Back to index

plone3  3.1.7
testGroupUserFolder.py
Go to the documentation of this file.
00001 # -*- coding: utf-8 -*-
00002 ## GroupUserFolder
00003 ## Copyright (C)2006 Ingeniweb
00004 
00005 ## This program is free software; you can redistribute it and/or modify
00006 ## it under the terms of the GNU General Public License as published by
00007 ## the Free Software Foundation; either version 2 of the License, or
00008 ## (at your option) any later version.
00009 
00010 ## This program is distributed in the hope that it will be useful,
00011 ## but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 ## GNU General Public License for more details.
00014 
00015 ## You should have received a copy of the GNU General Public License
00016 ## along with this program; see the file COPYING. If not, write to the
00017 ## Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00018 """
00019 
00020 """
00021 __version__ = "$Revision:  $"
00022 # $Source:  $
00023 # $Id: testGroupUserFolder.py 30098 2006-09-08 12:35:01Z encolpe $
00024 __docformat__ = 'restructuredtext'
00025 
00026 import os, sys
00027 if __name__ == '__main__':
00028     execfile(os.path.join(sys.path[0], 'framework.py'))
00029 
00030 
00031 
00032 # Load fixture
00033 from Testing import ZopeTestCase
00034 
00035 # Permissions / security
00036 from AccessControl.Permissions import access_contents_information, view, add_documents_images_and_files, change_images_and_files, view_management_screens
00037 from AccessControl.SecurityManagement import newSecurityManager, noSecurityManager, getSecurityManager
00038 from AccessControl import Unauthorized
00039 from AccessControl import Permissions
00040 from AccessControl.User import UnrestrictedUser
00041 from AccessControl.PermissionRole import rolesForPermissionOn
00042 
00043 import urllib
00044 
00045 # Create the error_log object
00046 app = ZopeTestCase.app()
00047 ZopeTestCase.utils.setupSiteErrorLog(app)
00048 ZopeTestCase.close(app)
00049 
00050 # Start the web server
00051 host, port = ZopeTestCase.utils.startZServer(4)
00052 base = 'http://%s:%d/%s' %(host, port, ZopeTestCase.folder_name)
00053 
00054 
00055 # Get global vars
00056 #from Products.GroupUserFolder.global_symbols import *
00057 from Products.GroupUserFolder.interfaces import IUserFolder
00058 from Interface import Verify
00059 
00060 # Install our product
00061 ZopeTestCase.installProduct('GroupUserFolder')
00062 ZopeTestCase.installProduct('OFSP')
00063 
00064 import GRUFTestCase
00065 from Log import *
00066 
00067 
00068 class TestGroupUserFolder(GRUFTestCase.GRUFTestCase):
00069 
00070     #                                                   #
00071     #           Basic GRUF behaviour testing            #
00072     #                                                   #
00073 
00074     def test00userNames(self,):
00075         """
00076         test00userNames(self,)
00077         Basic test of user and group names.
00078         """
00079         un = self.gruf_folder.acl_users.getUserNames()
00080         users = [
00081             'g1', 'g2', "g3", "g4",
00082             "ng1", "ng2", "ng3", "ng4", "ng5",
00083             "manager",
00084             "u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10", "u11",
00085             "extranet", "intranet", "compta",
00086             ]
00087         un.sort()
00088         users.sort()
00089         for u in users:
00090             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00091         for u in un:
00092             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00093         
00094 
00095     def test00userIds(self,):
00096         """
00097         test00userIds(self,)
