def testProxyRoleScope(self): self.a.subobject = ImplictAcqObject() subobject = self.a.subobject subobject.acl_users = UserFolder() subobject.acl_users._addUser('theowner', 'password', 'password', eo_roles + sysadmin_roles, ()) subobject.item = UnprotectedSimpleItem() subitem = subobject.item subitem.owned_setuid_m = OwnedSetuidMethod() subitem.getPhysicalRoot = lambda root=self.a: root item = self.a.item item.getPhysicalRoot = lambda root=self.a: root self.context.stack.append(subitem.owned_setuid_m.__of__(subitem)) # Out of owner context self.assertPolicyAllows(item, 'public_m') self.assertPolicyDenies(item, 'protected_m') self.assertPolicyDenies(item, 'owned_m') self.assertPolicyAllows(item, 'setuid_m') self.assertPolicyDenies(item, 'dangerous_m') # Inside owner context self.assertPolicyAllows(subitem, 'public_m') self.assertPolicyDenies(subitem, 'protected_m') self.assertPolicyDenies(subitem, 'owned_m') self.assertPolicyAllows(subitem, 'setuid_m') self.assertPolicyAllows(subitem, 'dangerous_m')
def setUp(self): CookieCrumblerTests.setUp(self) root = Folder() self.root = root root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this root.getPhysicalPath = lambda: () # hack root._View_Permission = ('Anonymous', ) users = UserFolder() users._setId('acl_users') users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ()) users._doAddUser('isaac', 'pass-w', ('Son', ), ()) users._doAddUser( 'abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm', 'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww', ('Son', ), ()) root._setObject(users.id, users) cc = CookieCrumbler() cc.id = 'cookie_authentication' root._setObject(cc.id, cc) self.cc = getattr(root, cc.id) index = DTMLMethod() index.munge('This is the default view') index._setId('index_html') root._setObject(index.getId(), index) login = DTMLMethod() login.munge('Please log in first.') login._setId('login_form') root._setObject(login.getId(), login) protected = DTMLMethod() protected._View_Permission = ('Manager', ) protected.munge('This is the protected view') protected._setId('protected') root._setObject(protected.getId(), protected) self.responseOut = StringIO() self.req = makerequest(root, self.responseOut) self.credentials = urllib.quote( base64.encodestring('abraham:pass-w').replace('\012', ''))
def __init__(self): # Initialize users uf = UserFolder() self.__allow_groups__ = uf self._setObject('acl_users', uf) # Initialize control panel cpl = ApplicationManager() cpl._init() self._setObject('Control_Panel', cpl) transaction.get().note("Created Zope Application")
def setUp(self): transaction.begin() self.app = makerequest(Zope2.app()) try: # Set up a user and role self.uf = UserFolder().__of__(self.app) self.uf._doAddUser('user1', 'secret', ['role1'], []) self.app._addRole('role1') self.app.manage_role('role1', ['View']) # Set up a published object accessible to user self.app.addDTMLMethod('doc', file='') self.app.doc.manage_permission('View', ['role1'], acquire=0) # Rig the REQUEST so it looks like we traversed to doc self.app.REQUEST.set('PUBLISHED', self.app.doc) self.app.REQUEST.set('PARENTS', [self.app]) self.app.REQUEST.steps = ['doc'] self.basic = 'Basic %s' % base64.encodestring('user1:secret') except: self.tearDown() raise
def test__doAddUser_with_not_yet_encrypted_passwords(self): # See collector #1869 && #1926 from AccessControl.AuthEncoding import pw_validate USER_ID = 'not_yet_encrypted' PASSWORD = '******' uf = UserFolder().__of__(self.app) uf.encrypt_passwords = True self.failIf(uf._isPasswordEncrypted(PASSWORD)) uf._doAddUser(USER_ID, PASSWORD, [], []) user = uf.getUserById(USER_ID) self.failUnless(uf._isPasswordEncrypted(user.__)) self.failUnless(pw_validate(user.__, PASSWORD))
