def testUnicodeRolesForPermission(self): r_item = self.a.r_item context = self.context v = self.policy.checkPermission(u'View', r_item, context) self.assert_(not v, '_View_Permission should deny access to user') o_context = SecurityContext(self.uf.getUserById('theowner')) v = self.policy.checkPermission(u'View', r_item, o_context) self.assert_(v, '_View_Permission should grant access to theowner')
def testOwnerAccess(self): self.context = SecurityContext(self.uf.getUserById('theowner')) item = self.item self.assertPolicyAllows(item, 'public_m') self.assertPolicyDenies(item, 'protected_m') self.assertPolicyAllows(item, 'owned_m') self.assertPolicyAllows(item, 'setuid_m') self.assertPolicyDenies(item, 'dangerous_m')
def test_checkPermission_proxy_roles_limit_access(self): r_item = self.a.r_item context = self.context self.failUnless(self.policy.checkPermission('Foo', r_item, context)) o_context = SecurityContext(self.uf.getUserById('joe')) # Push an executable with proxy roles on the stack eo = OwnedSetuidMethod().__of__(r_item) eo._proxy_roles = sysadmin_roles context.stack.append(eo) self.failIf(self.policy.checkPermission('Foo', r_item, context))
def test_checkPermission_respects_proxy_roles(self): r_item = self.a.r_item context = self.context self.assertFalse(self.policy.checkPermission('View', r_item, context)) o_context = SecurityContext(self.uf.getUserById('joe')) # Push an executable with proxy roles on the stack eo = OwnedSetuidMethod().__of__(r_item) eo._proxy_roles = eo_roles context.stack.append(eo) self.assertTrue(self.policy.checkPermission('View', r_item, context))
def setUp(self): a = App() self.a = a a.item = UnprotectedSimpleItem() a.itemb = UnprotectedSimpleItemBool() self.item = a.item a.r_item = RestrictedSimpleItem() a.item1 = PartlyProtectedSimpleItem1() a.item2 = PartlyProtectedSimpleItem2() a.item3 = PartlyProtectedSimpleItem3() uf = UserFolder() a.acl_users = uf self.uf = a.acl_users uf._doAddUser('joe', 'password', user_roles, ()) uf._doAddUser('theowner', 'password', eo_roles, ()) user = uf.getUserById('joe') self.user = user context = SecurityContext(user) self.context = context self.policy = self._makeOne()
def _makeContext(self): from AccessControl.SecurityManagement import SecurityContext from AccessControl.users import system # allows anything return SecurityContext(system)