00098         Basic test of user and group names.
00099         """
00100         un = self.gruf.getUserIds()
00101         users = [
00102             'group_g1', 'group_g2', "group_g3", "group_g4",
00103             "group_ng1", "group_ng2", "group_ng3", "group_ng4", "group_ng5",
00104             "manager",
00105             "u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10", "u11",
00106             "group_extranet", "group_intranet", "group_compta",
00107             ]
00108         un.sort()
00109         users.sort()
00110         for u in users:
00111             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00112         for u in un:
00113             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00114 
00115 
00116     #                                                   #
00117     #           Basic GRUF behaviour testing            #
00118     #                                                   #
00119 
00120     def test01userRoles(self,):
00121         """
00122         test01userRoles => Test if the user "inherits" group roles
00123         """
00124         # Add a few roles
00125         if not "userrole" in self.gruf.userFolderGetRoles():
00126             self.gruf.userFolderAddRole("userrole")
00127         if not "grouprole" in self.gruf.userFolderGetRoles():
00128             self.gruf.userFolderAddRole("grouprole")
00129 
00130         # Add the group & the user
00131         self.gruf.userFolderAddGroup(
00132             name = 'gtest',
00133             roles = ['grouprole', ],
00134             )
00135         self.gruf.userFolderAddUser(
00136             name = 'utest',
00137             password = 'secret',
00138             roles = ('userrole', ),
00139             groups = ('gtest', ),
00140             domains = (),
00141             )
00142 
00143         # Check if the user has the right roles
00144         usr = self.gruf.getUser('utest')
00145         roles = usr.getRoles()
00146         self.failUnless('Authenticated' in roles)
00147         self.failUnless('userrole' in roles)
00148         self.failUnless('grouprole' in roles)
00149 
00150         # Remove the group & user
00151         self.gruf.userFolderDelUsers(['utest',])
00152         self.gruf.userFolderDelGroups(['gtest',])
00153 
00154     def test02securityMatrix(self,):
00155         """
00156         test02securityMatrix(self,) => Test the whole security matrix !
00157 
00158         We just check that people has the right roles
00159         """
00160         self.failUnless(self.compareRoles(None, "u1", ()))
00161         self.failUnless(self.compareRoles(None, "u2", ()))
00162         self.failUnless(self.compareRoles(None, "u3", ("r1", )))
00163         self.failUnless(self.compareRoles(None, "u4", ("r1", "r2", )))
00164         self.failUnless(self.compareRoles(None, "u5", ("r1", "r2", )))
00165         self.failUnless(self.compareRoles(None, "u6", ("r1", "r2", )))
00166         self.failUnless(self.compareRoles(None, "u7", ("r1", "r2", "r3", )))
00167 
00168 
00169     def test03usersBelongToGroups(self,):
00170         """
00171         test03usersBelongToGroups(self,) => test that the users belong to the right groups.
00172         This implies nested groups testing
00173         """
00174         # Check regular users
00175         self.failUnless(self.compareGroups("u1", ()))
00176         self.failUnless(self.compareGroups("u2", ("g1", )))
00177         self.failUnless(self.compareGroups("u3", ("g1", "g2", )))
00178         self.failUnless(self.compareGroups("u4", ("g1", "g2", "g3", )))
00179         self.failUnless(self.compareGroups("u5", ("g2", "g3", )))
00180         self.failUnless(self.compareGroups("u6", ("g3", )))
00181         self.failUnless(self.compareGroups("u7", ("g4", )))
00182 
00183         # Check nested groups
00184         self.failUnless(self.compareGroups("group_ng1", ("g1", )))
00185         self.failUnless(self.compareGroups("group_ng2", ("g2", "g3", )))
00186         self.failUnless(self.compareGroups("group_ng3", ("g2", "g3", "ng2", )))
00187         self.failUnless(self.compareGroups("group_ng4", ("g2", "g3", "ng2", )))
00188         self.failUnless(self.compareGroups("group_ng5", ("g2", "g3", "ng2", "ng4", )))
