def test_test(self): auth = getUtility(IAuthentication, context=None) auth.registerPrincipal(User('user1')) auth.registerPrincipal(User('user2')) # setup some fake permissions to the test principals prinperG.grantPermissionToPrincipal('read', 'user1') prinperG.grantPermissionToPrincipal('zope.Nothing', 'user2') # set up interactions interaction_user1 = self._get_interaction('user1') interaction_user2 = self._get_interaction('user2') # get the object being secured compute = self.make_compute() eq_(compute.architecture, 'linux') # get the proxies for the corresponding interactions compute_proxy_user1 = proxy_factory(compute, interaction_user1) compute_proxy_user2 = proxy_factory(compute, interaction_user2) # check an authorized access eq_(compute_proxy_user1.architecture, 'linux') # check an unauthorized access with assert_raises(Unauthorized): eq_(compute_proxy_user2.architecture, 'linux') # check a default unauthorized access with assert_raises(Unauthorized): eq_(compute_proxy_user1.state, 'active')
def create_special_principals(): auth = queryUtility(IAuthentication) auth.registerPrincipal(User('oms.anonymous')) groot = Group('root') auth.registerPrincipal(groot) root = User('root') root.groups.append('root') auth.registerPrincipal(root) # TODO: create/use a global registry of permissions permissions = ['read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse', 'zope.Security'] root_role = Role('root', 'root') provideUtility(root_role, IRole, 'root') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'root') principalRoleManager.assignRoleToPrincipal('root', 'root') owner_role = Role('owner', 'o') provideUtility(owner_role, IRole, 'owner') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'owner') for permission in permissions: rolePermissionManager.grantPermissionToRole(permission, 'root') rolePermissionManager.grantPermissionToRole(permission, 'owner') auth.registerPrincipal(User('oms.rest_options')) principalPermissionManager.grantPermissionToPrincipal('rest', 'oms.rest_options')
def testManyPrincipalsOnePermission(self): perm1 = definePermission('Perm One', 'title').id prin1 = self._make_principal() prin2 = self._make_principal('Principal 2', 'Principal Two') manager.grantPermissionToPrincipal(perm1, prin1) manager.denyPermissionToPrincipal(perm1, prin2) principals = manager.getPrincipalsForPermission(perm1) self.assertEqual(len(principals), 2) self.assertTrue((prin1, Allow) in principals) self.assertTrue((prin2, Deny) in principals)
def test_schema(self): auth = getUtility(IAuthentication, context=None) auth.registerPrincipal(User('userSchema')) prinperG.grantPermissionToPrincipal('read', 'userSchema') prinperG.grantPermissionToPrincipal('modify', 'userSchema') interaction = self._get_interaction('userSchema') # get the object being secured compute = self.make_compute() compute_proxy = proxy_factory(compute, interaction) eq_(model_to_dict(compute), model_to_dict(compute_proxy))
def testManyPermissionsOnePrincipal(self): perm1 = definePermission('Perm One', 'title').id perm2 = definePermission('Perm Two', 'title').id prin1 = self._make_principal() manager.grantPermissionToPrincipal(perm1, prin1) manager.grantPermissionToPrincipal(perm2, prin1) perms = manager.getPermissionsForPrincipal(prin1) self.assertEqual(len(perms), 2) self.assertTrue((perm1, Allow) in perms) self.assertTrue((perm2, Allow) in perms) manager.denyPermissionToPrincipal(perm2, prin1) perms = manager.getPermissionsForPrincipal(prin1) self.assertEqual(len(perms), 2) self.assertTrue((perm1, Allow) in perms) self.assertTrue((perm2, Deny) in perms) perms = manager.getPrincipalsAndPermissions() self.assertTrue((perm1, prin1, Allow) in perms) self.assertTrue((perm2, prin1, Deny) in perms)
def create_special_principals(): auth = queryUtility(IAuthentication) auth.registerPrincipal(User('oms.anonymous')) groot = Group('root') auth.registerPrincipal(groot) root = User('root') root.groups.append('root') auth.registerPrincipal(root) # TODO: create/use a global registry of permissions permissions = [ 'read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse', 'zope.Security' ] root_role = Role('root', 'root') provideUtility(root_role, IRole, 'root') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'root') principalRoleManager.assignRoleToPrincipal('root', 'root') owner_role = Role('owner', 'o') provideUtility(owner_role, IRole, 'owner') for perm in permissions: rolePermissionManager.grantPermissionToRole(perm, 'owner') for permission in permissions: rolePermissionManager.grantPermissionToRole(permission, 'root') rolePermissionManager.grantPermissionToRole(permission, 'owner') auth.registerPrincipal(User('oms.rest_options')) principalPermissionManager.grantPermissionToPrincipal( 'rest', 'oms.rest_options')
def testPrincipalPermission(self): permission = definePermission('APerm', 'title').id principal = self._make_principal() # check that an allow permission is saved correctly manager.grantPermissionToPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), [(principal, Allow)]) self.assertEqual(manager.getPermissionsForPrincipal(principal), [(permission, Allow)]) # check that the allow permission is removed. manager.unsetPermissionForPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), []) self.assertEqual(manager.getPermissionsForPrincipal(principal), []) # now put a deny in there, check it's set. manager.denyPermissionToPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), [(principal, Deny)]) self.assertEqual(manager.getPermissionsForPrincipal(principal), [(permission, Deny)]) # test for deny followed by allow . The latter should override. manager.grantPermissionToPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), [(principal, Allow)]) self.assertEqual(manager.getPermissionsForPrincipal(principal), [(permission, Allow)]) # check that allow followed by allow is just a single allow. manager.grantPermissionToPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), [(principal, Allow)]) self.assertEqual(manager.getPermissionsForPrincipal(principal), [(permission, Allow)]) # check that two unsets in a row quietly ignores the second one. manager.unsetPermissionForPrincipal(permission, principal) manager.unsetPermissionForPrincipal(permission, principal) self.assertEqual(manager.getPrincipalsForPermission(permission), []) self.assertEqual(manager.getPermissionsForPrincipal(principal), []) # check the result of getSetting() when it's empty. self.assertEqual(manager.getSetting(permission, principal), Unset) # check the result of getSetting() when it's empty and a default # passed in self.assertEqual(manager.getSetting(permission, principal, 1), 1) # check the result of getSetting() when it's allowed. manager.grantPermissionToPrincipal(permission, principal) self.assertEqual(manager.getSetting(permission, principal), Allow) # check the result of getSetting() when it's denied. manager.denyPermissionToPrincipal(permission, principal) self.assertEqual(manager.getSetting(permission, principal), Deny)