def test_constructContent_simple_STI(self):
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.PortalFolder import PortalFolder
from Products.CMFCore.TypesTool \
import ScriptableTypeInformation as STI
from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher
from Products.CMFCore.tests.base.tidata import STI_SCRIPT
from Products.PythonScripts.PythonScript import PythonScript
site = self._makeSite().__of__(self.root)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
sti_baz = STI('Baz',
permission='Add portal content',
constructor_path='addBaz')
tool._setObject('Baz', sti_baz)
script = PythonScript('addBaz')
script.write(STI_SCRIPT)
tool._setObject('addBaz', script)
folder = site._setObject( 'folder', PortalFolder(id='folder') )
folder.manage_addProduct = {'FooProduct':
DummyFactoryDispatcher(folder) }
folder._owner = (['acl_users'], 'user_foo')
self.assertEqual( folder.getOwner(), acl_users.user_foo )
try:
tool.constructContent('Baz', container=folder, id='page2')
except Unauthorized:
self.fail('CMF Collector issue #165 (Ownership bug): '
'Unauthorized raised' )
self.assertEqual(folder.page2.portal_type, 'Baz')
def test__checkPermission(self):
from AccessControl import getSecurityManager
from AccessControl.ImplPython import ZopeSecurityPolicy
from AccessControl.Permission import Permission
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.utils import _checkPermission
setSecurityPolicy(ZopeSecurityPolicy())
site = self._makeSite()
newSecurityManager(None, site.acl_users.user_foo)
o = site.bar_dummy
Permission('View',(),o).setRoles(('Anonymous',))
Permission('WebDAV access',(),o).setRoles(('Authenticated',))
Permission('Manage users',(),o).setRoles(('Manager',))
eo = site.foo_dummy
eo._owner = (['acl_users'], 'all_powerful_Oz')
getSecurityManager().addContext(eo)
self.failUnless( _checkPermission('View', o) )
self.failUnless( _checkPermission('WebDAV access', o) )
self.failIf( _checkPermission('Manage users', o) )
eo._proxy_roles = ('Authenticated',)
self.failIf( _checkPermission('View', o) )
self.failUnless( _checkPermission('WebDAV access', o) )
self.failIf( _checkPermission('Manage users', o) )
eo._proxy_roles = ('Manager',)
self.failIf( _checkPermission('View', o) )
self.failIf( _checkPermission('WebDAV access', o) )
self.failUnless( _checkPermission('Manage users', o) )
def test_constructContent(self):
site = self.site
acl_users = self.acl_users
ttool = self.ttool
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
self.site._owner = (['acl_users'], 'all_powerful_Oz')
sti_baz = STI('Baz',
permission='Add portal content',
constructor_path='addBaz')
ttool._setObject('Baz', sti_baz)
ttool._setObject( 'addBaz', PythonScript('addBaz') )
s = ttool.addBaz
s.write(STI_SCRIPT)
f = site._setObject( 'folder', PortalFolder(id='folder') )
f.manage_addProduct = { 'FooProduct' : DummyFactory(f) }
f._owner = (['acl_users'], 'user_foo')
self.assertEqual( f.getOwner(), acl_users.user_foo )
ttool.constructContent('Dummy Content', container=f, id='page1')
try:
ttool.constructContent('Baz', container=f, id='page2')
except Unauthorized:
self.fail('CMF Collector issue #165 (Ownership bug): '
'Unauthorized raised' )
def test_copy_paste_respects_diversions(self):
# We shouldn't need to do this in the test, but it seems that the functional tests don't get on with it.
# It works fine in the real site, trust me.
collective.diversion.initialize(None)
root = self.layer['app']
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy, OmnipotentUser
_policy=PermissiveSecurityPolicy()
setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(root.acl_users))
old = get_class(bases=[SimpleItem])
new = get_class(bases=[SimpleItem])
conn = self.layer['zodbDB'].open()
conn.root()['Application']['foo'] = old("foo", "bar")
conn.root()._p_jar.transaction_manager.commit()
break_class(old)
diversion.add_diversion(old="collective.diversion.tests.test_translation.%s" % old.__name__,
new="collective.diversion.tests.test_translation.%s" % new.__name__)
root._product_meta_types = tuple([{'name':old.meta_type, 'permission':'View', 'action':'View'}])
root.manage_pasteObjects(root.manage_copyObjects('foo'))
def tearDown( self ):
try:
from transaction import abort
except ImportError:
get_transaction().abort()
else:
abort()
self.connection.close()
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def spoofRequest(app):
"""
Make REQUEST variable to be available on the Zope application server.
