def test_checkPermission_delegated_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission, even if that object's # authorization has been delegated. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) # Delegate auth for Object to AnotherObject{One,Two}. permission = self.factory.getUniqueString() self.useFixture( ZopeAdapterFixture(Delegate, [Object], name=permission)) # Allow auth to AnotherObjectOne. self.useFixture( ZopeAdapterFixture( Allow, [AnotherObjectOne], name=Delegate.permission)) # Deny auth to AnotherObjectTwo. self.useFixture( ZopeAdapterFixture( Deny, [AnotherObjectTwo], name=Delegate.permission)) # Calling checkPermission() populates the participation cache. objecttoauthorize = Object() policy.checkPermission(permission, objecttoauthorize) # It contains results for objecttoauthorize and the two objects that # its authorization was delegated to. cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_KEY] cache_expected = { objecttoauthorize: {permission: False}, Delegate.object_one: {Delegate.permission: True}, Delegate.object_two: {Delegate.permission: False}, } self.assertEqual(cache_expected, dict(cache))
def setUp(self): zope.testing.cleanup.cleanUp() cls = TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel super(cls, self).setUp() self.principal = LaunchpadPrincipal( '*****@*****.**', 'foo', 'foo', object()) self.security = LaunchpadSecurityPolicy() provideAdapter( adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer) self.addCleanup(zope.testing.cleanup.cleanUp)
class TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel(TestCase): def setUp(self): zope.testing.cleanup.cleanUp() cls = TestLaunchpadSecurityPolicy_getPrincipalsAccessLevel super(cls, self).setUp() self.principal = LaunchpadPrincipal( '*****@*****.**', 'foo', 'foo', object()) self.security = LaunchpadSecurityPolicy() provideAdapter( adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer) self.addCleanup(zope.testing.cleanup.cleanUp) def test_no_scope(self): """Principal's access level is used when no scope is given.""" self.principal.access_level = AccessLevel.WRITE_PUBLIC self.principal.scope = None self.failUnlessEqual( self.security._getPrincipalsAccessLevel( self.principal, LoneObject()), self.principal.access_level) def test_object_within_scope(self): """Principal's access level is used when object is within scope.""" obj = LoneObject() self.principal.access_level = AccessLevel.WRITE_PUBLIC self.principal.scope = obj self.failUnlessEqual( self.security._getPrincipalsAccessLevel(self.principal, obj), self.principal.access_level) def test_object_not_within_scope(self): """READ_PUBLIC is used when object is /not/ within scope.""" obj = LoneObject() obj2 = LoneObject() # This is out of obj's scope. self.principal.scope = obj self.principal.access_level = AccessLevel.WRITE_PUBLIC self.failUnlessEqual( self.security._getPrincipalsAccessLevel(self.principal, obj2), AccessLevel.READ_PUBLIC) self.principal.access_level = AccessLevel.READ_PRIVATE self.failUnlessEqual( self.security._getPrincipalsAccessLevel(self.principal, obj2), AccessLevel.READ_PUBLIC) self.principal.access_level = AccessLevel.WRITE_PRIVATE self.failUnlessEqual( self.security._getPrincipalsAccessLevel(self.principal, obj2), AccessLevel.READ_PUBLIC)
def test_checkPermission_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) # A subsequent identical call does not call the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self): # Committing a transaction clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) transaction.commit() # After committing a transaction, the policy calls # checkUnauthenticated again rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self): # Calling clearSecurityPolicyCache on the request clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) request.clearSecurityPolicyCache() # After clearing the cache the policy calls checkUnauthenticated # again. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self): # Setting the principal on the request clears the cache of results # (this is important during login). principal = FakeLaunchpadPrincipal() request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated'], checker_factory.calls) request.setPrincipal(principal) # After setting the principal, the policy calls checkAuthenticated # rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', ('checkAuthenticated', principal.person)], checker_factory.calls)
def test_checkPermission_cache_unauthenticated(self): # checkPermission caches the result of checkUnauthenticated for a # particular object and permission. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) # A subsequent identical call does not call the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_commit_clears_cache(self): # Committing a transaction clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) transaction.commit() # After committing a transaction, the policy calls # checkUnauthenticated again rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_clearSecurityPolicyCache_resets_cache(self): # Calling clearSecurityPolicyCache on the request clears the cache. request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission for the first time, the security policy # calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) request.clearSecurityPolicyCache() # After clearing the cache the policy calls checkUnauthenticated # again. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkPermission_setPrincipal_resets_cache(self): # Setting the principal on the request clears the cache of results # (this is important during login). principal = FakeLaunchpadPrincipal() request = self.makeRequest() policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkPermission before setting the principal, the # security policy calls checkUnauthenticated on the checker. policy.checkPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) request.setPrincipal(principal) # After setting the principal, the policy calls checkAuthenticated # rather than finding a value in the cache. policy.checkPermission(permission, obj) self.assertEqual( ['checkUnauthenticated', ('checkAuthenticated', principal.person)], checker_factory.calls)
def test_checkUnauthenticatedPermission_commit_clears_cache(self): # Committing a transaction clears the cache. # We set a principal to ensure that it is not used even if set. provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility) zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility, (IPlacelessAuthUtility, )) principal = FakeLaunchpadPrincipal() request = self.makeRequest() request.setPrincipal(principal) policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkUnauthenticatedPermission before setting the # principal, the security policy calls checkUnauthenticated on the # checker. policy.checkUnauthenticatedPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) transaction.commit() # After committing a transaction, the policy calls # checkUnauthenticated again rather than finding a value in the cache. policy.checkUnauthenticatedPermission(permission, obj) self.assertEqual(['checkUnauthenticated', 'checkUnauthenticated'], checker_factory.calls)
def test_checkUnauthenticatedPermission_cache_unauthenticated(self): # checkUnauthenticatedPermission caches the result of # checkUnauthenticated for a particular object and permission. # We set a principal to ensure that it is not used even if set. provideUtility(PlacelessAuthUtility(), IPlacelessAuthUtility) zope.testing.cleanup.addCleanUp(ztapi.unprovideUtility, (IPlacelessAuthUtility, )) principal = FakeLaunchpadPrincipal() request = self.makeRequest() request.setPrincipal(principal) policy = LaunchpadSecurityPolicy(request) obj, permission, checker_factory = ( self.getObjectPermissionAndCheckerFactory()) # When we call checkUnauthenticatedPermission for the first time, # the security policy calls the checker. policy.checkUnauthenticatedPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) # A subsequent identical call does not call the checker. policy.checkUnauthenticatedPermission(permission, obj) self.assertEqual(['checkUnauthenticated'], checker_factory.calls) # The result is stored in the correct cache. cache = request.annotations[LAUNCHPAD_SECURITY_POLICY_CACHE_UNAUTH_KEY] self.assertEqual({obj: {permission: False}}, dict(cache))
def setUp(self): self.principal = LaunchpadPrincipal( '*****@*****.**', 'foo', 'foo', object()) self.security = LaunchpadSecurityPolicy() provideAdapter( adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)
def setUp(self): self.principal = LaunchpadPrincipal('*****@*****.**', 'foo', 'foo', object()) self.security = LaunchpadSecurityPolicy() provideAdapter(adapt_loneobject_to_container, [ILoneObject], ILaunchpadContainer)