def test_constructContent_simple_STI(self): from AccessControl import Unauthorized from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.PortalFolder import PortalFolder from Products.CMFCore.TypesTool \ import ScriptableTypeInformation as STI from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher from Products.CMFCore.tests.base.tidata import STI_SCRIPT from Products.PythonScripts.PythonScript import PythonScript site = self._makeSite().__of__(self.root) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') tool._setObject('Baz', sti_baz) script = PythonScript('addBaz') script.write(STI_SCRIPT) tool._setObject('addBaz', script) folder = site._setObject( 'folder', PortalFolder(id='folder') ) folder.manage_addProduct = {'FooProduct': DummyFactoryDispatcher(folder) } folder._owner = (['acl_users'], 'user_foo') self.assertEqual( folder.getOwner(), acl_users.user_foo ) try: tool.constructContent('Baz', container=folder, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised' ) self.assertEqual(folder.page2.portal_type, 'Baz')
def test__checkPermission(self): from AccessControl import getSecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy from AccessControl.Permission import Permission from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.utils import _checkPermission setSecurityPolicy(ZopeSecurityPolicy()) site = self._makeSite() newSecurityManager(None, site.acl_users.user_foo) o = site.bar_dummy Permission('View',(),o).setRoles(('Anonymous',)) Permission('WebDAV access',(),o).setRoles(('Authenticated',)) Permission('Manage users',(),o).setRoles(('Manager',)) eo = site.foo_dummy eo._owner = (['acl_users'], 'all_powerful_Oz') getSecurityManager().addContext(eo) self.failUnless( _checkPermission('View', o) ) self.failUnless( _checkPermission('WebDAV access', o) ) self.failIf( _checkPermission('Manage users', o) ) eo._proxy_roles = ('Authenticated',) self.failIf( _checkPermission('View', o) ) self.failUnless( _checkPermission('WebDAV access', o) ) self.failIf( _checkPermission('Manage users', o) ) eo._proxy_roles = ('Manager',) self.failIf( _checkPermission('View', o) ) self.failIf( _checkPermission('WebDAV access', o) ) self.failUnless( _checkPermission('Manage users', o) )
def test_constructContent(self): site = self.site acl_users = self.acl_users ttool = self.ttool setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) self.site._owner = (['acl_users'], 'all_powerful_Oz') sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') ttool._setObject('Baz', sti_baz) ttool._setObject( 'addBaz', PythonScript('addBaz') ) s = ttool.addBaz s.write(STI_SCRIPT) f = site._setObject( 'folder', PortalFolder(id='folder') ) f.manage_addProduct = { 'FooProduct' : DummyFactory(f) } f._owner = (['acl_users'], 'user_foo') self.assertEqual( f.getOwner(), acl_users.user_foo ) ttool.constructContent('Dummy Content', container=f, id='page1') try: ttool.constructContent('Baz', container=f, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised' )
def test_copy_paste_respects_diversions(self): # We shouldn't need to do this in the test, but it seems that the functional tests don't get on with it. # It works fine in the real site, trust me. collective.diversion.initialize(None) root = self.layer['app'] from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy, OmnipotentUser _policy=PermissiveSecurityPolicy() setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(root.acl_users)) old = get_class(bases=[SimpleItem]) new = get_class(bases=[SimpleItem]) conn = self.layer['zodbDB'].open() conn.root()['Application']['foo'] = old("foo", "bar") conn.root()._p_jar.transaction_manager.commit() break_class(old) diversion.add_diversion(old="collective.diversion.tests.test_translation.%s" % old.__name__, new="collective.diversion.tests.test_translation.%s" % new.__name__) root._product_meta_types = tuple([{'name':old.meta_type, 'permission':'View', 'action':'View'}]) root.manage_pasteObjects(root.manage_copyObjects('foo'))
def tearDown( self ): try: from transaction import abort except ImportError: get_transaction().abort() else: abort() self.connection.close() noSecurityManager() setSecurityPolicy(self._oldPolicy)