This allows acquisition to work properly
"""
_policy = PermissiveSecurityPolicy()
setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
return makerequest(app)
def _restorePolicyAndManager(self):
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
if self._old_mgr is not self._marker:
self.setSecurityManager(self._old_mgr)
else:
noSecurityManager()
if self._old_policy is not self._marker:
setSecurityPolicy(self._old_policy)
def spoof_request(app):
"""
http://docs.plone.org/develop/plone/misc/commandline.html
"""
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy, OmnipotentUser
_policy = PermissiveSecurityPolicy()
setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
return app
def assert_is_checked_via_security_manager(self, pt_content):
from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate
from AccessControl.SecurityManager import setSecurityPolicy
from AccessControl.SecurityManagement import noSecurityManager
pt = ZopePageTemplate('mytemplate', pt_content)
noSecurityManager()
old_security_policy = setSecurityPolicy(UnauthorizedSecurityPolicy())
try:
hack_pt(pt, context=self.portal)
self.assertRaises(Unauthorized, pt.pt_render)
finally:
setSecurityPolicy(old_security_policy)
def test__authorizeUser_force_ok( self ):
zcuf = self._makeOne()
faux = FauxUser( 'faux' )
class PermissiveSP:
def validate( self
, user
, accessed
, container
, name
, value
, roles=None
):
return 1
self._oldSecurityPolicy = setSecurityPolicy( PermissiveSP() )
self.failUnless( zcuf._authorizeUser( faux
, accessed=FauxObject('a')
, container=FauxObject('c')
, name='name'
, value=FauxObject('v')
, roles=()
) )
def _initPolicyAndManager(self, manager=None):
from AccessControl.SecurityManagement import get_ident
from AccessControl.SecurityManagement import _managers
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from AccessControl.ZopeSecurityPolicy import ZopeSecurityPolicy
class UnderprivilegedUser:
""" Anonymous USer for unit testing purposes.
"""
def getId(self):
return 'Underprivileged User'
getUserName = getId
def allowed(self, object, object_roles=None):
return 0
def getRoles(self):
return ()
self._policy = ZopeSecurityPolicy()
self._old_policy = setSecurityPolicy(self._policy)
if manager is None:
thread_id = get_ident()
self._old_mgr = manager=_managers.get(thread_id, self._marker)
newSecurityManager(None, UnderprivilegedUser())
else:
self._old_mgr = self.setSecurityManager(manager)
def main(app):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
# Reindex content catalog
catalog = app.plone.content.catalog
catalog.refreshCatalog(clear=1)
# Reindex lenses catalog
catalog = app.plone.lens_catalog
catalog.refreshCatalog(clear=1)
# clear hit count
htool=app.plone.portal_hitcount
htool.resetHitCounts()
###FIXME resetHitCounts is currently broken: remove this when fixed
objs = app.plone.content.objectValues(['Version Folder','Module Version Folder'])
for ob in objs:
try:
htool.registerObject(ob.id,ob.latest.created)
except IndexError:
# Bad object in content
pass
transaction.commit()
def main(app):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
deCNX(app.plone)
transaction.commit()
def setup(app, path):
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
site = app.unrestrictedTraverse(path)
populateFolder(site, 'Folder', 'Document')
return site
def setUp(self):
cleanUp()
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CompositePage.tests.test_tool import PermissiveSecurityPolicy
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def su(self, username=None):
"""Change to named user. Return to permissive security
policy if no username is given.