def setUp(self): CookieCrumblerTests.setUp(self) root = Folder() self.root = root root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this root.getPhysicalPath = lambda: () # hack root._View_Permission = ('Anonymous',) users = UserFolder() users._setId('acl_users') users._doAddUser('abraham', 'pass-w', ('Patriarch',), ()) users._doAddUser('isaac', 'pass-w', ('Son',), ()) users._doAddUser('abrahammmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm', 'pass-wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww', ('Son',), ()) root._setObject(users.id, users) cc = CookieCrumbler() cc.id = 'cookie_authentication' root._setObject(cc.id, cc) self.cc = getattr(root, cc.id) index = DTMLMethod() index.munge('This is the default view') index._setId('index_html') root._setObject(index.getId(), index) login = DTMLMethod() login.munge('Please log in first.') login._setId('login_form') root._setObject(login.getId(), login) protected = DTMLMethod() protected._View_Permission = ('Manager',) protected.munge('This is the protected view') protected._setId('protected') root._setObject(protected.getId(), protected) self.responseOut = StringIO() self.req = makerequest(root, self.responseOut) self.credentials = urllib.quote( base64.encodestring('abraham:pass-w').replace('\012', ''))
def test__doAddUser_with_preencrypted_passwords(self): # See collector #1869 && #1926 from AccessControl.AuthEncoding import pw_validate USER_ID = 'already_encrypted' PASSWORD = '******' uf = UserFolder().__of__(self.app) uf.encrypt_passwords = True ENCRYPTED = uf._encryptPassword(PASSWORD) uf._doAddUser(USER_ID, ENCRYPTED, [], []) user = uf.getUserById(USER_ID) self.assertEqual(user.__, ENCRYPTED) self.failUnless(uf._isPasswordEncrypted(user.__)) self.failUnless(pw_validate(user.__, PASSWORD))
def _makeSite(self): import base64 from cStringIO import StringIO import urllib from AccessControl.User import UserFolder from OFS.Folder import Folder from OFS.DTMLMethod import DTMLMethod root = Folder() root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this root.getPhysicalPath = lambda: () # hack root._View_Permission = ('Anonymous', ) users = UserFolder() users._setId('acl_users') users._doAddUser('abraham', 'pass-w', ('Patriarch', ), ()) users._doAddUser('isaac', 'pass-w', ('Son', ), ()) root._setObject(users.id, users) cc = self._makeOne() cc.id = self._CC_ID root._setObject(cc.id, cc) index = DTMLMethod() index.munge('This is the default view') index._setId('index_html') root._setObject(index.getId(), index) login = DTMLMethod() login.munge('Please log in first.') login._setId('login_form') root._setObject(login.getId(), login) protected = DTMLMethod() protected._View_Permission = ('Manager', ) protected.munge('This is the protected view') protected._setId('protected') root._setObject(protected.getId(), protected) req = makerequest(root, StringIO()) self._finally = req.close credentials = urllib.quote( base64.encodestring('abraham:pass-w').rstrip()) return root, cc, req, credentials
def _makeSite(self): import base64 from cStringIO import StringIO import urllib from AccessControl.User import UserFolder from OFS.Folder import Folder from OFS.DTMLMethod import DTMLMethod root = Folder() root.isTopLevelPrincipiaApplicationObject = 1 # User folder needs this root.getPhysicalPath = lambda: () # hack root._View_Permission = ('Anonymous',) users = UserFolder() users._setId('acl_users') users._doAddUser('abraham', 'pass-w', ('Patriarch',), ()) users._doAddUser('isaac', 'pass-w', ('Son',), ()) root._setObject(users.id, users) cc = self._makeOne() cc.id = self._CC_ID root._setObject(cc.id, cc) index = DTMLMethod() index.munge('This is the default view') index._setId('index_html') root._setObject(index.getId(), index) login = DTMLMethod() login.munge('Please log in first.') login._setId('login_form') root._setObject(login.getId(), login) protected = DTMLMethod() protected._View_Permission = ('Manager',) protected.munge('This is the protected view') protected._setId('protected') root._setObject(protected.getId(), protected) req = makerequest(root, StringIO()) self._finally = req.close credentials = urllib.quote( base64.encodestring('abraham:pass-w').rstrip()) return root, cc, req, credentials
