def test_edit_package_build(self): # An authenticated user who belongs to the owning archive team # can edit the build. login_person(self.package_build.archive.owner) self.assertTrue(checkPermission('launchpad.View', self.package_build)) self.assertTrue(checkPermission('launchpad.Edit', self.package_build)) # But other users cannot. other_person = self.factory.makePerson() login_person(other_person) self.assertTrue(checkPermission('launchpad.View', self.package_build)) self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_distro_owner_have_launchpad_Edit(self): sourcepackage = self.factory.makeSourcePackage() with person_logged_in(sourcepackage.distribution.owner): self.assertTrue( checkPermission('launchpad.Edit', sourcepackage), "Distribution owner should have launchpad.Edit on source " "packages.")
def test_user_with_account_age_can_edit(self): person = self.factory.makePerson() naked_account = removeSecurityProxy(person.account) naked_account.date_created = ( naked_account.date_created - timedelta(days=10)) with person_logged_in(person): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def get_file(self, name): if not checkPermission('zope.View', self.context): raise Unauthorized(name) handler = IImageMiniaturizer(self.context, None) if handler is not None: return handler.get(name) return None
def test_private_bug_subscriber_can_edit(self): person = self.factory.makePerson() with admin_logged_in() as admin: self.bug.setPrivate(True, admin) self.bug.subscribe(person, admin) with person_logged_in(person): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def __call__(node, request): if not checkPermission(permission, node.context): # You are not allowed here. if IUnauthenticatedPrincipal.providedBy(request.principal): raise Unauthorized raise Forbidden return method(node, request)
def test_admins_have_launchpad_Edit(self): admin = self.factory.makeAdministrator() sourcepackage = self.factory.makeSourcePackage() with person_logged_in(admin): self.assertTrue( checkPermission('launchpad.Edit', sourcepackage), "Administrators should have launchpad.Edit on source " "packages.")
def test_john_doe_cannot_edit(self): sourcepackage = self.factory.makeSourcePackage() john_doe = self.factory.makePerson() with person_logged_in(john_doe): self.failIf( checkPermission('launchpad.Edit', sourcepackage), "Random user shouldn't have launchpad.Edit on source " "packages.")
def test_checkPermission_forbidden_policy(self): from zope.security import checkPermission from zope.security.checker import CheckerPublic from zope.security.management import setSecurityPolicy from zope.security.management import newInteraction obj = object() class ForbiddenPolicyStub(object): def checkPermission(s, p, o): return False setSecurityPolicy(ForbiddenPolicyStub) newInteraction() self.assertEqual(checkPermission('zope.Test', obj), False) self.assertEqual(checkPermission(None, obj), True) self.assertEqual(checkPermission(CheckerPublic, obj), True)
def test_checkPermission_forbidden_policy(self): from zope.security import checkPermission from zope.security.checker import CheckerPublic from zope.security.management import setSecurityPolicy from zope.security.management import newInteraction obj = object() class ForbiddenPolicyStub(object): def checkPermission(s, p, o): return False setSecurityPolicy(ForbiddenPolicyStub) newInteraction() self.assertEqual(checkPermission("zope.Test", obj), False) self.assertEqual(checkPermission(None, obj), True) self.assertEqual(checkPermission(CheckerPublic, obj), True)
def test_uploader_has_launchpad_edit(self): sourcepackage = self.factory.makeSourcePackage() uploader = self.factory.makePerson() archive = sourcepackage.get_default_archive() with person_logged_in(sourcepackage.distribution.main_archive.owner): archive.newPackageUploader(uploader, sourcepackage.name) with person_logged_in(uploader): self.assertTrue( checkPermission('launchpad.Edit', sourcepackage), "Uploader to the package should have launchpad.Edit on " "source packages.")
def test_uploader_have_launchpad_edit_on_supported_series(self): supported_series = self.factory.makeDistroSeries( status=SeriesStatus.SUPPORTED) sourcepackage = self.factory.makeSourcePackage( distroseries=supported_series) uploader = self.factory.makePerson() archive = sourcepackage.get_default_archive() with person_logged_in(sourcepackage.distribution.main_archive.owner): archive.newPackageUploader(uploader, sourcepackage.name) with person_logged_in(uploader): self.assertTrue( checkPermission('launchpad.Edit', sourcepackage), "Uploader to the package should have launchpad.Edit on " "source packages in a SUPPORTED series.")
def navtreequery(self): self.intid = getUtility(IIntIds) self.current = absoluteURL(self.context, self.request) root = self.request.form.get('root') if root == u"source" or not root: node = getSite() else: node = self.intid.queryObject(int(root)) if not node: raise NotImplementedError("Unexisiting node.") if (root == u"source" or not root) and checkPermission(grok.name.bind().get(security.CanAddContent), self.context): # if we look at the site root, add in a root node which allows us to return to the site root/index easily return self._buildTreeWithRoot(node) else: return self._buildTree(node)
def __call__(self): item = IHarvestedRSSItem(self.context) self.title = item.title self.description = item.summary self.url = item.url self.author = item.author self.source = item.sourceTitle self.feedTitle = u"" self.ratable = IRatable.providedBy(self.context) self.saveable = ISaveable.providedBy(self.context) self.canSave = self.saveable and checkPermission('gadoz.portfolio.Save', self.context) self.showActions = self.ratable or self.saveable return self.template()
def test_uploader_has_launchpad_edit_on_obsolete_series(self): obsolete_series = self.factory.makeDistroSeries( status=SeriesStatus.OBSOLETE) archive = obsolete_series.distribution.main_archive removeSecurityProxy(archive).permit_obsolete_series_uploads = True sourcepackage = self.factory.makeSourcePackage( distroseries=obsolete_series) uploader = self.factory.makePerson() archive = sourcepackage.get_default_archive() with person_logged_in(sourcepackage.distribution.main_archive.owner): archive.newPackageUploader(uploader, sourcepackage.name) with person_logged_in(uploader): self.assertTrue( checkPermission('launchpad.Edit', sourcepackage), "Uploader to the package should have launchpad.Edit on " "source packages in an OBSOLETE series.")