def spoofRequest(app): """ Make REQUEST variable to be available on the Zope application server. This allows acquisition to work properly """ _policy = PermissiveSecurityPolicy() setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) return makerequest(app)
def _restorePolicyAndManager(self): from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy if self._old_mgr is not self._marker: self.setSecurityManager(self._old_mgr) else: noSecurityManager() if self._old_policy is not self._marker: setSecurityPolicy(self._old_policy)
def spoof_request(app): """ http://docs.plone.org/develop/plone/misc/commandline.html """ from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy, OmnipotentUser _policy = PermissiveSecurityPolicy() setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) return app
def assert_is_checked_via_security_manager(self, pt_content): from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate from AccessControl.SecurityManager import setSecurityPolicy from AccessControl.SecurityManagement import noSecurityManager pt = ZopePageTemplate('mytemplate', pt_content) noSecurityManager() old_security_policy = setSecurityPolicy(UnauthorizedSecurityPolicy()) try: hack_pt(pt, context=self.portal) self.assertRaises(Unauthorized, pt.pt_render) finally: setSecurityPolicy(old_security_policy)
def test__authorizeUser_force_ok( self ): zcuf = self._makeOne() faux = FauxUser( 'faux' ) class PermissiveSP: def validate( self , user , accessed , container , name , value , roles=None ): return 1 self._oldSecurityPolicy = setSecurityPolicy( PermissiveSP() ) self.failUnless( zcuf._authorizeUser( faux , accessed=FauxObject('a') , container=FauxObject('c') , name='name' , value=FauxObject('v') , roles=() ) )
def _initPolicyAndManager(self, manager=None): from AccessControl.SecurityManagement import get_ident from AccessControl.SecurityManagement import _managers from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from AccessControl.ZopeSecurityPolicy import ZopeSecurityPolicy class UnderprivilegedUser: """ Anonymous USer for unit testing purposes. """ def getId(self): return 'Underprivileged User' getUserName = getId def allowed(self, object, object_roles=None): return 0 def getRoles(self): return () self._policy = ZopeSecurityPolicy() self._old_policy = setSecurityPolicy(self._policy) if manager is None: thread_id = get_ident() self._old_mgr = manager=_managers.get(thread_id, self._marker) newSecurityManager(None, UnderprivilegedUser()) else: self._old_mgr = self.setSecurityManager(manager)
def main(app): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) # Reindex content catalog catalog = app.plone.content.catalog catalog.refreshCatalog(clear=1) # Reindex lenses catalog catalog = app.plone.lens_catalog catalog.refreshCatalog(clear=1) # clear hit count htool=app.plone.portal_hitcount htool.resetHitCounts() ###FIXME resetHitCounts is currently broken: remove this when fixed objs = app.plone.content.objectValues(['Version Folder','Module Version Folder']) for ob in objs: try: htool.registerObject(ob.id,ob.latest.created) except IndexError: # Bad object in content pass transaction.commit()
def main(app): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) deCNX(app.plone) transaction.commit()
def setup(app, path): _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) site = app.unrestrictedTraverse(path) populateFolder(site, 'Folder', 'Document') return site
def setUp(self): cleanUp() from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CompositePage.tests.test_tool import PermissiveSecurityPolicy self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def su(self, username=None): """Change to named user. Return to permissive security policy if no username is given. """ if username is None: self._make_permissive() print "PermissiveSecurityPolicy put back in place" return user = ( self.portal.acl_users.getUser(username) or self.app.acl_users.getUser(username) ) if not user: print "Can't find %s in %s" % (username, self.portal.acl_users) return from AccessControl.ZopeSecurityPolicy import ZopeSecurityPolicy from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManagement import getSecurityManager from AccessControl.SecurityManager import setSecurityPolicy _policy = ZopeSecurityPolicy() self.oldpolicy = setSecurityPolicy(_policy) wrapped_user = user.__of__(self.portal.acl_users) newSecurityManager(None, wrapped_user) print 'User changed.' return getSecurityManager().getUser()