def test_store_user_folder(self): conn = self.db.open() try: app = conn.root()['Application'] if hasattr(app, 'acl_users'): app._delObject('acl_users') f = UserFolder() f.id = 'acl_users' app._setObject(f.id, f, set_owner=0) f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ()) f._doAddUser('joe', '123', ('Geek', ), ()) transaction.commit() # Be sure ZODB sees the unmanaged persistent objects u = f.data['ned'] self.assertEqual(f.data._p_oid, 'unmanaged') self.assertEqual(u._p_oid, 'unmanaged') # Make some changes u.roles = ('Knight', 'King') u.domains = ('localhost', ) del f.data['joe'] # Test user deletion transaction.commit() conn2 = self.db.open() try: app = conn2.root()['Application'] ff = app.acl_users self.assert_(aq_base(app.__allow_groups__) is aq_base(ff)) self.assertEqual(len(ff.data), 1) user = ff.data['ned'] self.assertEqual(user.name, 'ned') self.assertEqual(len(user.roles), 2) self.assert_('Knight' in user.roles) self.assert_('King' in user.roles) self.assertEqual(user.domains, ('localhost', )) self.assert_(user is not u) finally: conn2.close() finally: conn.close()
def setUp(self): a = App() self.a = a a.item = UnprotectedSimpleItem() a.itemb = UnprotectedSimpleItemBool() self.item = a.item a.r_item = RestrictedSimpleItem() a.item1 = PartlyProtectedSimpleItem1() a.item2 = PartlyProtectedSimpleItem2() a.item3 = PartlyProtectedSimpleItem3() uf = UserFolder() a.acl_users = uf self.uf = a.acl_users uf._addUser('joe', 'password', 'password', user_roles, ()) uf._addUser('theowner', 'password', 'password', eo_roles, ()) user = uf.getUserById('joe') self.user = user context = SecurityContext(user) self.context = context self.policy = self._makeOne()
def test_checkPermission_proxy_role_scope(self): self.a.subobject = ImplictAcqObject() subobject = self.a.subobject subobject.acl_users = UserFolder() subobject.acl_users._addUser('theowner', 'password', 'password', eo_roles + sysadmin_roles, ()) subobject.r_item = RestrictedSimpleItem() r_subitem = subobject.r_item r_subitem.owned_setuid_m = OwnedSetuidMethod() r_subitem.getPhysicalRoot = lambda root=self.a: root r_item = self.a.r_item r_item.getPhysicalRoot = lambda root=self.a: root context = self.context context.stack.append(r_subitem.owned_setuid_m.__of__(r_subitem)) # Out of owner context self.failIf(self.policy.checkPermission('View', r_item, context)) self.failIf(self.policy.checkPermission('Kill', r_item, context)) # Inside owner context self.failIf(self.policy.checkPermission('View', r_subitem, context)) self.failUnless(self.policy.checkPermission('Kill', r_subitem, context))
def test_store_user_folder(self): conn = self.db.open() try: app = conn.root()['Application'] if hasattr(app, 'acl_users'): app._delObject('acl_users') f = UserFolder() f.id = 'acl_users' app._setObject(f.id, f, set_owner=0) f._doAddUser('ned', 'abcdefg', ('Serf', 'Knight', 'King'), ()) f._doAddUser('joe', '123', ('Geek',), ()) transaction.commit() # Be sure ZODB sees the unmanaged persistent objects u = f.data['ned'] self.assertEqual(f.data._p_oid, 'unmanaged') self.assertEqual(u._p_oid, 'unmanaged') # Make some changes u.roles = ('Knight', 'King') u.domains = ('localhost',) del f.data['joe'] # Test user deletion transaction.commit() conn2 = self.db.open() try: app = conn2.root()['Application'] ff = app.acl_users self.assert_(aq_base(app.__allow_groups__) is aq_base(ff)) self.assertEqual(len(ff.data), 1) user = ff.data['ned'] self.assertEqual(user.name, 'ned') self.assertEqual(len(user.roles), 2) self.assert_('Knight' in user.roles) self.assert_('King' in user.roles) self.assertEqual(user.domains, ('localhost',)) self.assert_(user is not u) finally: conn2.close() finally: conn.close()