"""
if username is None:
self._make_permissive()
print "PermissiveSecurityPolicy put back in place"
return
user = (
self.portal.acl_users.getUser(username) or
self.app.acl_users.getUser(username)
)
if not user:
print "Can't find %s in %s" % (username, self.portal.acl_users)
return
from AccessControl.ZopeSecurityPolicy import ZopeSecurityPolicy
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
_policy = ZopeSecurityPolicy()
self.oldpolicy = setSecurityPolicy(_policy)
wrapped_user = user.__of__(self.portal.acl_users)
newSecurityManager(None, wrapped_user)
print 'User changed.'
return getSecurityManager().getUser()
def setUp(self):
transaction.begin()
self._policy = PermissiveSecurityPolicy()
self._oldPolicy = setSecurityPolicy(self._policy)
self.connection = Zope2.DB.open()
self.root = self.connection.root()[ 'Application' ]
newSecurityManager( None, AnonymousUser().__of__( self.root ) )
def main(app, id, title, dbauser, dbuser, dbname, dbserver, dbport):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
# Add Rhaptos Site
factory = app.manage_addProduct['RhaptosSite']
factory.manage_addRhaptosSite(id,
title=title, description='',
dbauser=dbauser,
dbapass=None,
dbuser=dbuser,
dbpass=None,
dbname=dbname,
dbserver=dbserver,
dbport=dbport and int(dbport) or None)
# Add Virtual Host Entry
app.virtual_hosting.set_map('http://*.cnx.rice.edu/ /'+id+'\nhttp://localhost/ /'+id)
# Apply cnx.org styles
site = getattr(app, id)
site.portal_setup.setImportContext(
'profile-Products.CNXPloneSite:default')
site.portal_setup.manage_importSelectedSteps(
['cnx_install'],
True, # run_dependencies
app.REQUEST.RESPONSE)
transaction.commit()
def main(app, data_dir):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
#uninstallProducts(app.plone)
logger.info('Generating collections list')
generateCollectionsList(app.plone, data_dir)
logger.info('Generating modules list')
generateModulesList(app.plone, data_dir)
logger.info('Deleting groups')
cleanoutGroups(app.plone, data_dir)
transaction.savepoint(optimistic=True)
logger.info('Deleting lenses')
cleanoutLenses(app.plone, data_dir)
transaction.savepoint(optimistic=True)
logger.info('Deleting content')
cleanoutRhaptosContent(app.plone, data_dir)
transaction.savepoint(optimistic=True)
logger.info('Deleting users')
cleanoutUsers(app.plone, data_dir)
transaction.savepoint(optimistic=True)
postCleanoutPopularity(app.plone, data_dir)
transaction.savepoint(optimistic=True)
app.plone.portal_catalog.refreshCatalog(clear=1)
transaction.commit()
def assert_is_checked_via_security_manager(self, pt_content):
from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate
from AccessControl.SecurityManager import setSecurityPolicy
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManagement import getSecurityManager
pt = ZopePageTemplate('mytemplate', pt_content)
noSecurityManager()
old_security_policy = setSecurityPolicy(UnauthorizedSecurityPolicy())
getSecurityManager()
try:
hack_pt(pt, context=self.app)
with self.assertRaises(Unauthorized) as err:
pt.pt_render()
self.assertEqual("Nothing is allowed!", str(err.exception))
finally:
setSecurityPolicy(old_security_policy)
def setUp(self):
from zope.testing.cleanup import cleanUp
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CompositePage.tests.test_tool \
import PermissiveSecurityPolicy
cleanUp()
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def test_constructContent_simple_FTI(self):
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from ..TypesTool import FactoryTypeInformation as FTI
from .base.dummy import DummyFolder
from .base.tidata import FTIDATA_DUMMY
site = self._makeSite().__of__(self.app)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
fti = FTIDATA_DUMMY[0].copy()
tool._setObject('Dummy Content', FTI(**fti))
folder = DummyFolder(id='folder', fake_product=1).__of__(site)
tool.constructContent('Dummy Content', container=folder, id='page1')
self.assertEqual(folder.page1.portal_type, 'Dummy Content')
def spoofRequest(app):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
this_environ = {'SERVER_PORT': '80', 'REQUEST_METHOD': 'GET'}
this_environ["SERVER_NAME"] = environ.get('SERVER_NAME', 'localhost')
if 'VH_ROOT' in environ:
this_environ['VH_ROOT'] = environ['VH_ROOT']
return makerequest(app, environ=this_environ)
def test_constructContent_simple_FTI(self):
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI
from Products.CMFCore.tests.base.dummy import DummyFolder