def setUp(self): transaction.begin() self._policy = PermissiveSecurityPolicy() self._oldPolicy = setSecurityPolicy(self._policy) self.connection = Zope2.DB.open() self.root = self.connection.root()[ 'Application' ] newSecurityManager( None, AnonymousUser().__of__( self.root ) )
def main(app, id, title, dbauser, dbuser, dbname, dbserver, dbport): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) # Add Rhaptos Site factory = app.manage_addProduct['RhaptosSite'] factory.manage_addRhaptosSite(id, title=title, description='', dbauser=dbauser, dbapass=None, dbuser=dbuser, dbpass=None, dbname=dbname, dbserver=dbserver, dbport=dbport and int(dbport) or None) # Add Virtual Host Entry app.virtual_hosting.set_map('http://*.cnx.rice.edu/ /'+id+'\nhttp://localhost/ /'+id) # Apply cnx.org styles site = getattr(app, id) site.portal_setup.setImportContext( 'profile-Products.CNXPloneSite:default') site.portal_setup.manage_importSelectedSteps( ['cnx_install'], True, # run_dependencies app.REQUEST.RESPONSE) transaction.commit()
def main(app, data_dir): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) #uninstallProducts(app.plone) logger.info('Generating collections list') generateCollectionsList(app.plone, data_dir) logger.info('Generating modules list') generateModulesList(app.plone, data_dir) logger.info('Deleting groups') cleanoutGroups(app.plone, data_dir) transaction.savepoint(optimistic=True) logger.info('Deleting lenses') cleanoutLenses(app.plone, data_dir) transaction.savepoint(optimistic=True) logger.info('Deleting content') cleanoutRhaptosContent(app.plone, data_dir) transaction.savepoint(optimistic=True) logger.info('Deleting users') cleanoutUsers(app.plone, data_dir) transaction.savepoint(optimistic=True) postCleanoutPopularity(app.plone, data_dir) transaction.savepoint(optimistic=True) app.plone.portal_catalog.refreshCatalog(clear=1) transaction.commit()
def assert_is_checked_via_security_manager(self, pt_content): from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate from AccessControl.SecurityManager import setSecurityPolicy from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManagement import getSecurityManager pt = ZopePageTemplate('mytemplate', pt_content) noSecurityManager() old_security_policy = setSecurityPolicy(UnauthorizedSecurityPolicy()) getSecurityManager() try: hack_pt(pt, context=self.app) with self.assertRaises(Unauthorized) as err: pt.pt_render() self.assertEqual("Nothing is allowed!", str(err.exception)) finally: setSecurityPolicy(old_security_policy)
def setUp(self): from zope.testing.cleanup import cleanUp from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CompositePage.tests.test_tool \ import PermissiveSecurityPolicy cleanUp() self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def test_constructContent_simple_FTI(self): from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from ..TypesTool import FactoryTypeInformation as FTI from .base.dummy import DummyFolder from .base.tidata import FTIDATA_DUMMY site = self._makeSite().__of__(self.app) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) fti = FTIDATA_DUMMY[0].copy() tool._setObject('Dummy Content', FTI(**fti)) folder = DummyFolder(id='folder', fake_product=1).__of__(site) tool.constructContent('Dummy Content', container=folder, id='page1') self.assertEqual(folder.page1.portal_type, 'Dummy Content')
def spoofRequest(app): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) this_environ = {'SERVER_PORT': '80', 'REQUEST_METHOD': 'GET'} this_environ["SERVER_NAME"] = environ.get('SERVER_NAME', 'localhost') if 'VH_ROOT' in environ: this_environ['VH_ROOT'] = environ['VH_ROOT'] return makerequest(app, environ=this_environ)
def test_constructContent_simple_FTI(self): from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI from Products.CMFCore.tests.base.dummy import DummyFolder from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY site = self._makeSite().__of__(self.root) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) fti = FTIDATA_DUMMY[0].copy() tool._setObject('Dummy Content', FTI(**fti)) folder = DummyFolder(id='folder', fake_product=1).__of__(site) tool.constructContent('Dummy Content', container=folder, id='page1') self.assertEqual(folder.page1.portal_type, 'Dummy Content')