class UserFolderTests(unittest.TestCase): def setUp(self): transaction.begin() self.app = makerequest(Zope2.app()) try: # Set up a user and role self.uf = UserFolder().__of__(self.app) self.uf._doAddUser('user1', 'secret', ['role1'], []) self.app._addRole('role1') self.app.manage_role('role1', ['View']) # Set up a published object accessible to user self.app.addDTMLMethod('doc', file='') self.app.doc.manage_permission('View', ['role1'], acquire=0) # Rig the REQUEST so it looks like we traversed to doc self.app.REQUEST.set('PUBLISHED', self.app.doc) self.app.REQUEST.set('PARENTS', [self.app]) self.app.REQUEST.steps = ['doc'] self.basic = 'Basic %s' % base64.encodestring('user1:secret') except: self.tearDown() raise def tearDown(self): noSecurityManager() transaction.abort() self.app._p_jar.close() def login(self, name): user = self.uf.getUserById(name) user = user.__of__(self.uf) newSecurityManager(None, user) def test_z3interfaces(self): from AccessControl.interfaces import IStandardUserFolder from AccessControl.User import UserFolder from zope.interface.verify import verifyClass verifyClass(IStandardUserFolder, UserFolder) def testGetUser(self): self.failIfEqual(self.uf.getUser('user1'), None) def testGetBadUser(self): self.assertEqual(self.uf.getUser('user2'), None) def testGetUserById(self): self.failIfEqual(self.uf.getUserById('user1'), None) def testGetBadUserById(self): self.assertEqual(self.uf.getUserById('user2'), None) def testGetUsers(self): users = self.uf.getUsers() self.failUnless(users) self.assertEqual(users[0].getUserName(), 'user1') def testGetUserNames(self): names = self.uf.getUserNames() self.failUnless(names) self.assertEqual(names[0], 'user1') def testIdentify(self): name, password = self.uf.identify(self.basic) self.assertEqual(name, 'user1') self.assertEqual(password, 'secret') def testGetRoles(self): user = self.uf.getUser('user1') self.failUnless('role1' in user.getRoles()) def testGetRolesInContext(self): user = self.uf.getUser('user1') self.app.manage_addLocalRoles('user1', ['Owner']) roles = user.getRolesInContext(self.app) self.failUnless('role1' in roles) self.failUnless('Owner' in roles) def testHasRole(self): user = self.uf.getUser('user1') self.failUnless(user.has_role('role1', self.app)) def testHasLocalRole(self): user = self.uf.getUser('user1') self.app.manage_addLocalRoles('user1', ['Owner']) self.failUnless(user.has_role('Owner', self.app)) def testHasPermission(self): user = self.uf.getUser('user1') self.failUnless(user.has_permission('View', self.app)) self.app.manage_role('role1', ['Add Folders']) self.failUnless(user.has_permission('Add Folders', self.app)) def testHasLocalRolePermission(self): user = self.uf.getUser('user1') self.app.manage_role('Owner', ['Add Folders']) self.app.manage_addLocalRoles('user1', ['Owner']) self.failUnless(user.has_permission('Add Folders', self.app)) def testAuthenticate(self): user = self.uf.getUser('user1') self.failUnless(user.authenticate('secret', self.app.REQUEST)) def testValidate(self): user = self.uf.validate(self.app.REQUEST, self.basic, ['role1']) self.failIfEqual(user, None) self.assertEqual(user.getUserName(), 'user1') def testNotValidateWithoutAuth(self): user = self.uf.validate(self.app.REQUEST, '', ['role1']) self.assertEqual(user, None) def testValidateWithoutRoles(self): # Note - calling uf.validate without specifying roles will cause # the security machinery to determine the needed roles by looking # at the object itself (or its container). I'm putting this note # in to clarify because the original test expected failure but it # really should have expected success, since the user and the # object being checked both have the role 'role1', even though no # roles are passed explicitly to the userfolder validate method. user = self.uf.validate(self.app.REQUEST, self.basic) self.assertEqual(user.getUserName(), 'user1') def testNotValidateWithEmptyRoles(self): user = self.uf.validate(self.app.REQUEST, self.basic, []) self.assertEqual(user, None) def testNotValidateWithWrongRoles(self): user = self.uf.validate(self.app.REQUEST, self.basic, ['Manager']) self.assertEqual(user, None) def testAllowAccessToUser(self): self.login('user1') try: self.app.restrictedTraverse('doc') except Unauthorized: self.fail('Unauthorized') def testDenyAccessToAnonymous(self): self.assertRaises(Unauthorized, self.app.restrictedTraverse, 'doc') def testMaxListUsers(self): # create a folder-ish thing which contains a roleManager, # then put an acl_users object into the folde-ish thing class Folderish(BasicUserFolder): def __init__(self, size, count): self.maxlistusers = size self.users = [] self.acl_users = self self.