from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY
site = self._makeSite().__of__(self.root)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
fti = FTIDATA_DUMMY[0].copy()
tool._setObject('Dummy Content', FTI(**fti))
folder = DummyFolder(id='folder', fake_product=1).__of__(site)
tool.constructContent('Dummy Content', container=folder, id='page1')
self.assertEqual(folder.page1.portal_type, 'Dummy Content')
def test_constructContent(self):
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from AccessControl.unauthorized import Unauthorized
from Products.PythonScripts.PythonScript import PythonScript
from Products.CMFCore.PortalFolder import PortalFolder
from Products.CMFCore.TypesTool \
import ScriptableTypeInformation as STI
from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher
from Products.CMFCore.tests.base.tidata import STI_SCRIPT
site = self.site
acl_users = self.acl_users
ttool = self.ttool
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
self.site._owner = (['acl_users'], 'all_powerful_Oz')
sti_baz = STI('Baz',
permission='Add portal content',
constructor_path='addBaz')
ttool._setObject('Baz', sti_baz)
ttool._setObject('addBaz', PythonScript('addBaz'))
s = ttool.addBaz
s.write(STI_SCRIPT)
f = site._setObject('folder', PortalFolder(id='folder'))
f.manage_addProduct = {'FooProduct': DummyFactoryDispatcher(f)}
f._owner = (['acl_users'], 'user_foo')
self.assertEqual(f.getOwner(), acl_users.user_foo)
ttool.constructContent('Dummy Content', container=f, id='page1')
try:
ttool.constructContent('Baz', container=f, id='page2')
except Unauthorized:
self.fail('CMF Collector issue #165 (Ownership bug): '
'Unauthorized raised')
wf = site.portal_workflow.wf
wf.creation_guard.changeFromProperties({'guard_expr': 'python:False'})
try:
ttool.constructContent('Dummy Content', container=f, id='page3')
except Unauthorized, e:
self.assertEqual(str(e), "Cannot create Dummy Content")
def spoofRequest(app):
"""
Make REQUEST variable to be available on the Zope application server.
This allows acquisition to work properly
"""
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy) # noqa
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
return makerequest(app)
def test_filtered_meta_types(self):
class _DummySecurityPolicy(object):
def checkPermission(self, permission, object, context):
return permission == 'addFoo'
om = self._makeOne()
om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'},
{'name': 'Bar', 'permission': 'addBar'},
{'name': 'Baz'})
try:
oldPolicy = setSecurityPolicy(_DummySecurityPolicy())
self.assertEqual(len(om.filtered_meta_types()), 2)
self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo')
self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz')
finally:
noSecurityManager()
setSecurityPolicy(oldPolicy)
def test_filtered_meta_types(self):
class _DummySecurityPolicy(object):
def checkPermission(self, permission, object, context):
return permission == 'addFoo'
om = self._makeOne()
om.all_meta_types = ({'name': 'Foo', 'permission': 'addFoo'},
{'name': 'Bar', 'permission': 'addBar'},
{'name': 'Baz'})
try:
oldPolicy = setSecurityPolicy(_DummySecurityPolicy())
self.assertEqual(len(om.filtered_meta_types()), 2)
self.assertEqual(om.filtered_meta_types()[0]['name'], 'Foo')
self.assertEqual(om.filtered_meta_types()[1]['name'], 'Baz')
finally:
noSecurityManager()
setSecurityPolicy(oldPolicy)
def main():
global app
attr_storage = AttributeStorage()
fss_storage = FileSystemStorage()
app = makerequest(app)
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
global portal, ct
portal = app[ploneid]
setSite(portal)
# Initialization
log('Initialized at', datetime.now().isoformat())
ct = getToolByName(portal, 'portal_catalog')
fssfiles = ct.searchResults({'portal_type':pt})
for fssfile in fssfiles:
log('Migrating: [%s] %s in %s ... ' %(fssfile.portal_type,fssfile.id, fssfile.getPath()))
obj = portal.restrictedTraverse(fssfile.getPath())
try:
f_tp = 'image'
field = obj.Schema()[f_tp]
except KeyError, e:
f_tp = 'file'
field = obj.Schema()[f_tp]
fieldstorage = field.storage
try:
mimetype = field.getContentType(obj)
except:
mimetype = obj.getContentType()
content = StringIO(str(fss_storage.get(f_tp, obj)))
# Cleaning the storage
fss_storage.unset(f_tp, obj)
field.set(obj, content)
field.setContentType(obj, mimetype)
field.setFilename(obj,obj.id)
log('Transaction commit and Data.fs synchronism.')
