def _makeSite(self):
import base64
from cStringIO import StringIO
import urllib
try:
from OFS.userfolder import UserFolder
except ImportError:
# BBB for Zope < 2.13
from AccessControl.User import UserFolder
from OFS.Folder import Folder
from OFS.DTMLMethod import DTMLMethod
root = Folder()
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous',)
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
users._doAddUser('isaac', 'pass-w', ('Son',), ())
root._setObject(users.id, users)
cc = self._makeOne()
cc.id = self._CC_ID
root._setObject(cc.id, cc)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager',)
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
req = makerequest(root, StringIO())
self._finally = req.close
credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
return root, cc, req, credentials
def _makeSite(self):
import base64
from cStringIO import StringIO
import urllib
try:
from OFS.userfolder import UserFolder
except ImportError:
# BBB for Zope < 2.13
from AccessControl.User import UserFolder
from OFS.Folder import Folder
from OFS.DTMLMethod import DTMLMethod
root = Folder()
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous', )
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
users._doAddUser('isaac', 'pass-w', ('Son', ), ())
root._setObject(users.id, users)
cc = self._makeOne()
cc.id = self._CC_ID
root._setObject(cc.id, cc)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager', )
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
req = makerequest(root, StringIO())
self._finally = req.close
credentials = urllib.quote(
base64.encodestring('abraham:pass-w').rstrip())
return root, cc, req, credentials
def setUp(self):
CookieCrumblerTests.setUp(self)
root = Folder()
self.root = root
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous', )
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ())
users._doAddUser('isaac', 'pass-w', ('Son', ), ())
users._doAddUser(
'abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',
'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww',
('Son', ), ())
root._setObject(users.id, users)
cc = CookieCrumbler()
cc.id = 'cookie_authentication'
root._setObject(cc.id, cc)
self.cc = getattr(root, cc.id)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager', )
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
self.responseOut = StringIO()
self.req = makerequest(root, self.responseOut)
self.credentials = urllib.quote(
base64.encodestring('abraham:pass-w').replace('\012', ''))
def setUp(self):
CookieCrumblerTests.setUp(self)
root = Folder()
self.root = root
root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this
root.getPhysicalPath = lambda: () # hack
root._View_Permission = ('Anonymous',)
users = UserFolder()
users._setId('acl_users')
users._doAddUser('abraham', 'pass-w', ('Patriarch',), ())
users._doAddUser('isaac', 'pass-w', ('Son',), ())
users._doAddUser('abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm',
'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww',
('Son',), ())
root._setObject(users.id, users)
cc = CookieCrumbler()
cc.id = 'cookie_authentication'
root._setObject(cc.id, cc)
self.cc = getattr(root, cc.id)
index = DTMLMethod()
index.munge('This is the default view')
index._setId('index_html')
root._setObject(index.getId(), index)
login = DTMLMethod()
login.munge('Please log in first.')
login._setId('login_form')
root._setObject(login.getId(), login)
protected = DTMLMethod()
protected._View_Permission = ('Manager',)
protected.munge('This is the protected view')
protected._setId('protected')
root._setObject(protected.getId(), protected)
self.responseOut = StringIO()
self.req = makerequest(root, self.responseOut)
self.credentials = urllib.quote(
base64.encodestring('abraham:pass-w').replace('\012', ''))
def test_security_attributes(self):
conn = self.db.open()
try:
app = conn.root()['Application']
f = Folder()
f.id = 'Holidays'
app._setObject(f.id, f, set_owner=0)
f = app.Holidays
u = UserFolder()
u.id = 'acl_users'
f._setObject(u.id, u, set_owner=0)
u._doAddUser('shane', 'abcdefg', ('Elder',), ())
f._owner = (['Holidays', 'acl_users'], 'shane')
f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
f.__ac_local_roles__ = {'shane': ['Missionary']}
f._proxy_roles = ['Manager']
f._View_Permission = ('Owner', 'Elder')
f._Add_Folders_Permission = ['Elder']
transaction.commit()
conn2 = self.db.open()
try:
# Verify that loading works
app = conn2.root()['Application']
f2 = app.Holidays
user = f2.getOwner()
self.assertEqual(user.getUserName(), 'shane')
self.assert_('Elder' in user.getRoles())
self.assertEqual(
list(f2.__ac_roles__), ['Elder', 'Manager', 'Missionary'])
roles = {}
for role in list(user.getRolesInContext(f2)):
if role != 'Authenticated' and role != 'Anonymous':
roles[role] = 1
self.assertEqual(roles, {'Elder':1, 'Missionary':1})
self.assertEqual(tuple(f2._proxy_roles), ('Manager',))
self.assert_(isinstance(f2._View_Permission, TupleType),
"View permission should not be acquired")
self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
"Add Folders permission should be acquired")
roles = {}
for role in list(f2._View_Permission):
roles[role] = 1
self.assertEqual(roles, {'Elder':1, 'Owner':1})
# Write some changes to verify that changes work
f2._owner = None
del f2._proxy_roles
f2.__ac_roles__ += ('Teacher',)
transaction.commit()
finally:
conn2.close()
# Make sure the changes are seen
conn.sync()
self.assert_(f.getOwner() is None, f.getOwner())
self.assert_(not hasattr(f, '_proxy_roles'))
self.assertEqual(
list(f.__ac_roles__),
['Elder', 'Manager', 'Missionary', 'Teacher'])
finally:
conn.close()
def test_security_attributes(self):
conn = self.db.open()
try:
app = conn.root()['Application']
f = Folder()
f.id = 'Holidays'
app._setObject(f.id, f, set_owner=0)
f = app.Holidays
u = UserFolder()
u.id = 'acl_users'
f._setObject(u.id, u, set_owner=0)
u._doAddUser('shane', 'abcdefg', ('Elder', ), ())
f._owner = (['Holidays', 'acl_users'], 'shane')
f.__ac_roles__ = ['Elder', 'Manager', 'Missionary']
f.__ac_local_roles__ = {'shane': ['Missionary']}
f._proxy_roles = ['Manager']
f._View_Permission = ('Owner', 'Elder')
f._Add_Folders_Permission = ['Elder']
transaction.commit()
conn2 = self.db.open()
try:
# Verify that loading works
app = conn2.root()['Application']
f2 = app.Holidays
user = f2.getOwner()
self.assertEqual(user.getUserName(), 'shane')
self.assert_('Elder' in user.getRoles())
self.assertEqual(list(f2.__ac_roles__),
['Elder', 'Manager', 'Missionary'])
roles = {}
for role in list(user.getRolesInContext(f2)):
if role != 'Authenticated' and role != 'Anonymous':
roles[role] = 1
self.assertEqual(roles, {'Elder': 1, 'Missionary': 1})
self.assertEqual(tuple(f2._proxy_roles), ('Manager', ))
self.assert_(isinstance(f2._View_Permission, TupleType),
"View permission should not be acquired")
self.assert_(isinstance(f2._Add_Folders_Permission, ListType),
"Add Folders permission should be acquired")
roles = {}
for role in list(f2._View_Permission):
roles[role] = 1
self.assertEqual(roles, {'Elder': 1, 'Owner': 1})
# Write some changes to verify that changes work
f2._owner = None
del f2._proxy_roles
f2.__ac_roles__ += ('Teacher', )
transaction.commit()
finally:
conn2.close()
# Make sure the changes are seen
conn.sync()
self.assert_(f.getOwner() is None, f.getOwner())
self.assert_(not hasattr(f, '_proxy_roles'))
self.assertEqual(list(f.__ac_roles__),
['Elder', 'Manager', 'Missionary', 'Teacher'])
finally:
conn.close()