__allow_groups__ = self for i in xrange(count): self.users.append("Nobody") def getUsers(self): return self.users def user_names(self): return self.getUsers() tinyFolderOver = Folderish(15, 20) tinyFolderUnder = Folderish(15, 10) assert tinyFolderOver.maxlistusers == 15 assert tinyFolderUnder.maxlistusers == 15 assert len(tinyFolderOver.user_names()) == 20 assert len(tinyFolderUnder.user_names()) == 10 try: list = tinyFolderOver.get_valid_userids() assert 0, "Did not raise overflow error" except OverflowError: pass try: list = tinyFolderUnder.get_valid_userids() pass except OverflowError: assert 0, "Raised overflow error erroneously" def test__doAddUser_with_not_yet_encrypted_passwords(self): # See collector #1869 && #1926 from AccessControl.AuthEncoding import pw_validate USER_ID = 'not_yet_encrypted' PASSWORD = '******' uf = UserFolder().__of__(self.app) uf.encrypt_passwords = True self.failIf(uf._isPasswordEncrypted(PASSWORD)) uf._doAddUser(USER_ID, PASSWORD, [], []) user = uf.getUserById(USER_ID) self.failUnless(uf._isPasswordEncrypted(user.__)) self.failUnless(pw_validate(user.__, PASSWORD)) def test__doAddUser_with_preencrypted_passwords(self): # See collector #1869 && #1926 from AccessControl.AuthEncoding import pw_validate USER_ID = 'already_encrypted' PASSWORD = '******' uf = UserFolder().__of__(self.app) uf.encrypt_passwords = True ENCRYPTED = uf._encryptPassword(PASSWORD) uf._doAddUser(USER_ID, ENCRYPTED, [], []) user = uf.getUserById(USER_ID) self.assertEqual(user.__, ENCRYPTED) self.failUnless(uf._isPasswordEncrypted(user.__)) self.failUnless(pw_validate(user.__, PASSWORD))
class Application(Globals.ApplicationDefaultPermissions, ZDOM.Root, Folder.Folder, App.ProductRegistry.ProductRegistry, FindSupport): """Top-level system object""" implements(IApplication) security = ClassSecurityInfo() title = 'Zope' __defined_roles__ = ('Manager', 'Anonymous', 'Owner') web__form__method = 'GET' isTopLevelPrincipiaApplicationObject = 1 _isBeingUsedAsAMethod_ = 0 # Create the help system object HelpSys = HelpSys('HelpSys') p_ = misc_.p_ misc_ = misc_.misc_ _reserved_names = ('Control_Panel', 'browser_id_manager', 'temp_folder') # This class-default __allow_groups__ ensures that the # emergency user can still access the system if the top-level # UserFolder is deleted. This is necessary to allow people # to replace the top-level UserFolder object. __allow_groups__ = UserFolder() # Set the universal default method to index_html _object_manager_browser_default_id = 'index_html' _initializer_registry = None def __init__(self): # Initialize users uf = UserFolder() self.__allow_groups__ = uf self._setObject('acl_users', uf) # Initialize control panel cpl = ApplicationManager() cpl._init() self._setObject('Control_Panel', cpl) transaction.get().note("Created Zope Application") def id(self): try: return self.REQUEST['SCRIPT_NAME'][1:] except: return self.title def title_and_id(self): return self.title def title_or_id(self): return self.title def __class_init__(self): InitializeClass(self) def PrincipiaRedirect(self, destination, URL1): """Utility function to allow user-controlled redirects""" if destination.find('//') >= 0: raise RedirectException, destination raise RedirectException, ("%s/%s" % (URL1, destination)) Redirect = ZopeRedirect = PrincipiaRedirect def __bobo_traverse__(self, REQUEST, name=None): try: return getattr(self, name) except AttributeError: pass try: return self[name] except KeyError: pass method = REQUEST.get('REQUEST_METHOD', 'GET') if not method in ('GET', 'POST'): return NullResource(self, name, REQUEST).