def create_special_principals():
auth = queryUtility(IAuthentication)
auth.registerPrincipal(User('oms.anonymous'))
groot = Group('root')
auth.registerPrincipal(groot)
root = User('root')
root.groups.append('root')
auth.registerPrincipal(root)
# TODO: create/use a global registry of permissions
permissions = ['read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse',
'zope.Security']
root_role = Role('root', 'root')
provideUtility(root_role, IRole, 'root')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'root')
principalRoleManager.assignRoleToPrincipal('root', 'root')
owner_role = Role('owner', 'o')
provideUtility(owner_role, IRole, 'owner')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'owner')
for permission in permissions:
rolePermissionManager.grantPermissionToRole(permission, 'root')
rolePermissionManager.grantPermissionToRole(permission, 'owner')
auth.registerPrincipal(User('oms.rest_options'))
principalPermissionManager.grantPermissionToPrincipal('rest', 'oms.rest_options')
def testPrincipalRoleAllow(self):
role = defineRole('ARole', 'A Role').id
principal = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role, principal)
self.assertEqual(principalRoleManager.getPrincipalsForRole(role),
[(principal, Allow)])
self.assertEqual(principalRoleManager.getRolesForPrincipal(principal),
[(role, Allow)])
def testManyPrincipalsOneRole(self):
role1 = defineRole('Role One', 'Role #1').id
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principals = principalRoleManager.getPrincipalsForRole(role1)
self.assertEqual(len(principals), 2)
self.assertTrue((prin1, Allow) in principals)
self.assertTrue((prin2, Allow) in principals)
def testManyRolesOnePrincipal(self):
role1 = defineRole('Role One', 'Role #1').id
role2 = defineRole('Role Two', 'Role #2').id
prin1 = self._make_principal()
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
roles = principalRoleManager.getRolesForPrincipal(prin1)
self.assertEqual(len(roles), 2)
self.assertTrue((role1, Allow) in roles)
self.assertTrue((role2, Allow) in roles)
def reload_groups(stream):
log.info("(Re)Loading OMS groups definitions")
auth = queryUtility(IAuthentication)
for line in stream:
try:
group, roles = line.split(':', 2)
except ValueError:
log.info("Invalid groups file format")
else:
oms_group = Group(group.strip())
auth.registerPrincipal(oms_group)
for role in roles.split(','):
if role.strip():
principalRoleManager.assignRoleToPrincipal(role.strip(), group.strip())
def reload_groups(stream):
log.info("(Re)Loading OMS groups definitions")
auth = queryUtility(IAuthentication)
for line in stream:
try:
group, roles = line.split(':', 2)
except ValueError:
log.info("Invalid groups file format")
else:
oms_group = Group(group.strip())
auth.registerPrincipal(oms_group)
for role in roles.split(','):
if role.strip():
principalRoleManager.assignRoleToPrincipal(
role.strip(), group.strip())
def create_special_principals():
auth = queryUtility(IAuthentication)
auth.registerPrincipal(User('oms.anonymous'))
groot = Group('root')
auth.registerPrincipal(groot)
root = User('root')
root.groups.append('root')
auth.registerPrincipal(root)
# TODO: create/use a global registry of permissions
permissions = [
'read', 'modify', 'create', 'add', 'remove', 'delete', 'view',
'traverse', 'zope.Security'
]
root_role = Role('root', 'root')
provideUtility(root_role, IRole, 'root')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'root')
principalRoleManager.assignRoleToPrincipal('root', 'root')
owner_role = Role('owner', 'o')
provideUtility(owner_role, IRole, 'owner')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'owner')
for permission in permissions:
rolePermissionManager.grantPermissionToRole(permission, 'root')
rolePermissionManager.grantPermissionToRole(permission, 'owner')
auth.registerPrincipal(User('oms.rest_options'))
principalPermissionManager.grantPermissionToPrincipal(
'rest', 'oms.rest_options')
def testPrincipalsAndRoles(self):
role1 = defineRole('Role One', 'Role #1').id
role2 = defineRole('Role Two', 'Role #2').id
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
principalRoleManager.assignRoleToPrincipal(role1, prin1)
principalRoleManager.assignRoleToPrincipal(role1, prin2)
principalRoleManager.assignRoleToPrincipal(role2, prin1)
principalsAndRoles = principalRoleManager.getPrincipalsAndRoles()
self.assertEqual(len(principalsAndRoles), 3)
self.assertTrue((role1, prin1, Allow) in principalsAndRoles)
self.assertTrue((role1, prin2, Allow) in principalsAndRoles)
self.assertTrue((role2, prin1, Allow) in principalsAndRoles)
