def test_wrapped_field_checker(self):
f1 = Text(title=u'alpha')
f1 = ProxyFactory(f1)
f2 = Text(title=u'alpha')
f2 = Struct(f2)
f2 = ProxyFactory(f2)
self.assertEquals(getChecker(f1), getChecker(f2))
self.failIf(getChecker(f1) is _defaultChecker)
self.failIf(getChecker(f2) is _defaultChecker)
def test_set_permissions(self):
expected_set_permissions = {
'launchpad.View':
set(('active', 'delivery_url', 'event_types', 'registrant_id',
'secret')),
}
webhook = self.factory.makeWebhook()
checker = getChecker(webhook)
self.checkPermissions(expected_set_permissions,
checker.set_permissions, 'set')
def get_interaction(obj):
"""Extract interaction from a proxied object"""
try:
checker = getChecker(obj)
except TypeError:
return
if isinstance(checker, Checker):
return checker.interaction
else:
return thread_local.interaction
def get_interaction(obj):
"""Extract interaction from a proxied object"""
try:
checker = getChecker(obj)
except TypeError:
return
if isinstance(checker, Checker):
return checker.interaction
else:
return thread_local.interaction
def test_get_permissions(self):
expected_get_permissions = {
'launchpad.View':
set(('active', 'date_created', 'date_last_modified', 'deliveries',
'delivery_url', 'destroySelf', 'event_types', 'getDelivery',
'id', 'ping', 'registrant', 'registrant_id', 'secret',
'setSecret', 'target')),
}
webhook = self.factory.makeWebhook()
checker = getChecker(webhook)
self.checkPermissions(expected_get_permissions,
checker.get_permissions, 'get')
def test_set_permissions(self):
expected_get_permissions = {
'launchpad.Admin': set(('direction_approved', 'priority')),
'launchpad.AnyAllowedPerson': set(('whiteboard', )),
'launchpad.Edit': set((
'approver', 'assignee', 'definition_status', 'distribution',
'drafter', 'implementation_status', 'man_days', 'milestone',
'name', 'product', 'specurl', 'summary', 'superseded_by',
'title')),
}
specification = self.factory.makeSpecification()
checker = getChecker(specification)
self.checkPermissions(
expected_get_permissions, checker.set_permissions, 'set')
def test(self):
bug = self.factory.makeBug()
info = bug.getSubscriptionInfo()
checker = getChecker(info)
# BugSubscriptionInfo objects are immutable.
self.assertEqual({}, checker.set_permissions)
# All attributes require launchpad.View.
permissions = set(checker.get_permissions.itervalues())
self.assertContentEqual(["launchpad.View"], permissions)
# The security adapter for launchpad.View lets anyone reference the
# attributes unless the bug is private, in which case only explicit
# subscribers are permitted.
adapter = queryAdapter(info, IAuthorization, "launchpad.View")
self.assertIsInstance(
adapter, PublicToAllOrPrivateToExplicitSubscribersForBugTask)
def test_get_permissions(self):
expected_get_permissions = {
CheckerPublic:
set(('id', 'information_type', 'private', 'userCanView')),
'launchpad.LimitedView':
set(('all_blocked', 'all_deps', 'approver', 'approverID',
'assignee', 'assigneeID', 'bugs', 'completer',
'createDependency', 'date_completed', 'date_goal_decided',
'date_goal_proposed', 'date_started', 'datecreated',
'definition_status', 'dependencies', 'direction_approved',
'distribution', 'distroseries', 'drafter', 'drafterID',
'getBranchLink', 'getDelta', 'getAllowedInformationTypes',
'getDependencies', 'getBlockedSpecs', 'getLinkedBugTasks',
'getSprintSpecification', 'getSubscriptionByName', 'goal',
'goal_decider', 'goal_proposer', 'goalstatus',
'has_accepted_goal', 'implementation_status', 'informational',
'isSubscribed', 'is_blocked', 'is_complete', 'is_incomplete',
'is_started', 'lifecycle_status', 'linkBranch', 'linkSprint',
'linked_branches', 'man_days', 'milestone', 'name',
'notificationRecipientAddresses', 'owner', 'priority',
'product', 'productseries', 'removeDependency', 'specurl',