00189 ##        self.failUnless(self.compareGroups("ng6", ("ng5", )))
00190 
00191         # Check nested-groups users
00192         self.failUnless(self.compareGroups("u8", ("ng1", "g1", )))
00193         self.failUnless(self.compareGroups("u9", ("ng2", "g1", "g2","g3",  )))
00194         self.failUnless(self.compareGroups("u10", ("ng2", "ng3", "g2", "g3", )))
00195         self.failUnless(self.compareGroups("u11", ("ng2", "ng3", "g2", "g3", )))
00196 ##        self.failUnless(self.compareGroups("u12", ()))
00197 
00198 
00199     def test04localRoles(self,):
00200         """
00201         Test the security matrix on a local role
00202 
00203         We just check that people has the right roles
00204         """
00205         self.failUnless(self.compareRoles(self.gruf_folder, "u1", ()))
00206         self.failUnless(self.compareRoles(self.gruf_folder, "u2", ()))
00207         self.failUnless(self.compareRoles(self.gruf_folder, "u3", ("r1", )))
00208         self.failUnless(self.compareRoles(self.gruf_folder, "u4", ("r1", "r2", )))
00209         self.failUnless(self.compareRoles(self.gruf_folder, "u5", ("r1", "r2", )))
00210         self.failUnless(self.compareRoles(self.gruf_folder, "u6", ("r1", "r2", )))
00211         self.failUnless(self.compareRoles(self.gruf_folder, "u7", ("r1", "r2", "r3", )))
00212 
00213         self.failUnless(self.compareRoles(self.lr, "u1", ()))
00214         self.failUnless(self.compareRoles(self.lr, "u2", ("r3", )))
00215         self.failUnless(self.compareRoles(self.lr, "u3", ("r1", "r3", )))
00216         self.failUnless(self.compareRoles(self.lr, "u4", ("r1", "r2", "r3", )))
00217         self.failUnless(self.compareRoles(self.lr, "u5", ("r1", "r2", )))
00218         self.failUnless(self.compareRoles(self.lr, "u6", ("r1", "r2", "r3", )))
00219         self.failUnless(self.compareRoles(self.lr, "u7", ("r1", "r2", "r3", )))
00220 
00221         self.failUnless(self.compareRoles(self.sublr, "u2", ("r3", )))
00222         self.failUnless(self.compareRoles(self.sublr, "u3", ("r1", "r2", "r3", )))
00223         self.failUnless(self.compareRoles(self.sublr, "u6", ("r1", "r2", "r3", )))
00224 
00225         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00226         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00227         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00228 
00229         self.failUnless(self.compareRoles(self.subsublr2, "u2", ("r3", )))
00230         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", "r3", )))
00231         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", "r3", )))
00232 
00233         self.failUnless(self.compareRoles(self.sublr3, "u2", ()))
00234         self.failUnless(self.compareRoles(self.sublr3, "u3", ("r1", "r2", )))
00235         self.failUnless(self.compareRoles(self.sublr3, "u6", ("r1", "r2", )))
00236 
00237         self.failUnless(self.compareRoles(self.subsublr3, "u2", ()))
00238         self.failUnless(self.compareRoles(self.subsublr3, "u3", ("r1", "r2", )))
00239         self.failUnless(self.compareRoles(self.subsublr3, "u6", ("r1", "r2", )))
00240 
00241         
00242     def test05nestedGroups(self,):
00243         """
00244         Test security on nested groups
00245         """
00246         # Test group roles
00247         self.failUnless(self.compareRoles(None, "group_ng1", ()))
00248         self.failUnless(self.compareRoles(None, "group_ng2", ('r1', 'r2', )))
00249         self.failUnless(self.compareRoles(None, "group_ng3", ('r1', 'r2', )))
00250         self.failUnless(self.compareRoles(None, "group_ng4", ('r1', 'r2', 'r3', )))
00251         self.failUnless(self.compareRoles(None, "group_ng5", ('r1', 'r2', 'r3', )))
00252 ##        self.failUnless(self.compareRoles(None, "group_ng6", ()))
00253 
00254         # Test user roles
00255         self.failUnless(self.compareRoles(None, "u8", ()))
00256         self.failUnless(self.compareRoles(None, "u9", ("r1", "r2", )))
00257         self.failUnless(self.compareRoles(None, "u10", ("r1", "r2", )))
00258         self.failUnless(self.compareRoles(None, "u11", ("r1", "r2", "r3")))
00259 ##        self.failUnless(self.compareRoles(None, "u12", ("r1", "r2", "r3")))
00260 
00261         # Test the same with local roles (wow !)