def test_constructContent(self): from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from AccessControl.unauthorized import Unauthorized from Products.PythonScripts.PythonScript import PythonScript from Products.CMFCore.PortalFolder import PortalFolder from Products.CMFCore.TypesTool \ import ScriptableTypeInformation as STI from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher from Products.CMFCore.tests.base.tidata import STI_SCRIPT site = self.site acl_users = self.acl_users ttool = self.ttool setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) self.site._owner = (['acl_users'], 'all_powerful_Oz') sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') ttool._setObject('Baz', sti_baz) ttool._setObject('addBaz', PythonScript('addBaz')) s = ttool.addBaz s.write(STI_SCRIPT) f = site._setObject('folder', PortalFolder(id='folder')) f.manage_addProduct = {'FooProduct': DummyFactoryDispatcher(f)} f._owner = (['acl_users'], 'user_foo') self.assertEqual(f.getOwner(), acl_users.user_foo) ttool.constructContent('Dummy Content', container=f, id='page1') try: ttool.constructContent('Baz', container=f, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised') wf = site.portal_workflow.wf wf.creation_guard.changeFromProperties({'guard_expr': 'python:False'}) try: ttool.constructContent('Dummy Content', container=f, id='page3') except Unauthorized, e: self.assertEqual(str(e), "Cannot create Dummy Content")
def spoofRequest(app): """ Make REQUEST variable to be available on the Zope application server. This allows acquisition to work properly """ _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) # noqa newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) return makerequest(app)
def test_filtered_meta_types(self): class _DummySecurityPolicy(object): def checkPermission(self, permission, object, context): return permission == 'addFoo' om = self._makeOne() om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'}, {'name': 'Bar', 'permission': 'addBar'}, {'name': 'Baz'}) try: oldPolicy = setSecurityPolicy(_DummySecurityPolicy()) self.assertEqual(len(om.filtered_meta_types()), 2) self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo') self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz') finally: noSecurityManager() setSecurityPolicy(oldPolicy)
def main(): global app attr_storage = AttributeStorage() fss_storage = FileSystemStorage() app = makerequest(app) _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) global portal, ct portal = app[ploneid] setSite(portal) # Initialization log('Initialized at', datetime.now().isoformat()) ct = getToolByName(portal, 'portal_catalog') fssfiles = ct.searchResults({'portal_type':pt}) for fssfile in fssfiles: log('Migrating: [%s] %s in %s ... ' %(fssfile.portal_type,fssfile.id, fssfile.getPath())) obj = portal.restrictedTraverse(fssfile.getPath()) try: f_tp = 'image' field = obj.Schema()[f_tp] except KeyError, e: f_tp = 'file' field = obj.Schema()[f_tp] fieldstorage = field.storage try: mimetype = field.getContentType(obj) except: mimetype = obj.getContentType() content = StringIO(str(fss_storage.get(f_tp, obj))) # Cleaning the storage fss_storage.unset(f_tp, obj) field.set(obj, content) field.setContentType(obj, mimetype) field.setFilename(obj,obj.id) log('Transaction commit and Data.fs synchronism.') transaction.commit() app._p_jar.sync()
def main(): global app attr_storage = AttributeStorage() fss_storage = FileSystemStorage() app = makerequest(app) _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) global portal, ct portal = app[ploneid] setSite(portal) # Initialization log('Initialized at', datetime.now().isoformat()) ct = getToolByName(portal, 'portal_catalog') fssfiles = ct.searchResults({'portal_type': pt}) for fssfile in fssfiles: log('Migrating: [%s] %s in %s ... ' % (fssfile.portal_type, fssfile.id, fssfile.getPath())) obj = portal.restrictedTraverse(fssfile.getPath()) try: f_tp = 'image' field = obj.Schema()[f_tp] except KeyError, e: f_tp = 'file' field = obj.Schema()[f_tp] fieldstorage = field.storage try: mimetype = field.getContentType(obj) except: mimetype = obj.getContentType() content = StringIO(str(fss_storage.get(f_tp, obj))) # Cleaning the storage fss_storage.unset(f_tp, obj) field.set(obj, content) field.setContentType(obj, mimetype) field.setFilename(obj, obj.id) log('Transaction commit and Data.fs synchronism.') transaction.commit() app._p_jar.sync()
