def create_special_principals(): auth = queryUtility(IAuthentication) auth.registerPrincipal(User('oms.anonymous')) groot = Group('root') auth.registerPrincipal(groot) root = User('root') root.groups.append('root') auth.registerPrincipal(root) # TODO: create/use a global registry of permissions permissions = ['read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse', 'zope.Security'] root_role = Role('root', 'root') provideUtility(root_role, IRole, 'root') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'root') principalRoleManager.assignRoleToPrincipal('root', 'root') owner_role = Role('owner', 'o') provideUtility(owner_role, IRole, 'owner') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'owner') for permission in permissions: rolePermissionManager.grantPermissionToRole(permission, 'root') rolePermissionManager.grantPermissionToRole(permission, 'owner') auth.registerPrincipal(User('oms.rest_options')) principalPermissionManager.grantPermissionToPrincipal('rest', 'oms.rest_options')
def testPrincipalRoleAllow(self): role = defineRole('ARole', 'A Role').id principal = self._make_principal() principalRoleManager.assignRoleToPrincipal(role, principal) self.assertEqual(principalRoleManager.getPrincipalsForRole(role), [(principal, Allow)]) self.assertEqual(principalRoleManager.getRolesForPrincipal(principal), [(role, Allow)])
def testManyPrincipalsOneRole(self): role1 = defineRole('Role One', 'Role #1').id prin1 = self._make_principal() prin2 = self._make_principal('Principal 2', 'Principal Two') principalRoleManager.assignRoleToPrincipal(role1, prin1) principalRoleManager.assignRoleToPrincipal(role1, prin2) principals = principalRoleManager.getPrincipalsForRole(role1) self.assertEqual(len(principals), 2) self.assertTrue((prin1, Allow) in principals) self.assertTrue((prin2, Allow) in principals)
def testManyRolesOnePrincipal(self): role1 = defineRole('Role One', 'Role #1').id role2 = defineRole('Role Two', 'Role #2').id prin1 = self._make_principal() principalRoleManager.assignRoleToPrincipal(role1, prin1) principalRoleManager.assignRoleToPrincipal(role2, prin1) roles = principalRoleManager.getRolesForPrincipal(prin1) self.assertEqual(len(roles), 2) self.assertTrue((role1, Allow) in roles) self.assertTrue((role2, Allow) in roles)
def reload_groups(stream): log.info("(Re)Loading OMS groups definitions") auth = queryUtility(IAuthentication) for line in stream: try: group, roles = line.split(':', 2) except ValueError: log.info("Invalid groups file format") else: oms_group = Group(group.strip()) auth.registerPrincipal(oms_group) for role in roles.split(','): if role.strip(): principalRoleManager.assignRoleToPrincipal(role.strip(), group.strip())
def reload_groups(stream): log.info("(Re)Loading OMS groups definitions") auth = queryUtility(IAuthentication) for line in stream: try: group, roles = line.split(':', 2) except ValueError: log.info("Invalid groups file format") else: oms_group = Group(group.strip()) auth.registerPrincipal(oms_group) for role in roles.split(','): if role.strip(): principalRoleManager.assignRoleToPrincipal( role.strip(), group.strip())
def create_special_principals(): auth = queryUtility(IAuthentication) auth.registerPrincipal(User('oms.anonymous')) groot = Group('root') auth.registerPrincipal(groot) root = User('root') root.groups.append('root') auth.registerPrincipal(root) # TODO: create/use a global registry of permissions permissions = [ 'read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse', 'zope.Security' ] root_role = Role('root', 'root') provideUtility(root_role, IRole, 'root') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'root') principalRoleManager.assignRoleToPrincipal('root', 'root') owner_role = Role('owner', 'o') provideUtility(owner_role, IRole, 'owner') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'owner') for permission in permissions: rolePermissionManager.grantPermissionToRole(permission, 'root') rolePermissionManager.grantPermissionToRole(permission, 'owner') auth.registerPrincipal(User('oms.rest_options')) principalPermissionManager.grantPermissionToPrincipal( 'rest', 'oms.rest_options')
def testPrincipalsAndRoles(self): role1 = defineRole('Role One', 'Role #1').id role2 = defineRole('Role Two', 'Role #2').id prin1 = self._make_principal() prin2 = self._make_principal('Principal 2', 'Principal Two') principalRoleManager.assignRoleToPrincipal(role1, prin1) principalRoleManager.assignRoleToPrincipal(role1, prin2) principalRoleManager.assignRoleToPrincipal(role2, prin1) principalsAndRoles = principalRoleManager.getPrincipalsAndRoles() self.assertEqual(len(principalsAndRoles), 3) self.assertTrue((role1, prin1, Allow) in principalsAndRoles) self.assertTrue((role1, prin2, Allow) in principalsAndRoles) self.assertTrue((role2, prin1, Allow) in principalsAndRoles)