00262         self.failUnless(self.compareRoles(self.gruf_folder.lr, "u8", ("r3", )))
00263         self.failUnless(self.compareRoles(self.gruf_folder.lr, "u9", ("r1", "r2", "r3", )))
00264         self.failUnless(self.compareRoles(self.gruf_folder.lr, "u10", ("r1", "r2", )))
00265         self.failUnless(self.compareRoles(self.gruf_folder.lr, "u11", ("r1", "r2", "r3")))
00266 ##        self.failUnless(self.compareRoles(self.gruf_folder.lr, "u12", ("r1", "r2", "r3")))
00267 
00268 
00269     def test06doubleNesting(self,):
00270         """
00271         Test against double nesting
00272         """
00273         self.failUnless(self.compareGroups("group_compta", ('intranet', 'extranet', )))
00274 
00275 
00276     def test08traversal(self,):
00277         """
00278         test traversal to ensure management screens are correctly accessible
00279         """
00280         # Check if we can traverse a GRUF to fetch a user (check a dummy method on it)
00281         traversed = self.gruf.restrictedTraverse("u1")
00282         Log(LOG_DEBUG, traversed)
00283         self.failUnless(traversed.meta_type == "Group User Folder")
00284 
00285         # Now, do the same but with a folder of the same name
00286         self.gruf_folder.manage_addProduct['OFSP'].manage_addFolder('u1')
00287         traversed = self.gruf.restrictedTraverse("u1")
00288         Log(LOG_DEBUG, traversed)
00289         self.failUnless(traversed.meta_type == "Group User Folder")
00290 
00291 
00292     #                                                   #
00293     #               GRUF Interface testing              #
00294     #                                                   #
00295 
00296     def test10GRUFMethods(self,):
00297         """
00298         We test that GRUF's API is well protected
00299         """
00300         self.assertRaises(Unauthorized, self.gruf_folder.restrictedTraverse, 'acl_users/getGRUFPhysicalRoot')
00301         self.assertRaises(Unauthorized, self.gruf_folder.restrictedTraverse, 'acl_users/getGRUFPhysicalRoot')
00302         #urllib.urlopen(base+'/acl_users/getGRUFId')
00303 
00304 
00305     #                                                   #
00306     #           LocalRole Acquisition Blocking          #
00307     #                                                   #
00308 
00309     def test11LocalRoleBlocking(self,):
00310         """
00311         We block LR acquisition on sublr2.
00312         See GRUFTestCase to understand what happens (basically, roles in brackets
00313         will be removed from sublr2).
00314         """
00315         # Initial check
00316         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00317         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00318         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00319         self.failUnless(self.compareRoles(self.subsublr2, "u2", ("r3", )))
00320         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", "r3", )))
00321         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", "r3", )))
00322         
00323         # Disable LR acquisition on sublr2 and test the stuff
00324         self.gruf._acquireLocalRoles(self.sublr2, 0)
00325         self.failUnless(self.compareRoles(self.sublr2, "u2", ()))
00326         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", )))
00327         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", )))
00328         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00329         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", )))
00330         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))
00331 
00332         # Now we disable LR acq. on subsublr2 and check what happens
00333         self.gruf._acquireLocalRoles(self.subsublr2, 0)
00334         self.failUnless(self.compareRoles(self.sublr2, "u2", ()))
00335         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", )))
00336         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", )))
00337         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00338         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", )))
00339         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))
00340 
00341         # We enable back on sublr2. subsublr2 mustn't change.
00342         self.gruf._acquireLocalRoles(self.sublr2, 1)
00343         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00344         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00345         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00346         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00347         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", )))
00348         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))
00349 
00350     def test12LocalRoleSecurity(self):
00351         """Access TTW
00352         """
00353         try:
00354             self.gruf.acquireLocalRoles(self.sublr2, 1)
00355         except:
00356             failed = 1
00357         else:
00358             failed = 0
00359 
00360         if getSecurityManager().checkPermission(Permissions.change_permissions, self.sublr2,):
00361             self.failUnless(not failed, "Must have the permission here.")
00362         else:
00363             self.failUnless(failed, "Must NOT have the permission here.")