def su_zope(app): logger = logging.getLogger('collective.generic.devmode.su_zope') logger.debug('start') from AccessControl.SpecialUsers import system from AccessControl.SecurityManagement import newSecurityManager newSecurityManager(None, system) from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) logger.debug('end')
def test_constructContent_FTI_w_wftool_w_workflow_w_guard_denies(self): from AccessControl import Unauthorized from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI from Products.CMFCore.tests.base.dummy import DummyFolder from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY site = self._makeSite().__of__(self.root) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) fti = FTIDATA_DUMMY[0].copy() tool._setObject('Dummy Content', FTI(**fti)) folder = DummyFolder(id='folder', fake_product=1).__of__(site) tool.portal_workflow = DummyWorkflowTool(DummyWorkflow(False)) self.assertRaises(Unauthorized, tool.constructContent, 'Dummy Content', container=folder, id='page1')
def setImplementation(name): """Select the policy implementation to use. The 'name' must be either 'PYTHON' or 'C'. NOTE: this function is intended to be called exactly once, so that the Zope config file can dictate the policy implementation to be used. Subsequent calls to this function will have no effect!! """ import sys global _implementation_name global _implementation_set if _implementation_set: return name = name.upper() if name == _implementation_name: return if name == "C": from AccessControl import ImplC as impl elif name == "PYTHON": from AccessControl import ImplPython as impl else: raise ValueError("unknown policy implementation: %r" % name) _implementation_name = name for modname, names in _policy_names.items(): __import__(modname) mod = sys.modules[modname] for n in names: setattr(mod, n, getattr(impl, n)) if hasattr(mod, "initialize"): mod.initialize(impl) from AccessControl.SecurityManager import setSecurityPolicy policy = impl.ZopeSecurityPolicy(True, True) setSecurityPolicy(policy) _implementation_set = 1
def main(app, connection_string): _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) try: da = app.devrep except: # If server is down, try again, only throws one error da = app.devrep da.connection_string = connection_string transaction.commit() print "Connected %s to '%s'" % (da.connected(), da.connection_string)
def _make_permissive(self): """ Make a permissive security manager with all rights. Hell, we're developers, aren't we? Security is for whimps. :) """ from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy import AccessControl from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy _policy = PermissiveSecurityPolicy() self.oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, AccessControl.User.system)
def spoofRequest(app): """ Make REQUEST variable to be available on the Zope application server. This allows acquisition to work properly """ _policy=PermissiveSecurityPolicy() _oldpolicy=setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) info = {'SERVER_NAME': 'isaw4.atlantides.org', 'SERVER_PORT': '8083', 'REQUEST_METHOD': 'GET'} return makerequest(app, environ=info)
def __init__(self): """ """ app = makerequest(app) _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) self.site = app[ploneid] setSite(self.site) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) self.catalog = getToolByName(site, 'portal_catalog') self.searchfiles = self.catalog.searchResults(portal_type='File')
def setImplementation(name): """Select the policy implementation to use. The 'name' must be either 'PYTHON' or 'C'. NOTE: this function is intended to be called exactly once, so that the Zope config file can dictate the policy implementation to be used. Subsequent calls to this function will have no effect!! """ import sys global _implementation_name global _implementation_set if _implementation_set: return name = name.upper() if name == _implementation_name: return if name == "C": from AccessControl import ImplC as impl # NOQA elif name == "PYTHON": from AccessControl import ImplPython as impl # NOQA else: raise ValueError("unknown policy implementation: %r" % name) _implementation_name = name for modname, names in _policy_names.items(): __import__(modname) mod = sys.modules[modname] for n in names: setattr(mod, n, getattr(impl, n)) if hasattr(mod, "initialize"): mod.initialize(impl) from AccessControl.SecurityManager import setSecurityPolicy policy = impl.ZopeSecurityPolicy(True, True) setSecurityPolicy(policy) _implementation_set = 1
