def test_checkPermission_delegated_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission, even if that object's
# authorization has been delegated.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
# Delegate auth for Object to AnotherObject{One,Two}.
permission = self.factory.getUniqueString()
self.useFixture(
ZopeAdapterFixture(Delegate, [Object], name=permission))
# Allow auth to AnotherObjectOne.
self.useFixture(
ZopeAdapterFixture(
Allow, [AnotherObjectOne], name=Delegate.permission))
# Deny auth to AnotherObjectTwo.
self.useFixture(
ZopeAdapterFixture(
Deny, [AnotherObjectTwo], name=Delegate.permission))
# Calling checkPermission() populates the participation cache.
objecttoauthorize = Object()
policy.checkPermission(permission, objecttoauthorize)
# It contains results for objecttoauthorize and the two objects that
# its authorization was delegated to.
cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY]
cache_expected = {
objecttoauthorize: {permission: False},
Delegate.object_one: {Delegate.permission: True},
Delegate.object_two: {Delegate.permission: False},
}
self.assertEqual(cache_expected, dict(cache))
def setUp(self):
zope.testing.cleanup.cleanUp()
cls = TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel
super(cls, self).setUp()
self.principal = LaunchpadPrincipal(
'*****@*****.**', 'foo', 'foo', object())
self.security = LaunchpadSecurityPolicy()
provideAdapter(
adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)
self.addCleanup(zope.testing.cleanup.cleanUp)
class TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel(TestCase):
def setUp(self):
zope.testing.cleanup.cleanUp()
cls = TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel
super(cls, self).setUp()
self.principal = LaunchpadPrincipal(
'*****@*****.**', 'foo', 'foo', object())
self.security = LaunchpadSecurityPolicy()
provideAdapter(
adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)
self.addCleanup(zope.testing.cleanup.cleanUp)
def test_no_scope(self):
"""Principal's access level is used when no scope is given."""
self.principal.access_level = AccessLevel.WRITE_PUBLIC
self.principal.scope = None
self.failUnlessEqual(
self.security._getPrincipalsAccessLevel(
self.principal, LoneObject()),
self.principal.access_level)
def test_object_within_scope(self):
"""Principal's access level is used when object is within scope."""
obj = LoneObject()
self.principal.access_level = AccessLevel.WRITE_PUBLIC
self.principal.scope = obj
self.failUnlessEqual(
self.security._getPrincipalsAccessLevel(self.principal, obj),
self.principal.access_level)
def test_object_not_within_scope(self):
"""READ_PUBLIC is used when object is /not/ within scope."""
obj = LoneObject()
obj2 = LoneObject() # This is out of obj's scope.
self.principal.scope = obj
self.principal.access_level = AccessLevel.WRITE_PUBLIC
self.failUnlessEqual(
self.security._getPrincipalsAccessLevel(self.principal, obj2),
AccessLevel.READ_PUBLIC)
self.principal.access_level = AccessLevel.READ_PRIVATE
self.failUnlessEqual(
self.security._getPrincipalsAccessLevel(self.principal, obj2),
AccessLevel.READ_PUBLIC)
self.principal.access_level = AccessLevel.WRITE_PRIVATE
self.failUnlessEqual(
self.security._getPrincipalsAccessLevel(self.principal, obj2),
AccessLevel.READ_PUBLIC)
def test_checkPermission_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
# A subsequent identical call does not call the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self):
# Committing a transaction clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
transaction.commit()
# After committing a transaction, the policy calls
# checkUnauthenticated again rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self):
# Calling clearSecurityPolicyCache on the request clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
request.clearSecurityPolicyCache()
# After clearing the cache the policy calls checkUnauthenticated
# again.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self):
# Setting the principal on the request clears the cache of results
# (this is important during login).
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated'], checker_factory.calls)
request.setPrincipal(principal)
# After setting the principal, the policy calls checkAuthenticated
# rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated', ('checkAuthenticated',
principal.person)],
checker_factory.calls)
def test_checkPermission_cache_unauthenticated(self):
# checkPermission caches the result of checkUnauthenticated for a
# particular object and permission.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
# A subsequent identical call does not call the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self):
# Committing a transaction clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
transaction.commit()
# After committing a transaction, the policy calls
# checkUnauthenticated again rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self):
# Calling clearSecurityPolicyCache on the request clears the cache.
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission for the first time, the security policy
# calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
request.clearSecurityPolicyCache()
# After clearing the cache the policy calls checkUnauthenticated
# again.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self):
# Setting the principal on the request clears the cache of results
# (this is important during login).
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkPermission before setting the principal, the
# security policy calls checkUnauthenticated on the checker.
policy.checkPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
request.setPrincipal(principal)
# After setting the principal, the policy calls checkAuthenticated
# rather than finding a value in the cache.
policy.checkPermission(permission, obj)
self.assertEqual(
['checkUnauthenticated',
('checkAuthenticated', principal.person)], checker_factory.calls)
def test_checkUnauthenticatedPermission_commit_clears_cache(self):
# Committing a transaction clears the cache.
# We set a principal to ensure that it is not used even if set.
provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility)
zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility,
(IPlacelessAuthUtility, ))
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
request.setPrincipal(principal)
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkUnauthenticatedPermission before setting the
# principal, the security policy calls checkUnauthenticated on the
# checker.
policy.checkUnauthenticatedPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
transaction.commit()
# After committing a transaction, the policy calls
# checkUnauthenticated again rather than finding a value in the cache.
policy.checkUnauthenticatedPermission(permission, obj)
self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'],
checker_factory.calls)
def test_checkUnauthenticatedPermission_cache_unauthenticated(self):
# checkUnauthenticatedPermission caches the result of
# checkUnauthenticated for a particular object and permission.
# We set a principal to ensure that it is not used even if set.
provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility)
zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility,
(IPlacelessAuthUtility, ))
principal = FakeLaunchpadPrincipal()
request = self.makeRequest()
request.setPrincipal(principal)
policy = LaunchpadSecurityPolicy(request)
obj, permission, checker_factory = (
self.getObjectPermissionAndCheckerFactory())
# When we call checkUnauthenticatedPermission for the first time,
# the security policy calls the checker.
policy.checkUnauthenticatedPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
# A subsequent identical call does not call the checker.
policy.checkUnauthenticatedPermission(permission, obj)
self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
# The result is stored in the correct cache.
cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_UNAUTH_KEY]
self.assertEqual({obj: {permission: False}}, dict(cache))
def setUp(self):
self.principal = LaunchpadPrincipal(
'*****@*****.**', 'foo', 'foo', object())
self.security = LaunchpadSecurityPolicy()
provideAdapter(
adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)
def setUp(self):
self.principal = LaunchpadPrincipal('*****@*****.**', 'foo',
'foo', object())
self.security = LaunchpadSecurityPolicy()
provideAdapter(adapt_loneobject_to_container, [ILoneObject],
ILaunchpadContainer)