00364 
00365 
00366     def test13TestCMFLRBehaviour(self,):
00367         """Special test to check that CMF's allowedRolesAndUsers is okay
00368         """
00369         # Allowed patterns
00370         normal_allowed = ['r1', 'r2', 'r3', 'user:group_g1', 'user:u6', 'user:u3']
00371         normal_allowed.sort()
00372         blocked_allowed = ["r1", "r2", "r3", "user:u3", "user:u6", ]
00373         blocked_allowed.sort()
00374             
00375         # Normal behaviour
00376         ob = self.subsublr2
00377         allowed = {}
00378         for r in rolesForPermissionOn('View', ob):
00379             allowed[r] = 1
00380         localroles = _mergedLocalRoles(ob)
00381         for user, roles in localroles.items():
00382             for role in roles:
00383                 if allowed.has_key(role):
00384                     allowed['user:' + user] = 1
00385         if allowed.has_key('Owner'):
00386             del allowed['Owner']
00387         allowed = list(allowed.keys())
00388         allowed.sort()
00389         self.failUnlessEqual(allowed, normal_allowed)
00390 
00391         # LR-blocking behaviour
00392         self.gruf._acquireLocalRoles(self.sublr2, 0)
00393         ob = self.subsublr2
00394         allowed = {}
00395         for r in rolesForPermissionOn('View', ob):
00396             allowed[r] = 1
00397         localroles = _mergedLocalRoles(ob)
00398         for user, roles in localroles.items():
00399             for role in roles:
00400                 if allowed.has_key(role):
00401                     allowed['user:' + user] = 1
00402         if allowed.has_key('Owner'):
00403             del allowed['Owner']
00404         allowed = list(allowed.keys())
00405         allowed.sort()
00406         self.failUnlessEqual(allowed, blocked_allowed)
00407 
00408 
00409     def test14Allowed(self,):
00410         """Test if the allowed() method is working properly.
00411         We check the roles on lr, and then on sublr2 after local role blocking tweaking.
00412         """
00413         u2 = self.gruf.getUser("u2")            # Belongs to group_g1
00414         u3 = self.gruf.getUser("u3")
00415         u6 = self.gruf.getUser("u6")
00416 
00417         # Positive assertions
00418         self.failUnless(u2.allowed(self.lr, ("r3", )))
00419         self.failUnless(u3.allowed(self.lr, ("r1", "r3", )))
00420         self.failUnless(u6.allowed(self.lr, ("r1", "r2", "r3", )))
00421         self.failUnless(u2.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00422         self.failUnless(u3.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00423         self.failUnless(u6.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00424         self.failUnless(u3.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00425         self.failUnless(u6.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00426 
00427         # Negative assertions
00428         self.failUnless(not u2.allowed(self.lr, ("r1", "r2", )))
00429         self.failUnless(not u3.allowed(self.lr, ("r2", )))
00430         self.failUnless(not u2.allowed(self.subsublr2, ("r1", "r2", )))
00431         self.failUnless(not u2.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00432         self.failUnless(not u3.allowed(self.subsublr3, ("r3", )))
00433         self.failUnless(not u6.allowed(self.subsublr3, ("r3", )))
00434 
00435 
00436     def test15user_names(self,):
00437         """test15user_names(self,) => check if the user_names() method return user IDS and
00438         not user NAMES... This is an inconsistency in Zope's code...
00439         """
00440         un = self.gruf.user_names()
00441         users = [
00442             'group_g1', 'group_g2', "group_g3", "group_g4",
00443             "group_ng1", "group_ng2", "group_ng3", "group_ng4", "group_ng5",
00444             "manager",
00445             "u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10", "u11",
00446             "group_extranet", "group_intranet", "group_compta",
00447             ]
00448         un.sort()
00449         users.sort()
00450         for u in users:
00451             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00452         for u in un:
00453             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00454 
00455     def test16user_group_same_name(self):
00456         """getLocalRolesForDisplay should know whether the local role on an object
00457         belongs to a group or a user even if the two share a name.