def spoofRequest(app): """ Make REQUEST variable to be available on the Zope application server. This allows acquisition to work properly """ _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) info = { 'SERVER_NAME': 'isaw4.atlantides.org', 'SERVER_PORT': '8083', 'REQUEST_METHOD': 'GET' } return makerequest(app, environ=info)
def test_constructContent_simple_STI(self): from AccessControl import Unauthorized from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.PortalFolder import PortalFolder from Products.CMFCore.TypesTool \ import ScriptableTypeInformation as STI from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher from Products.CMFCore.tests.base.tidata import STI_SCRIPT from Products.PythonScripts.PythonScript import PythonScript site = self._makeSite().__of__(self.root) acl_users = site.acl_users setSecurityPolicy(self._oldPolicy) newSecurityManager(None, acl_users.all_powerful_Oz) tool = self._makeOne().__of__(site) sti_baz = STI('Baz', permission='Add portal content', constructor_path='addBaz') tool._setObject('Baz', sti_baz) script = PythonScript('addBaz') script.write(STI_SCRIPT) tool._setObject('addBaz', script) folder = site._setObject('folder', PortalFolder(id='folder')) folder.manage_addProduct = { 'FooProduct': DummyFactoryDispatcher(folder) } folder._owner = (['acl_users'], 'user_foo') self.assertEqual(folder.getOwner(), acl_users.user_foo) try: tool.constructContent('Baz', container=folder, id='page2') except Unauthorized: self.fail('CMF Collector issue #165 (Ownership bug): ' 'Unauthorized raised') self.assertEqual(folder.page2.portal_type, 'Baz')
def test_FakeExecutableObject(self): from AccessControl import getSecurityManager from AccessControl.ImplPython import ZopeSecurityPolicy from AccessControl.Permission import Permission from AccessControl.SecurityManagement import newSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from Products.CMFCore.utils import FakeExecutableObject setSecurityPolicy(ZopeSecurityPolicy()) site = self._makeSite() newSecurityManager(None, site.acl_users.user_foo) obj = site.bar_dummy Permission('FOO', (), obj).setRoles(('FOO_ROLE',)) sm = getSecurityManager() self.assertFalse(sm.checkPermission('FOO', obj)) eo = FakeExecutableObject(('FOO_ROLE',)) sm.addContext(eo) try: self.assertTrue(sm.checkPermission('FOO', obj)) finally: sm.removeContext(eo) self.assertFalse(sm.checkPermission('FOO', obj))
def main(app, license_url, workspaces=None): _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) for wgname in workspaces: wg = app.plone.GroupWorkspaces[wgname] print wgname for m in wg.objectValues(): if m.state == 'published': print 'Skipping published: ', m.id else: print ' ', m.id m.license = license_url transaction.commit()
def setUp(self): self.root = Folder() self.root.getPhysicalPath = lambda: () self.root.getPhysicalRoot = lambda r=self.root: r self.root.composite_tool = CompositeTool() self.tool = self.root.composite_tool self.tool._check_security = 0 self.root.slot = Slot("slot") self.slot = self.root.slot f = Folder() f._setId("f") self.slot._setObject(f.id, f) g = Folder() g._setId("g") self.slot._setObject(g.id, g) self.root.otherslot = Slot("otherslot") self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def setUp(self): try: import Zope2 as Zope except ImportError: import Zope if hasattr(Zope, 'startup'): Zope.startup() try: from transaction import begin except ImportError: get_transaction().begin() else: begin() self._policy = PermissiveSecurityPolicy() self._oldPolicy = setSecurityPolicy(self._policy) self.connection = Zope.DB.open() self.root = self.connection.root()['Application'] newSecurityManager(None, OmnipotentUser().__of__(self.root))