transaction.commit()
app._p_jar.sync()
def main():
global app
attr_storage = AttributeStorage()
fss_storage = FileSystemStorage()
app = makerequest(app)
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
global portal, ct
portal = app[ploneid]
setSite(portal)
# Initialization
log('Initialized at', datetime.now().isoformat())
ct = getToolByName(portal, 'portal_catalog')
fssfiles = ct.searchResults({'portal_type': pt})
for fssfile in fssfiles:
log('Migrating: [%s] %s in %s ... ' %
(fssfile.portal_type, fssfile.id, fssfile.getPath()))
obj = portal.restrictedTraverse(fssfile.getPath())
try:
f_tp = 'image'
field = obj.Schema()[f_tp]
except KeyError, e:
f_tp = 'file'
field = obj.Schema()[f_tp]
fieldstorage = field.storage
try:
mimetype = field.getContentType(obj)
except:
mimetype = obj.getContentType()
content = StringIO(str(fss_storage.get(f_tp, obj)))
# Cleaning the storage
fss_storage.unset(f_tp, obj)
field.set(obj, content)
field.setContentType(obj, mimetype)
field.setFilename(obj, obj.id)
log('Transaction commit and Data.fs synchronism.')
transaction.commit()
app._p_jar.sync()
def su_zope(app):
logger = logging.getLogger('collective.generic.devmode.su_zope')
logger.debug('start')
from AccessControl.SpecialUsers import system
from AccessControl.SecurityManagement import newSecurityManager
newSecurityManager(None, system)
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
logger.debug('end')
def test_constructContent_FTI_w_wftool_w_workflow_w_guard_denies(self):
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI
from Products.CMFCore.tests.base.dummy import DummyFolder
from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY
site = self._makeSite().__of__(self.root)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
fti = FTIDATA_DUMMY[0].copy()
tool._setObject('Dummy Content', FTI(**fti))
folder = DummyFolder(id='folder', fake_product=1).__of__(site)
tool.portal_workflow = DummyWorkflowTool(DummyWorkflow(False))
self.assertRaises(Unauthorized,
tool.constructContent,
'Dummy Content', container=folder, id='page1')
def test_constructContent_FTI_w_wftool_w_workflow_w_guard_denies(self):
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.TypesTool import FactoryTypeInformation as FTI
from Products.CMFCore.tests.base.dummy import DummyFolder
from Products.CMFCore.tests.base.tidata import FTIDATA_DUMMY
site = self._makeSite().__of__(self.root)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
fti = FTIDATA_DUMMY[0].copy()
tool._setObject('Dummy Content', FTI(**fti))
folder = DummyFolder(id='folder', fake_product=1).__of__(site)
tool.portal_workflow = DummyWorkflowTool(DummyWorkflow(False))
self.assertRaises(Unauthorized,
tool.constructContent,
'Dummy Content', container=folder, id='page1')
def setImplementation(name):
"""Select the policy implementation to use. The 'name' must be either
'PYTHON' or 'C'. NOTE: this function is intended to be called
exactly once, so that the Zope config file can dictate the policy
implementation to be used. Subsequent calls to this function will
have no effect!!