__of__(self) # Waaa. unrestrictedTraverse calls us with a fake REQUEST. # There is proabably a better fix for this. try: REQUEST.RESPONSE.notFoundError("%s\n%s" % (name, method)) except AttributeError: raise KeyError, name def PrincipiaTime(self, *args): """Utility function to return current date/time""" return apply(DateTime, args) ZopeTime = PrincipiaTime security.declarePublic('ZopeAttributionButton') def ZopeAttributionButton(self): """Returns an HTML fragment that displays the 'powered by zope' button along with a link to the Zope site.""" return '<a href="http://www.zope.org/Credits" target="_top"><img ' \ 'src="%s/p_/ZopeButton" width="115" height="50" border="0" ' \ 'alt="Powered by Zope" /></a>' % escape(self.REQUEST.BASE1, 1) def DELETE(self, REQUEST, RESPONSE): """Delete a resource object.""" self.dav__init(REQUEST, RESPONSE) raise Forbidden, 'This resource cannot be deleted.' def MOVE(self, REQUEST, RESPONSE): """Move a resource to a new location.""" self.dav__init(REQUEST, RESPONSE) raise Forbidden, 'This resource cannot be moved.' test_url___allow_groups__ = None test_url = ZopeAttributionButton def absolute_url(self, relative=0): """The absolute URL of the root object is BASE1 or "/". """ if relative: return '' try: # Take advantage of computed URL cache return self.REQUEST['BASE1'] except (AttributeError, KeyError): return '/' def absolute_url_path(self): """The absolute URL path of the root object is BASEPATH1 or "/". """ try: return self.REQUEST['BASEPATH1'] or '/' except (AttributeError, KeyError): return '/' def virtual_url_path(self): """The virtual URL path of the root object is empty. """ return '' def getPhysicalRoot(self): return self def getPhysicalPath(self): """Get the physical path of the object. Returns a path (an immutable sequence of strings) that can be used to access this object again later, for example in a copy/paste operation. getPhysicalRoot() and getPhysicalPath() are designed to operate together. """ # We're at the base of the path. return ('', ) security.declarePrivate('fixupZClassDependencies') def fixupZClassDependencies(self, rebuild=0): # Note that callers should not catch exceptions from this method # to ensure that the transaction gets aborted if the registry # cannot be rebuilt for some reason. Returns true if any ZClasses # were registered as a result of the call or the registry was # rebuilt. jar = self._p_jar result = 0 if rebuild: from BTrees.OOBTree import OOBTree jar.root()['ZGlobals'] = OOBTree() result = 1 zglobals = jar.root()['ZGlobals'] reg_has_key = zglobals.has_key products = self.Control_Panel.Products for product in products.objectValues(): items = list(product.objectItems()) finished_dict = {} finished = finished_dict.has_key while items: name, ob = items.pop() base = aq_base(ob) if finished(id(base)): continue finished_dict[id(base)] = None try: # Try to re-register ZClasses if they need it. if hasattr(base, '_register') and hasattr( base, '_zclass_'): class_id = getattr(base._zclass_, '__module__', None) if class_id and not reg_has_key(class_id): ob._register() result = 1 if not rebuild: LOG.info('Registered ZClass: %s' % ob.id) # Include subobjects. if hasattr(base, 'objectItems'): m = list(ob.objectItems()) items.extend(m) # Try to find ZClasses-in-ZClasses. if hasattr(base, 'propertysheets'): ps = ob.propertysheets if (hasattr(ps, 'methods') and hasattr(ps.methods, 'objectItems')): m = list(ps.methods.objectItems()) items.extend(m) except: LOG.warn('Broken objects exist in product %s.' % product.id, exc_info=sys.exc_info()) return result security.declarePrivate('checkGlobalRegistry') def checkGlobalRegistry(self): """Check the global (zclass) registry for problems, which can be caused by things like disk-based products being deleted. Return true if a problem is found""" try: keys = list(self._p_jar.root()['ZGlobals'].keys()) except: LOG.error( 'A problem was found when checking the global product '\ 'registry. This is probably due to a Product being '\ 'uninstalled or renamed. The traceback follows.', exc_info=sys.exc_info()) return 1 return 0 security.declarePrivate('_setInitializerFlag') def _setInitializerFlag(self, flag): if self._initializer_registry is None: self._initializer_registry = {} self._initializer_registry[flag] = 1 security.declarePrivate('_getInitializerFlag') def _getInitializerFlag(self, flag): reg = self._initializer_registry if reg is None: reg = {} return reg.get(flag)