def setUp(self): f = Folder() f.getPhysicalPath = lambda: () f.getPhysicalRoot = lambda f=f: f f.composite = Composite() f.composite._setId("composite") t = ZopePageTemplate( id="template", text=template_text, content_type="text/html") if t.pt_errors(): raise SyntaxError(t.pt_errors()) f.composite.template = t f.composite.filled_slots.slot_a = slot_a = Slot("slot_a") a1 = ZopePageTemplate(id="a1", text="<b>Slot A</b>") f._setObject(a1.id, a1) e1 = CompositeElement('e1', f.a1) slot_a._setObject(e1.id, e1) self.composite = f.composite self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def su(self, username): """ Change to named user. """ # TODO Make it easy to change back to permissive security. user = self.portal.acl_users.getUser(username) if not user: print "Can't find %s in %s" % (username, self.portal.acl_users) return from AccessControl import ZopeSecurityPolicy import AccessControl from AccessControl.SecurityManagement import newSecurityManager, getSecurityManager from AccessControl.SecurityManager import setSecurityPolicy _policy = ZopeSecurityPolicy self.oldpolicy = setSecurityPolicy(_policy) wrapped_user = user.__of__(self.portal.acl_users) newSecurityManager(None, user) print 'User changed.' return getSecurityManager().getUser()
def main(app, connection_string): _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users)) app = makerequest(app) da = app.devrep retry = -1 while retry < 0: try: da.edit(da.title, connection_string, da.zdatetime, check=True, tilevel=da.tilevel, encoding=da.encoding, ustrings=da.ustrings) break except: # First time failing. Trying to use old cnx_str retry += 1 transaction.commit() transaction.commit()
def setUp(self): from AccessControl.SecurityManagement import noSecurityManager from AccessControl.SecurityManager import setSecurityPolicy from OFS.Folder import Folder from Products.CompositePage.slot import Slot from Products.CompositePage.tool import CompositeTool self.root = Folder() self.root.getPhysicalPath = lambda: () self.root.getPhysicalRoot = lambda r=self.root: r self.root.composite_tool = CompositeTool() self.tool = self.root.composite_tool self.tool._check_security = 0 self.root.slot = Slot("slot") self.slot = self.root.slot f = Folder() f._setId("f") self.slot._setObject(f.id, f) g = Folder() g._setId("g") self.slot._setObject(g.id, g) self.root.otherslot = Slot("otherslot") self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy()) noSecurityManager()
def test__authorizeUser_force_no_way(self): zcuf = self._makeOne() faux = FauxUser('faux') class ParanoidSP: def validate(self, user, accessed, container, name, value, roles=None): return 0 self._oldSecurityPolicy = setSecurityPolicy(ParanoidSP()) self.failIf( zcuf._authorizeUser(faux, accessed=FauxObject('a'), container=FauxObject('c'), name='name', value=FauxObject('v'), roles=()))
def tearDown(self): transaction.abort() self.connection.close() noSecurityManager() setSecurityPolicy(self._oldPolicy)
def tearDown(self): if self._oldSecurityPolicy is not None: setSecurityPolicy(self._oldSecurityPolicy) noSecurityManager()
def tearDown(self): noSecurityManager() setSecurityPolicy(self._oldPolicy)
def spoofRequest(app): _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) return makerequest(app)
def tearDown(self): noSecurityManager() setSecurityPolicy(self._oldPolicy) TransactionalTest.tearDown(self)
def setUp(self): TransactionalTest.setUp(self) self._policy = PermissiveSecurityPolicy() self._oldPolicy = setSecurityPolicy(self._policy) newSecurityManager(None, AnonymousUser().__of__(self.app.acl_users))
def tearDown(self): setSecurityPolicy(self.old_policy) noSecurityManager()
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy from Products.CMFCore.tests.base.security import OmnipotentUser from Products.CMFCore.utils import getToolByName from zope.app.component.hooks import setSite from Acquisition import aq_base from datetime import datetime from AccessControl.SecurityManagement import noSecurityManager attr_storage = AttributeStorage() ploneid = 'essintra' pt = ('File', ) app = makerequest(app) _policy = PermissiveSecurityPolicy() _oldpolicy = setSecurityPolicy(_policy) newSecurityManager(None, OmnipotentUser().__of__(app.acl_users)) portal = app[ploneid] setSite(portal) print 'Iniciado as ', print datetime.now().isoformat() ct = getToolByName(portal, 'portal_catalog') arquivos = ct.searchResults({'portal_type': pt}) for arq in arquivos: print 'Populando: %s em %s ... ' % (arq.id, arq.getPath()), obj = portal.restrictedTraverse(arq.getPath())