"""
import sys
global _implementation_name
global _implementation_set
if _implementation_set:
return
name = name.upper()
if name == _implementation_name:
return
if name == "C":
from AccessControl import ImplC as impl
elif name == "PYTHON":
from AccessControl import ImplPython as impl
else:
raise ValueError("unknown policy implementation: %r" % name)
_implementation_name = name
for modname, names in _policy_names.items():
__import__(modname)
mod = sys.modules[modname]
for n in names:
setattr(mod, n, getattr(impl, n))
if hasattr(mod, "initialize"):
mod.initialize(impl)
from AccessControl.SecurityManager import setSecurityPolicy
policy = impl.ZopeSecurityPolicy(True, True)
setSecurityPolicy(policy)
_implementation_set = 1
def main(app, connection_string):
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
try:
da = app.devrep
except: # If server is down, try again, only throws one error
da = app.devrep
da.connection_string = connection_string
transaction.commit()
print "Connected %s to '%s'" % (da.connected(), da.connection_string)
def _make_permissive(self):
"""
Make a permissive security manager with all rights. Hell,
we're developers, aren't we? Security is for whimps. :)
"""
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy
import AccessControl
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
_policy = PermissiveSecurityPolicy()
self.oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, AccessControl.User.system)
def spoofRequest(app):
"""
Make REQUEST variable to be available on the Zope application server.
This allows acquisition to work properly
"""
_policy=PermissiveSecurityPolicy()
_oldpolicy=setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
info = {'SERVER_NAME': 'isaw4.atlantides.org',
'SERVER_PORT': '8083',
'REQUEST_METHOD': 'GET'}
return makerequest(app, environ=info)
def __init__(self):
"""
"""
app = makerequest(app)
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
self.site = app[ploneid]
setSite(self.site)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
self.catalog = getToolByName(site, 'portal_catalog')
self.searchfiles = self.catalog.searchResults(portal_type='File')
def _make_permissive(self):
"""
Make a permissive security manager with all rights. Hell,
we're developers, aren't we? Security is for whimps. :)
"""
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy
import AccessControl
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
_policy = PermissiveSecurityPolicy()
self.oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, AccessControl.User.system)
def __init__(self):
"""
"""
app = makerequest(app)
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
self.site = app[ploneid]
setSite(self.site)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
self.catalog = getToolByName(site, 'portal_catalog')
self.searchfiles = self.catalog.searchResults(portal_type='File')
def setImplementation(name):
"""Select the policy implementation to use. The 'name' must be either
'PYTHON' or 'C'. NOTE: this function is intended to be called
exactly once, so that the Zope config file can dictate the policy
implementation to be used. Subsequent calls to this function will
have no effect!!
"""
import sys
global _implementation_name
global _implementation_set
if _implementation_set:
return
name = name.upper()
if name == _implementation_name:
return
if name == "C":
from AccessControl import ImplC as impl # NOQA
elif name == "PYTHON":
from AccessControl import ImplPython as impl # NOQA
else:
raise ValueError("unknown policy implementation: %r" % name)
_implementation_name = name
for modname, names in _policy_names.items():
__import__(modname)
mod = sys.modules[modname]
for n in names:
setattr(mod, n, getattr(impl, n))
if hasattr(mod, "initialize"):
mod.initialize(impl)
from AccessControl.SecurityManager import setSecurityPolicy
policy = impl.ZopeSecurityPolicy(True, True)
setSecurityPolicy(policy)
_implementation_set = 1
def spoofRequest(app):
"""
Make REQUEST variable to be available on the Zope application server.
