def testProxyRoleScope(self):
self.a.subobject = ImplictAcqObject()
subobject = self.a.subobject
subobject.acl_users = UserFolder()
subobject.acl_users._doAddUser('theowner', 'password',
eo_roles + sysadmin_roles, ())
subobject.item = UnprotectedSimpleItem()
subitem = subobject.item
subitem.owned_setuid_m = OwnedSetuidMethod()
subitem.getPhysicalRoot = lambda root=self.a: root
item = self.a.item
item.getPhysicalRoot = lambda root=self.a: root
self.context.stack.append(subitem.owned_setuid_m.__of__(subitem))
# Out of owner context
self.assertPolicyAllows(item, 'public_m')
self.assertPolicyDenies(item, 'protected_m')
self.assertPolicyDenies(item, 'owned_m')
self.assertPolicyAllows(item, 'setuid_m')
self.assertPolicyDenies(item, 'dangerous_m')
# Inside owner context
self.assertPolicyAllows(subitem, 'public_m')
self.assertPolicyDenies(subitem, 'protected_m')
self.assertPolicyDenies(subitem, 'owned_m')
self.assertPolicyAllows(subitem, 'setuid_m')
self.assertPolicyAllows(subitem, 'dangerous_m')
def test_checkPermission_proxy_role_scope(self):
self.a.subobject = ImplictAcqObject()
subobject = self.a.subobject
subobject.acl_users = UserFolder()
subobject.acl_users._doAddUser('theowner', 'password',
eo_roles + sysadmin_roles, ())
subobject.r_item = RestrictedSimpleItem()
r_subitem = subobject.r_item
r_subitem.owned_setuid_m = OwnedSetuidMethod()
r_subitem.getPhysicalRoot = lambda root=self.a: root
r_item = self.a.r_item
r_item.getPhysicalRoot = lambda root=self.a: root
context = self.context
context.stack.append(r_subitem.owned_setuid_m.__of__(r_subitem))
# Out of owner context
self.assertFalse(self.policy.checkPermission('View', r_item, context))
self.assertFalse(self.policy.checkPermission('Kill', r_item, context))
# Inside owner context
self.assertFalse(self.policy.checkPermission('View',
r_subitem,
context))
self.assertTrue(self.policy.checkPermission('Kill',
r_subitem,
context))
def setUp(self):
a = App()
self.a = a
a.item = UnprotectedSimpleItem()
a.itemb = UnprotectedSimpleItemBool()
self.item = a.item
a.r_item = RestrictedSimpleItem()
a.item1 = PartlyProtectedSimpleItem1()
a.item2 = PartlyProtectedSimpleItem2()
a.item3 = PartlyProtectedSimpleItem3()
uf = UserFolder()
a.acl_users = uf
self.uf = a.acl_users
uf._doAddUser('joe', 'password', user_roles, ())
uf._doAddUser('theowner', 'password', eo_roles, ())
user = uf.getUserById('joe')
self.user = user
context = SecurityContext(user)
self.context = context
self.policy = self._makeOne()
def setUp(self):
from AccessControl.owner import UnownableOwner
from AccessControl.userfolder import UserFolder
super(OwnershipChangeTests, self).setUp()
self.root = FauxRoot()
self.root.acl_users = UserFolder()
self.uf = self.root.acl_users
self.uf._doAddUser('user1', 'xxx', ['role1'], [])
self.uf._doAddUser('user2', 'xxx', ['role1'], [])
self.root.unownable = Folder('unownable')
self.root.unownable._owner = UnownableOwner
self.root.parent = Folder('parent')
parent = self.root.parent
parent._owner = (['acl_users'], 'user1')
parent._setObject('child', Folder('child'))
parent.child._owner = (['acl_users'], 'user1')
parent.child._setObject('grandchild', Folder('grandchild'))
parent.child.grandchild._owner = (['acl_users'], 'user1')