def test_PermPrincipalMap_multiple(self):
quer_principals = principal_perm_mgr.getPrincipalsForPermission(
"zope.Qwer")
qux_principals = principal_perm_mgr.getPrincipalsForPermission(
"zope.Qux")
perms = principal_perm_mgr.getPermissionsForPrincipal("zope.One")
self.assertEqual(len(quer_principals), 1)
self.assertTrue(("zope.One", Deny) in quer_principals)
self.assertEqual(len(qux_principals), 1)
self.assertTrue(("zope.One", Deny) in qux_principals)
self.assertEqual(len(perms), 2)
self.assertTrue(("zope.Qwer", Deny) in perms)
self.assertTrue(("zope.Qux", Deny) in perms)
def test_PermPrincipalMap(self):
principals = principal_perm_mgr.getPrincipalsForPermission("zope.Foo")
perms = principal_perm_mgr.getPermissionsForPrincipal("zope.Blah")
self.assertEqual(len(principals), 1)
self.assertTrue(("zope.Blah", Deny) in principals)
self.assertEqual(len(perms), 1)
self.assertTrue(("zope.Foo", Deny) in perms)
def testManyPrincipalsOnePermission(self):
perm1 = definePermission('Perm One', 'title').id
prin1 = self._make_principal()
prin2 = self._make_principal('Principal 2', 'Principal Two')
manager.grantPermissionToPrincipal(perm1, prin1)
manager.denyPermissionToPrincipal(perm1, prin2)
principals = manager.getPrincipalsForPermission(perm1)
self.assertEqual(len(principals), 2)
self.assertTrue((prin1, Allow) in principals)
self.assertTrue((prin2, Deny) in principals)
def testPrincipalPermission(self):
permission = definePermission('APerm', 'title').id
principal = self._make_principal()
# check that an allow permission is saved correctly
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that the allow permission is removed.
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# now put a deny in there, check it's set.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Deny)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Deny)])
# test for deny followed by allow . The latter should override.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that allow followed by allow is just a single allow.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission),
[(principal, Allow)])
self.assertEqual(manager.getPermissionsForPrincipal(principal),
[(permission, Allow)])
# check that two unsets in a row quietly ignores the second one.
manager.unsetPermissionForPrincipal(permission, principal)
manager.unsetPermissionForPrincipal(permission, principal)
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])
# check the result of getSetting() when it's empty.
self.assertEqual(manager.getSetting(permission, principal), Unset)
# check the result of getSetting() when it's empty and a default
# passed in
self.assertEqual(manager.getSetting(permission, principal, 1), 1)
# check the result of getSetting() when it's allowed.
manager.grantPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Allow)
# check the result of getSetting() when it's denied.
manager.denyPermissionToPrincipal(permission, principal)
self.assertEqual(manager.getSetting(permission, principal), Deny)
def testUnboundPrincipalPermission(self):
permission = definePermission('APerm', 'title').id
principal = self._make_principal()
self.assertEqual(manager.getPrincipalsForPermission(permission), [])
self.assertEqual(manager.getPermissionsForPrincipal(principal), [])