'sprint_links', 'sprints', 'starter', 'subscribe',
'subscribers', 'subscription', 'subscriptions', 'summary',
'superseded_by', 'target', 'title', 'unlinkBranch',
'unlinkSprint', 'unsubscribe', 'updateLifecycleStatus',
'validateMove', 'whiteboard', 'work_items',
'workitems_text')),
'launchpad.Edit':
set(('newWorkItem', 'proposeGoal', 'retarget',
'setDefinitionStatus', 'setImplementationStatus', 'setTarget',
'transitionToInformationType', 'updateWorkItems')),
'launchpad.Driver':
set(('acceptBy', 'declineBy')),
'launchpad.AnyAllowedPerson':
set(('unlinkBug', 'linkBug', 'setWorkItems')),
}
specification = self.factory.makeSpecification()
checker = getChecker(specification)
self.checkPermissions(expected_get_permissions,
checker.get_permissions, 'get')
def test_get_permissions(self):
expected_get_permissions = {
CheckerPublic: set((
'id', 'information_type', 'private', 'userCanView')),
'launchpad.LimitedView': set((
'all_blocked', 'all_deps', 'approver', 'approverID',
'assignee', 'assigneeID', 'bug_links', 'bugs', 'completer',
'createDependency', 'date_completed', 'date_goal_decided',
'date_goal_proposed', 'date_started', 'datecreated',
'definition_status', 'dependencies', 'direction_approved',
'distribution', 'distroseries', 'drafter', 'drafterID',
'getBranchLink', 'getDelta', 'getAllowedInformationTypes',
'getDependencies', 'getBlockedSpecs', 'getLinkedBugTasks',
'getSprintSpecification', 'getSubscriptionByName', 'goal',
'goal_decider', 'goal_proposer', 'goalstatus',
'has_accepted_goal', 'implementation_status', 'informational',
'isSubscribed', 'is_blocked', 'is_complete', 'is_incomplete',
'is_started', 'lifecycle_status', 'linkBranch', 'linkSprint',
'linked_branches', 'man_days', 'milestone', 'name',
'notificationRecipientAddresses', 'owner', 'priority',
'product', 'productseries', 'removeDependency', 'specurl',
'sprint_links', 'sprints', 'starter', 'subscribe',
'subscribers', 'subscription', 'subscriptions', 'summary',
'superseded_by', 'target', 'title', 'unlinkBranch',
'unlinkSprint', 'unsubscribe', 'updateLifecycleStatus',
'validateMove', 'whiteboard', 'work_items',
'workitems_text')),
'launchpad.Edit': set((
'newWorkItem', 'proposeGoal', 'retarget',
'setDefinitionStatus', 'setImplementationStatus', 'setTarget',
'transitionToInformationType', 'updateWorkItems')),
'launchpad.Driver': set(('acceptBy', 'declineBy')),
'launchpad.AnyAllowedPerson': set((
'unlinkBug', 'linkBug', 'setWorkItems')),
}
specification = self.factory.makeSpecification()
checker = getChecker(specification)
self.checkPermissions(
expected_get_permissions, checker.get_permissions, 'get')
def test_set_permissions(self):
checker = getChecker(self.public_series)
self.checkPermissions(
self.expected_set_permissions, checker.set_permissions, 'set')
def apply_security(ti):
domain_model, descriptor_model = ti.domain_model, ti.descriptor_model
type_key = naming.polymorphic_identity(domain_model)
log.debug("APPLY SECURITY: %s %s", type_key, domain_model)
# first, "inherit" security settings of super classes i.e. equivalent of
# something like <require like_class=".domain.Doc" />
for c in domain_model.__bases__:
if c is object:
continue
log.debug(" LIKE_CLASS: %s", c)
protectLikeUnto(domain_model, c)
# !+DECL permissions here--for CUSTOM types only, and SINCE r9946--override
# what is defined in domain.zcml, as opposed to vice-versa (probably
# because CUSTOM types are setup at a later stage).
# So (for CUSTOM types only?) we use the parametrized
# bungeni.{type_key}.{Mode} as the view/edit permission:
pv_type = "zope.Public" # view permission, for type
pe_type = "zope.Public" # edit permission, for type
if descriptor_model.scope == "custom":
pv_type = "bungeni.%s.View" % (type_key)
pe_type = "bungeni.%s.Edit" % (type_key)