def test_security_attributes(self): conn = self.db.open() try: app = conn.root()['Application'] f = Folder() f.id = 'Holidays' app._setObject(f.id, f, set_owner=0) f = app.Holidays u = UserFolder() u.id = 'acl_users' f._setObject(u.id, u, set_owner=0) u._doAddUser('shane', 'abcdefg', ('Elder',), ()) f._owner = (['Holidays', 'acl_users'], 'shane') f.__ac_roles__ = ['Elder', 'Manager', 'Missionary'] f.__ac_local_roles__ = {'shane': ['Missionary']} f._proxy_roles = ['Manager'] f._View_Permission = ('Owner', 'Elder') f._Add_Folders_Permission = ['Elder'] transaction.commit() conn2 = self.db.open() try: # Verify that loading works app = conn2.root()['Application'] f2 = app.Holidays user = f2.getOwner() self.assertEqual(user.getUserName(), 'shane') self.assert_('Elder' in user.getRoles()) self.assertEqual( list(f2.__ac_roles__), ['Elder', 'Manager', 'Missionary']) roles = {} for role in list(user.getRolesInContext(f2)): if role != 'Authenticated' and role != 'Anonymous': roles[role] = 1 self.assertEqual(roles, {'Elder':1, 'Missionary':1}) self.assertEqual(tuple(f2._proxy_roles), ('Manager',)) self.assert_(isinstance(f2._View_Permission, TupleType), "View permission should not be acquired") self.assert_(isinstance(f2._Add_Folders_Permission, ListType), "Add Folders permission should be acquired") roles = {} for role in list(f2._View_Permission): roles[role] = 1 self.assertEqual(roles, {'Elder':1, 'Owner':1}) # Write some changes to verify that changes work f2._owner = None del f2._proxy_roles f2.__ac_roles__ += ('Teacher',) transaction.commit() finally: conn2.close() # Make sure the changes are seen conn.sync() self.assert_(f.getOwner() is None, f.getOwner()) self.assert_(not hasattr(f, '_proxy_roles')) self.assertEqual( list(f.__ac_roles__), ['Elder', 'Manager', 'Missionary', 'Teacher']) finally: conn.close()
def getUser(self, name): return UserFolder.getUser(self, name).__of__(self)
def test_security_attributes(self): conn = self.db.open() try: app = conn.root()['Application'] f = Folder() f.id = 'Holidays' app._setObject(f.id, f, set_owner=0) f = app.Holidays u = UserFolder() u.id = 'acl_users' f._setObject(u.id, u, set_owner=0) u._doAddUser('shane', 'abcdefg', ('Elder', ), ()) f._owner = (['Holidays', 'acl_users'], 'shane') f.__ac_roles__ = ['Elder', 'Manager', 'Missionary'] f.__ac_local_roles__ = {'shane': ['Missionary']} f._proxy_roles = ['Manager'] f._View_Permission = ('Owner', 'Elder') f._Add_Folders_Permission = ['Elder'] transaction.commit() conn2 = self.db.open() try: # Verify that loading works app = conn2.root()['Application'] f2 = app.Holidays user = f2.getOwner() self.assertEqual(user.getUserName(), 'shane') self.assert_('Elder' in user.getRoles()) self.assertEqual(list(f2.__ac_roles__), ['Elder', 'Manager', 'Missionary']) roles = {} for role in list(user.getRolesInContext(f2)): if role != 'Authenticated' and role != 'Anonymous': roles[role] = 1 self.assertEqual(roles, {'Elder': 1, 'Missionary': 1}) self.assertEqual(tuple(f2._proxy_roles), ('Manager', )) self.assert_(isinstance(f2._View_Permission, TupleType), "View permission should not be acquired") self.assert_(isinstance(f2._Add_Folders_Permission, ListType), "Add Folders permission should be acquired") roles = {} for role in list(f2._View_Permission): roles[role] = 1 self.assertEqual(roles, {'Elder': 1, 'Owner': 1}) # Write some changes to verify that changes work f2._owner = None del f2._proxy_roles f2.__ac_roles__ += ('Teacher', ) transaction.commit() finally: conn2.close() # Make sure the changes are seen conn.sync() self.assert_(f.getOwner() is None, f.getOwner()) self.assert_(not hasattr(f, '_proxy_roles')) self.assertEqual(list(f.__ac_roles__), ['Elder', 'Manager', 'Missionary', 'Teacher']) finally: conn.close()