry and ends it on exit. """ if queryInteraction() is None: setupInteraction(self._principal, login=self._login) try: yield finally: endInteraction() else: yield
def _with_login(login_method, identifier): """Make a context manager that runs with a particular log in.""" interaction = queryInteraction() person = login_method(identifier) try: yield person finally: if interaction is None: logout() else: # This reaches under the covers of the zope.security.management # module's interface in order to provide true nestable # interactions. This means that real requests can be maintained # across these calls, such as is desired for yuixhr fixtures. zope_security_thread_local.interaction = interaction
def __init__(self, date=None, principal=None, **kw): if date is None: date = datetime.utcnow() self.date = date if principal is None: interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: principal = participation.principal.id self.principal = principal for attr, value in kw.items(): setattr(self, attr, value)
def get_current_principal(): """Get the principal from the current interaction. :return: The current principal if there is an interaction, None otherwise. """ interaction = queryInteraction() if interaction is None: return None principals = [ participation.principal for participation in interaction.participations if participation.principal is not None ] if not principals: return None elif len(principals) > 1: raise ValueError('Too many principals') else: return principals[0]
def __checkSecurity(self, data): """ Returns a boolean indicating whether *data* passes the security checks defined for this subscription. If we are not able to make the security check because the principal or permission we are supposed to use is not defined, returns the special (false) value `None`. This can be used to distinguish the case where access is denied by the security policy from the case where requested principals are missing. """ if not self.permission_id and not self.owner_id: # If no security is requested, we're good. return True # OK, now we need to find the permission and the principal. # Both should be found in the context of the data; if not # there, then check the currently installed site. principal = self._find_principal(data) permission = self._find_permission(data) if principal is None or permission is None: # A missing permission causes zope.security to grant full access. # It's treated the same as zope.Public. So don't let that happen. return None # Now, we need to set up the interaction and do the security check. participation = Participation(principal) current_interaction = queryInteraction() if current_interaction is not None: # Cool, we can add our participation to the interaction. current_interaction.add(participation) else: newInteraction(participation) try: # Yes, this needs the ID of the permission, not the permission object. return checkPermission(self.permission_id, data) finally: if current_interaction is not None: current_interaction.remove(participation) else: endInteraction()
def lastActivitySubscriber(event, item): """Update Dublin-Core creator property""" dc = IZopeDublinCore(item, None) # Principals that can create objects do not necessarily have # 'zope.app.dublincore.change' permission. # https://bugs.launchpad.net/zope3/+bug/98124 dc = removeSecurityProxy(dc) if dc is None: return # Try to find a principal for that one. If there # is no principal then we don't touch the list # of creators. interaction = queryInteraction() if interaction is not None: for participation in interaction.participations: if participation.principal is None: continue principalid = participation.principal.id if not principalid in dc.creators: dc.creators = dc.creators + (unicode(principalid), )
def test_checkPermission_w_interaction(self): from zope.security.management import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction from zope.security.management import newInteraction permission = 'zope.Test' obj = object() class PolicyStub(object): def checkPermission( s, p, o, ): self.assertTrue(p is permission) self.assertTrue(o is obj) self.assertTrue(s is queryInteraction() or s is interaction) return s is interaction setSecurityPolicy(PolicyStub) newInteraction() interaction = queryInteraction() self.assertEqual(checkPermission(permission, obj), True)
def test_queryInteraction_none_present(self): from zope.security.management import queryInteraction self.assertEqual(queryInteraction(), None)