This allows acquisition to work properly
"""
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
info = {
'SERVER_NAME': 'isaw4.atlantides.org',
'SERVER_PORT': '8083',
'REQUEST_METHOD': 'GET'
}
return makerequest(app, environ=info)
def test_constructContent_simple_STI(self):
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.PortalFolder import PortalFolder
from Products.CMFCore.TypesTool \
import ScriptableTypeInformation as STI
from Products.CMFCore.tests.base.dummy import DummyFactoryDispatcher
from Products.CMFCore.tests.base.tidata import STI_SCRIPT
from Products.PythonScripts.PythonScript import PythonScript
site = self._makeSite().__of__(self.root)
acl_users = site.acl_users
setSecurityPolicy(self._oldPolicy)
newSecurityManager(None, acl_users.all_powerful_Oz)
tool = self._makeOne().__of__(site)
sti_baz = STI('Baz',
permission='Add portal content',
constructor_path='addBaz')
tool._setObject('Baz', sti_baz)
script = PythonScript('addBaz')
script.write(STI_SCRIPT)
tool._setObject('addBaz', script)
folder = site._setObject('folder', PortalFolder(id='folder'))
folder.manage_addProduct = {
'FooProduct': DummyFactoryDispatcher(folder)
}
folder._owner = (['acl_users'], 'user_foo')
self.assertEqual(folder.getOwner(), acl_users.user_foo)
try:
tool.constructContent('Baz', container=folder, id='page2')
except Unauthorized:
self.fail('CMF Collector issue #165 (Ownership bug): '
'Unauthorized raised')
self.assertEqual(folder.page2.portal_type, 'Baz')
def test_FakeExecutableObject(self):
from AccessControl import getSecurityManager
from AccessControl.ImplPython import ZopeSecurityPolicy
from AccessControl.Permission import Permission
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from Products.CMFCore.utils import FakeExecutableObject
setSecurityPolicy(ZopeSecurityPolicy())
site = self._makeSite()
newSecurityManager(None, site.acl_users.user_foo)
obj = site.bar_dummy
Permission('FOO', (), obj).setRoles(('FOO_ROLE',))
sm = getSecurityManager()
self.assertFalse(sm.checkPermission('FOO', obj))
eo = FakeExecutableObject(('FOO_ROLE',))
sm.addContext(eo)
try:
self.assertTrue(sm.checkPermission('FOO', obj))
finally:
sm.removeContext(eo)
self.assertFalse(sm.checkPermission('FOO', obj))
def main(app, license_url, workspaces=None):
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
for wgname in workspaces:
wg = app.plone.GroupWorkspaces[wgname]
print wgname
for m in wg.objectValues():
if m.state == 'published':
print 'Skipping published: ', m.id
else:
print ' ', m.id
m.license = license_url
transaction.commit()
def setUp(self):
self.root = Folder()
self.root.getPhysicalPath = lambda: ()
self.root.getPhysicalRoot = lambda r=self.root: r
self.root.composite_tool = CompositeTool()
self.tool = self.root.composite_tool
self.tool._check_security = 0
self.root.slot = Slot("slot")
self.slot = self.root.slot
f = Folder()
f._setId("f")
self.slot._setObject(f.id, f)
g = Folder()
g._setId("g")
self.slot._setObject(g.id, g)
self.root.otherslot = Slot("otherslot")
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def setUp(self):
try:
import Zope2 as Zope
except ImportError:
import Zope
if hasattr(Zope, 'startup'):
Zope.startup()
try:
from transaction import begin
except ImportError:
get_transaction().begin()
else:
begin()
self._policy = PermissiveSecurityPolicy()
self._oldPolicy = setSecurityPolicy(self._policy)
self.connection = Zope.DB.open()
self.root = self.connection.root()['Application']
newSecurityManager(None, OmnipotentUser().__of__(self.root))
def setUp(self):
f = Folder()
f.getPhysicalPath = lambda: ()
f.getPhysicalRoot = lambda f=f: f
f.composite = Composite()
f.composite._setId("composite")
t = ZopePageTemplate(
id="template", text=template_text, content_type="text/html")
if t.pt_errors():
raise SyntaxError(t.pt_errors())
f.composite.template = t
f.composite.filled_slots.slot_a = slot_a = Slot("slot_a")
a1 = ZopePageTemplate(id="a1", text="<b>Slot A</b>")
f._setObject(a1.id, a1)
e1 = CompositeElement('e1', f.a1)
slot_a._setObject(e1.id, e1)
self.composite = f.composite
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def su(self, username):
""" Change to named user.