# !+SCHEMA_FIELDS(mr, oct-2012) all this seems superfluous anyway, as is
# (always?) overwritten further down? Switch to base loop on superset of
# names (dir(cls)?) and then decide ONCE on various criteria how to
# protect the name.
_view_protected = set() # remember names protected for view
_edit_protected = set() # remember names protected for edit
# sorted (for clearer logging) list of attr names that are BOTH defined
# by the db mapped-table schema AND have a dedicated UI Field.
dts_attrs = [ n for n in ti.derived_table_schema.names(all=True) ]
df_attrs = [ f.get("name") for f in descriptor_model.fields ]
attrs = sorted(set(dts_attrs).union(set(df_attrs)))
log.debug(" DTS+Fields: %s, %s",
ti.derived_table_schema.__name__, descriptor_model.__name__)
for n in attrs:
# !+DECL special cases, do not override domain.zcml...
if n in ("response_text",):
continue
_view_protected.add(n); _edit_protected.add(n)
pv = pv_type
pe = pe_type
model_field = descriptor_model.get(n)
if model_field:
if descriptor_model.scope != "custom":
# !+DECL proceed as before for now
pv = model_field.view_permission # always "zope.Public"
pe = model_field.edit_permission # always "zope.ManageContent"
# !+DECL parametrize all permissions by type AND mode, ensure to grant
# to appropriate roles. What about non-workflows or non-catalyzed types?
protectName(domain_model, n, pv)
protectSetAttribute(domain_model, n, pe)
DTS = n in dts_attrs and "dts" or " "
DF = n in df_attrs and "df" or " "
log.debug(" %s %s [%s] view:%s edit:%s %x",
DTS, DF, n, pv, pe, id(model_field))
if n not in domain_model.__dict__:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in %s.__dict__",
n, domain_model)
# container attributes (never a UI Field for these)
log.debug(" __dict__: %s" % (domain_model))
for k in sorted(domain_model.__dict__.keys()):
# !+ if IManagedContainer.providedBy(v): ?
v = domain_model.__dict__[k]
if isinstance(v, ManagedContainerDescriptor):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" managed %s view:%s" % (k, "zope.Public"))
elif isinstance(v, orm.attributes.InstrumentedAttribute):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" instrumented [%s] view:%s", k, "zope.Public")
else:
log.debug(" ---- [%s] !+SCHEMA_FIELD IN __dict__ but NOT "
"instrumented OR managed", k)
continue
if k not in attrs:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in attrs", k)
protectName(domain_model, k, "zope.Public") #!+pv_type
# Dump permission_id required to getattr/setattr for "custom" types.
# We only dump the security settings for "custom" types as it only these
# are processed AFTER that domain.zcml has been executed (for other types,
# loaded earlier during app startup, it is the settings in domain.zcml
# (executed later during app startup) that ends up applying.
if descriptor_model.scope == "custom":
from zope.security import proxy, checker
dmc = checker.getChecker(proxy.ProxyFactory(domain_model()))
log.debug(" checker: %s", dmc)
for n in sorted(_view_protected.union(["response_text"])):
g = dmc.get_permissions.get(n)
s = dmc.set_permissions.get(n) #dmc.setattr_permission_id(n)
log.debug(" [%s] get:%s set:%s",
n, getattr(g, "__name__", g), s)
def apply_security(ti):
domain_model, descriptor_model = ti.domain_model, ti.descriptor_model
type_key = naming.polymorphic_identity(domain_model)
log.debug("APPLY SECURITY: %s %s", type_key, domain_model)
# first, "inherit" security settings of super classes i.e. equivalent of
# something like <require like_class=".domain.Doc" />
for c in domain_model.__bases__:
if c is object:
continue
log.debug(" LIKE_CLASS: %s", c)
protectLikeUnto(domain_model, c)
# !+DECL permissions here--for CUSTOM types only, and SINCE r9946--override
# what is defined in domain.zcml, as opposed to vice-versa (probably
# because CUSTOM types are setup at a later stage).
# So (for CUSTOM types only?) we use the parametrized
# bungeni.{type_key}.{Mode} as the view/edit permission:
pv_type = "zope.Public" # view permission, for type
pe_type = "zope.Public" # edit permission, for type
if descriptor_model.scope == "custom":
pv_type = "bungeni.%s.View" % (type_key)
pe_type = "bungeni.%s.Edit" % (type_key)
