def test_test(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
auth.registerPrincipal(User('user2'))
# setup some fake permissions to the test principals
prinperG.grantPermissionToPrincipal('read', 'user1')
prinperG.grantPermissionToPrincipal('zope.Nothing', 'user2')
# set up interactions
interaction_user1 = self._get_interaction('user1')
interaction_user2 = self._get_interaction('user2')
# get the object being secured
compute = self.make_compute()
eq_(compute.architecture, 'linux')
# get the proxies for the corresponding interactions
compute_proxy_user1 = proxy_factory(compute, interaction_user1)
compute_proxy_user2 = proxy_factory(compute, interaction_user2)
# check an authorized access
eq_(compute_proxy_user1.architecture, 'linux')
# check an unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user2.architecture, 'linux')
# check a default unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user1.state, 'active')
def test_test(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('user1'))
auth.registerPrincipal(User('user2'))
# setup some fake permissions to the test principals
prinperG.grantPermissionToPrincipal('read', 'user1')
prinperG.grantPermissionToPrincipal('zope.Nothing', 'user2')
# set up interactions
interaction_user1 = self._get_interaction('user1')
interaction_user2 = self._get_interaction('user2')
# get the object being secured
compute = self.make_compute()
eq_(compute.architecture, 'linux')
# get the proxies for the corresponding interactions
compute_proxy_user1 = proxy_factory(compute, interaction_user1)
compute_proxy_user2 = proxy_factory(compute, interaction_user2)
# check an authorized access
eq_(compute_proxy_user1.architecture, 'linux')
# check an unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user2.architecture, 'linux')
# check a default unauthorized access
with assert_raises(Unauthorized):
eq_(compute_proxy_user1.state, 'active')
def create_special_principals():
auth = queryUtility(IAuthentication)
auth.registerPrincipal(User('oms.anonymous'))
groot = Group('root')
auth.registerPrincipal(groot)
root = User('root')
root.groups.append('root')
auth.registerPrincipal(root)
# TODO: create/use a global registry of permissions
permissions = ['read', 'modify', 'create', 'add', 'remove', 'delete', 'view', 'traverse',
'zope.Security']
root_role = Role('root', 'root')
provideUtility(root_role, IRole, 'root')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'root')
principalRoleManager.assignRoleToPrincipal('root', 'root')
owner_role = Role('owner', 'o')
provideUtility(owner_role, IRole, 'owner')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'owner')
for permission in permissions:
rolePermissionManager.grantPermissionToRole(permission, 'root')
rolePermissionManager.grantPermissionToRole(permission, 'owner')
auth.registerPrincipal(User('oms.rest_options'))
principalPermissionManager.grantPermissionToPrincipal('rest', 'oms.rest_options')
def testManyPrincipalsOnePermission(self):
perm1 = definePermission('Perm One', 'title').id
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.assertTrue((prin1, Allow) in principals)
self.assertTrue((prin2, Deny) in principals)
def test_schema(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('userSchema'))
prinperG.grantPermissionToPrincipal('read', 'userSchema')
prinperG.grantPermissionToPrincipal('modify', 'userSchema')
interaction = self._get_interaction('userSchema')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(model_to_dict(compute), model_to_dict(compute_proxy))
def test_schema(self):
auth = getUtility(IAuthentication, context=None)
auth.registerPrincipal(User('userSchema'))
prinperG.grantPermissionToPrincipal('read', 'userSchema')
prinperG.grantPermissionToPrincipal('modify', 'userSchema')
interaction = self._get_interaction('userSchema')
# get the object being secured
compute = self.make_compute()
compute_proxy = proxy_factory(compute, interaction)
eq_(model_to_dict(compute), model_to_dict(compute_proxy))
def testManyPermissionsOnePrincipal(self):
perm1 = definePermission('Perm One', 'title').id
perm2 = definePermission('Perm Two', 'title').id
prin1 = self._make_principal()
manager.grantPermissionToPrincipal(perm1, prin1)
manager.grantPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.assertTrue((perm1, Allow) in perms)
self.assertTrue((perm2, Allow) in perms)
manager.denyPermissionToPrincipal(perm2, prin1)
perms = manager.getPermissionsForPrincipal(prin1)
self.assertEqual(len(perms), 2)
self.assertTrue((perm1, Allow) in perms)
self.assertTrue((perm2, Deny) in perms)
perms = manager.getPrincipalsAndPermissions()
self.assertTrue((perm1, prin1, Allow) in perms)
self.assertTrue((perm2, prin1, Deny) in perms)
def create_special_principals():
auth = queryUtility(IAuthentication)
auth.registerPrincipal(User('oms.anonymous'))
groot = Group('root')
auth.registerPrincipal(groot)
root = User('root')
root.groups.append('root')
auth.registerPrincipal(root)
# TODO: create/use a global registry of permissions
permissions = [
'read', 'modify', 'create', 'add', 'remove', 'delete', 'view',
'traverse', 'zope.Security'
]
root_role = Role('root', 'root')
provideUtility(root_role, IRole, 'root')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'root')
principalRoleManager.assignRoleToPrincipal('root', 'root')
owner_role = Role('owner', 'o')
provideUtility(owner_role, IRole, 'owner')
for perm in permissions:
rolePermissionManager.grantPermissionToRole(perm, 'owner')
for permission in permissions:
rolePermissionManager.grantPermissionToRole(permission, 'root')
rolePermissionManager.grantPermissionToRole(permission, 'owner')
auth.registerPrincipal(User('oms.rest_options'))
principalPermissionManager.grantPermissionToPrincipal(
'rest', 'oms.rest_options')
def testPrincipalPermission(self):
permission = definePermission('APerm', 'title').id
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's empty and a default
# passed in
self.assertEqual(manager.getSetting(permission, principal, 1), 1)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