00458         """
00459         # So we are allowed to call getLocalRolesForDisplay
00460         self.setPermissions([Permissions.manage_properties])
00461         self.gruf.userFolderAddGroup('foo', ('r1', ))
00462         self.gruf.userFolderAddUser('foo', 'secret', (), (), ('foo', ), )
00463         lr = self.gruf_folder.lr
00464         lr.manage_addProduct['OFSP'].manage_addFolder("foo_lr")
00465         foo_lr = lr.foo_lr
00466         foo_lr.manage_addLocalRoles("foo", ("r3", ))
00467         roles_map = self.gruf.getLocalRolesForDisplay(foo_lr)
00468         self.failUnless(('foo',('r3',),'user','foo') in roles_map)
00469         foo_lr.manage_addLocalRoles("group_foo", ("r2", ))
00470         roles_map = self.gruf.getLocalRolesForDisplay(foo_lr)
00471         self.failUnless(('foo',('r2',),'group','group_foo') in roles_map)
00472 
00473     def test17AnonymousGetLocalRolesForDisplay(self):
00474         # getLocalRolesForDisplay should raise Unauthorized for Anonymous
00475         self.logout()
00476         self.assertRaises(Unauthorized, self.gruf.getLocalRolesForDisplay, self.gruf_folder)
00477 
00478     def test18ManagePropertiesInformationGetLocalRolesForDisplay(self):
00479         # getLocalRolesForDisplay should raise Unauthorized for users
00480         # without Manage properties permission
00481         self.assertRaises(Unauthorized, self.gruf.getLocalRolesForDisplay, self.gruf_folder)
00482 
00483     def test19ManagePropertiesInformationGetLocalRolesForDisplay(self):
00484         # getLocalRolesForDisplay should work for users with
00485         # Manage properties permission
00486         self.setPermissions([Permissions.manage_properties])
00487         self.gruf.getLocalRolesForDisplay(self.gruf_folder)
00488 
00489 
00490 def _mergedLocalRoles(object):
00491     """Returns a merging of object and its ancestors'
00492     __ac_local_roles__.
00493     This will call gruf's methods. It's made that may to mimic the
00494     usual CMF code."""
00495     return object.acl_users._getAllLocalRoles(object)
00496 
00497 
00498 #                                                   #
00499 #                 Copy / Paste support              #
00500 #                                                   #
00501 
00502 class TestGroupUserFolderCopy(TestGroupUserFolder):
00503     """
00504     Same tests as the previous class, but AFTER a copy/paste operation
00505     """
00506     _setup_done = 0
00507 
00508     def afterSetUp(self,):
00509         """
00510         afterSetUp(self,) => Basic gruf setup with a copy/paste
00511         """
00512         # Build a security context with the regular GRUF Folder
00513         self.gruf_setup()
00514         self.security_context_setup()
00515 
00516         # Perform tests to ensure using GRUF and filling all caches
00517         self.test00userNames()
00518         self.test01userRoles()
00519         self.test02securityMatrix()
00520         self.test03usersBelongToGroups()
00521         self.test04localRoles()
00522         self.test05nestedGroups()
00523         self.test06doubleNesting()
00524 
00525         # Now copy/paste a re-build the security context in another folder
00526         self._setupUser()
00527         self.setRoles(['Manager'])
00528         self.folder.manage_addProduct['OFSP'].manage_addFolder('gruf_folder2')
00529         folder2 = self.folder.gruf_folder2
00530 
00531         # copy/paste GRUF inside
00532         copy = self.gruf_folder.manage_copyObjects(ids = ['acl_users',],)
00533         folder2.manage_pasteObjects(cb_copy_data = copy)
00534 
00535         # Back to normal
00536         self.setRoles(ZopeTestCase.user_role)
00537 
00538 
00539 if __name__ == '__main__':
00540     framework(descriptions=1, verbosity=1)
00541 else:
00542     import unittest
00543     def test_suite():
00544         suite = unittest.TestSuite()
00545         suite.addTest(unittest.makeSuite(TestGroupUserFolder))
00546         suite.addTest(unittest.makeSuite(TestGroupUserFolderCopy))
00547         return suite