# !+SCHEMA_FIELDS(mr, oct-2012) all this seems superfluous anyway, as is
# (always?) overwritten further down? Switch to base loop on superset of
# names (dir(cls)?) and then decide ONCE on various criteria how to
# protect the name.
_view_protected = set() # remember names protected for view
_edit_protected = set() # remember names protected for edit
# sorted (for clearer logging) list of attr names that are BOTH defined
# by the db mapped-table schema AND have a dedicated UI Field.
dts_attrs = [ n for n in ti.derived_table_schema.names(all=True) ]
df_attrs = [ f.get("name") for f in descriptor_model.fields ]
attrs = sorted(set(dts_attrs).union(set(df_attrs)))
log.debug(" DTS+Fields: %s, %s",
ti.derived_table_schema.__name__, descriptor_model.__name__)
for n in attrs:
# !+DECL special cases, do not override domain.zcml...
if n in ("response_text",):
continue
_view_protected.add(n); _edit_protected.add(n)
pv = pv_type
pe = pe_type
model_field = descriptor_model.get(n)
if model_field:
if descriptor_model.scope != "custom":
# !+DECL proceed as before for now
pv = model_field.view_permission # always "zope.Public"
pe = model_field.edit_permission # always "zope.ManageContent"
# !+DECL parametrize all permissions by type AND mode, ensure to grant
# to appropriate roles. What about non-workflows or non-catalyzed types?
protectName(domain_model, n, pv)
protectSetAttribute(domain_model, n, pe)
DTS = n in dts_attrs and "dts" or " "
DF = n in df_attrs and "df" or " "
log.debug(" %s %s [%s] view:%s edit:%s %x",
DTS, DF, n, pv, pe, id(model_field))
if n not in domain_model.__dict__:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in %s.__dict__",
n, domain_model)
# container attributes (never a UI Field for these)
log.debug(" __dict__: %s" % (domain_model))
for k in sorted(domain_model.__dict__.keys()):
# !+ if IManagedContainer.providedBy(v): ?
v = domain_model.__dict__[k]
if isinstance(v, ManagedContainerDescriptor):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" managed %s view:%s" % (k, "zope.Public"))
elif isinstance(v, orm.attributes.InstrumentedAttribute):
if k in _view_protected:
log.debug(" ---- %s RESETTING...", k)
_view_protected.add(k)
log.debug(" instrumented [%s] view:%s", k, "zope.Public")
else:
log.debug(" ---- [%s] !+SCHEMA_FIELD IN __dict__ but NOT "
"instrumented OR managed", k)
continue
if k not in attrs:
log.debug(" ---- [%s] !+SCHEMA_FIELDS not in attrs", k)
protectName(domain_model, k, "zope.Public") #!+pv_type
# Dump permission_id required to getattr/setattr for "custom" types.
# We only dump the security settings for "custom" types as it only these
# are processed AFTER that domain.zcml has been executed (for other types,
# loaded earlier during app startup, it is the settings in domain.zcml
# (executed later during app startup) that ends up applying.
if descriptor_model.scope == "custom":
from zope.security import proxy, checker
dmc = checker.getChecker(proxy.ProxyFactory(domain_model()))
log.debug(" checker: %s", dmc)
for n in sorted(_view_protected.union(["response_text"])):
g = dmc.get_permissions.get(n)
s = dmc.set_permissions.get(n) #dmc.setattr_permission_id(n)
log.debug(" [%s] get:%s set:%s",
n, getattr(g, "__name__", g), s)
def test_set_permissions(self):
checker = getChecker(self.public_projectgroup_milestone)
self.checkPermissions(self.expected_set_permissions,
checker.set_permissions, 'set')
def test_set_permissions(self):
milestone = self.factory.makeMilestone()
checker = getChecker(milestone)
self.checkPermissions(self.expected_set_permissions,
checker.set_permissions, 'set')
def test_set_permissions(self):
checker = getChecker(self.public_projectgroup_milestone)
self.checkPermissions(
self.expected_set_permissions, checker.set_permissions, 'set')
def test_set_permissions(self):
milestone = self.factory.makeMilestone()
checker = getChecker(milestone)
self.checkPermissions(
self.expected_set_permissions, checker.set_permissions, 'set')