def __checkSecurity(self, data): """ Returns a boolean indicating whether *data* passes the security checks defined for this subscription. If we are not able to make the security check because the principal or permission we are supposed to use is not defined, returns the special (false) value `None`. This can be used to distinguish the case where access is denied by the security policy from the case where requested principals are missing. """ if not self.permission_id and not self.owner_id: # If no security is requested, we're good. return True # OK, now we need to find the permission and the principal. # Both should be found in the context of the data; if not # there, then check the currently installed site. principal = self._find_principal(data) permission = self._find_permission(data) if principal is None or permission is None: # A missing permission causes zope.security to grant full access. # It's treated the same as zope.Public. So don't let that happen. return None # Now, we need to set up the interaction and do the security check. participation = Participation(principal) current_interaction = queryInteraction() if current_interaction is not None: # Cool, we can add our participation to the interaction. current_interaction.add(participation) else: newInteraction(participation) try: # Yes, this needs the ID of the permission, not the permission object. return checkPermission(self.permission_id, data) finally: if current_interaction is not None: current_interaction.remove(participation) else: endInteraction()
def test_checkPermission_w_interaction(self): from zope.security.management import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction from zope.security.management import newInteraction permission = "zope.Test" obj = object() class PolicyStub(object): def checkPermission(s, p, o): self.assertTrue(p is permission) self.assertTrue(o is obj) self.assertTrue(s is queryInteraction() or s is interaction) return s is interaction setSecurityPolicy(PolicyStub) newInteraction() interaction = queryInteraction() self.assertEqual(checkPermission(permission, obj), True)
def traverse(self, name, ignore): """See dolmen.content.interfaces.IFactory """ factory = queryUtility(dolmen.content.IFactory, name) if factory is not None: permission = dolmen.content.require.bind().get(factory.factory) if checkPermission(permission, self.context): self.factory = factory app = grok.getApplication() context = app["configuration"]["meta"]["p2_model"] addform = context.plan.forms["add_model_view"] view = queryMultiAdapter((addform, self.request, self), name=factory.addform) if view is not None: view.mode = "OPERATIONAL" return view else: raise Unauthorized("%r requires the %r permission." % (factory.factory, permission)) raise NotFound(self.context, name, self.request)
def test_checkPermission_w_interaction(self): from zope.security.management import checkPermission from zope.security.management import setSecurityPolicy from zope.security.management import queryInteraction from zope.security.management import newInteraction permission = 'zope.Test' obj = object() class PolicyStub(object): def checkPermission( s, p, o, ): self.assertTrue(p is permission) self.assertTrue(o is obj) self.assertTrue(s is queryInteraction() or s is interaction) return s is interaction setSecurityPolicy(PolicyStub) newInteraction() interaction = queryInteraction() self.assertEqual(checkPermission(permission, obj), True)
def test_private_bug_non_subscriber_cannot_edit(self): with admin_logged_in() as admin: self.bug.setPrivate(True, admin) with person_logged_in(self.factory.makePerson()): self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def checkEditing(self): return checkPermission('zojax.contenttype.AddCalendarEvent', self.context)
def test_view_package_build(self): # Anonymous access can read public builds, but not edit. self.assertTrue(checkPermission('launchpad.View', self.package_build)) self.assertFalse(checkPermission('launchpad.Edit', self.package_build))
def test_admin_package_build(self): # Users with edit access can update attributes. login('*****@*****.**') self.assertTrue(checkPermission('launchpad.View', self.package_build)) self.assertTrue(checkPermission('launchpad.Edit', self.package_build))
def test_unauthenticated_user_cannot_edit(self): self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def check_permission(self, permission_id): permission_id = PERM_MAP[permission_id] return checkPermission(permission_id, self.context)
def test_registry_expert_can_edit(self): with celebrity_logged_in('registry_experts'): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_target_owner_can_edit(self): with person_logged_in(self.bug.default_bugtask.target.owner): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_user_with_karma_can_edit(self): person = self.factory.makePerson() self._makeKarmaTotalCache(person, 10) with person_logged_in(person): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_bug_reporter_can_edit(self): with person_logged_in(self.bug.owner): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_admin_can_edit(self): with admin_logged_in(): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_new_user_cannot_edit(self): with person_logged_in(self.factory.makePerson()): self.assertFalse(checkPermission('launchpad.Edit', self.bug))
def __call__(self, permission): if checkPermission(permission, self.context): return "Yes, you have the %r permission." % permission else: return "No, you don't have the %r permission." % permission
def test_target_bug_supervisor_can_edit(self): person = self.factory.makePerson() removeSecurityProxy(self.bug.default_bugtask.target).bug_supervisor = ( person) with person_logged_in(person): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def test_commercial_admin_can_edit(self): with celebrity_logged_in('commercial_admin'): self.assertTrue(checkPermission('launchpad.Edit', self.bug))
def isAvailable(self): return self.view and checkPermission('zope.View', self.context)