"""
# TODO Make it easy to change back to permissive security.
user = self.portal.acl_users.getUser(username)
if not user:
print "Can't find %s in %s" % (username, self.portal.acl_users)
return
from AccessControl import ZopeSecurityPolicy
import AccessControl
from AccessControl.SecurityManagement import newSecurityManager, getSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
_policy = ZopeSecurityPolicy
self.oldpolicy = setSecurityPolicy(_policy)
wrapped_user = user.__of__(self.portal.acl_users)
newSecurityManager(None, user)
print 'User changed.'
return getSecurityManager().getUser()
def main(app, connection_string):
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, EvenMoreOmnipotentUser().__of__(app.acl_users))
app = makerequest(app)
da = app.devrep
retry = -1
while retry < 0:
try:
da.edit(da.title,
connection_string,
da.zdatetime,
check=True,
tilevel=da.tilevel,
encoding=da.encoding,
ustrings=da.ustrings)
break
except:
# First time failing. Trying to use old cnx_str
retry += 1
transaction.commit()
transaction.commit()
def setUp(self):
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManager import setSecurityPolicy
from OFS.Folder import Folder
from Products.CompositePage.slot import Slot
from Products.CompositePage.tool import CompositeTool
self.root = Folder()
self.root.getPhysicalPath = lambda: ()
self.root.getPhysicalRoot = lambda r=self.root: r
self.root.composite_tool = CompositeTool()
self.tool = self.root.composite_tool
self.tool._check_security = 0
self.root.slot = Slot("slot")
self.slot = self.root.slot
f = Folder()
f._setId("f")
self.slot._setObject(f.id, f)
g = Folder()
g._setId("g")
self.slot._setObject(g.id, g)
self.root.otherslot = Slot("otherslot")
self.old_policy = setSecurityPolicy(PermissiveSecurityPolicy())
noSecurityManager()
def test__authorizeUser_force_no_way(self):
zcuf = self._makeOne()
faux = FauxUser('faux')
class ParanoidSP:
def validate(self,
user,
accessed,
container,
name,
value,
roles=None):
return 0
self._oldSecurityPolicy = setSecurityPolicy(ParanoidSP())
self.failIf(
zcuf._authorizeUser(faux,
accessed=FauxObject('a'),
container=FauxObject('c'),
name='name',
value=FauxObject('v'),
roles=()))
def tearDown(self):
transaction.abort()
self.connection.close()
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def tearDown(self):
if self._oldSecurityPolicy is not None:
setSecurityPolicy(self._oldSecurityPolicy)
noSecurityManager()
def tearDown(self):
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
def spoofRequest(app):
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
return makerequest(app)
def tearDown(self):
noSecurityManager()
setSecurityPolicy(self._oldPolicy)
TransactionalTest.tearDown(self)
def setUp(self):
TransactionalTest.setUp(self)
self._policy = PermissiveSecurityPolicy()
self._oldPolicy = setSecurityPolicy(self._policy)
newSecurityManager(None, AnonymousUser().__of__(self.app.acl_users))
def tearDown(self):
setSecurityPolicy(self.old_policy)
noSecurityManager()
from Products.CMFCore.tests.base.security import PermissiveSecurityPolicy
from Products.CMFCore.tests.base.security import OmnipotentUser
from Products.CMFCore.utils import getToolByName
from zope.app.component.hooks import setSite
from Acquisition import aq_base
from datetime import datetime
from AccessControl.SecurityManagement import noSecurityManager
attr_storage = AttributeStorage()
ploneid = 'essintra'
pt = ('File', )
app = makerequest(app)
_policy = PermissiveSecurityPolicy()
_oldpolicy = setSecurityPolicy(_policy)
newSecurityManager(None, OmnipotentUser().__of__(app.acl_users))
portal = app[ploneid]
setSite(portal)
print 'Iniciado as ',
print datetime.now().isoformat()
ct = getToolByName(portal, 'portal_catalog')
arquivos = ct.searchResults({'portal_type': pt})
for arq in arquivos:
print 'Populando: %s em %s ... ' % (arq.id, arq.getPath()),
obj = portal.restrictedTraverse(arq.getPath())
