Back to index

plone3  3.1.7
Public Member Functions | Public Attributes | Static Private Attributes
Archetypes.tests.test_security.AttributeProtectionTest Class Reference
Inheritance diagram for Archetypes.tests.test_security.AttributeProtectionTest:
Inheritance graph
[legend]
Collaboration diagram for Archetypes.tests.test_security.AttributeProtectionTest:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def afterSetUp
def addPS
def check
def checkUnauthorized
def test_attribute_access_has_perm
def test_attribute_access_no_perm
def test_method_access_has_perm
def DISABLEDtest_method_access_no_perm
def test_field_write_no_perm
def test_field_write_has_perm
def test_import_IndexIterator
def test_use_IndexIterator
def test_import_transaction_note
def test_use_transaction_note
def test_import_DisplayList
def test_use_DisplayList
def test_at_post_scripts_unauthorized

Public Attributes

 folder
 inst
 object_id
 attrs
 check_attrs
 check_methods

Static Private Attributes

string _type = 'SimpleProtectedType'

Detailed Description

Definition at line 12 of file test_security.py.


Member Function Documentation

def Archetypes.tests.test_security.AttributeProtectionTest.addPS (   self,
  id,
  params = '',
  body = '' 
)

Definition at line 43 of file test_security.py.

00043 
00044     def addPS(self, id, params='', body=''):
00045         factory = self.folder.manage_addProduct['PythonScripts']
00046         factory.manage_addPythonScript(id)
00047         body = textwrap.dedent(body)
00048         self.folder[id].ZPythonScript_edit(params, body)

Here is the caller graph for this function:

Definition at line 16 of file test_security.py.

00016 
00017     def afterSetUp(self):
00018         ATSiteTestCase.afterSetUp(self)
00019         self.setRoles(['Manager'])
00020         self.portal.invokeFactory('Folder', 'test_folder_')
00021         self.folder = self.portal.test_folder_
00022         t = self._type
00023         self.portal.portal_workflow.setChainForPortalTypes((t,), ('plone_workflow',))
00024         self.inst = inst = makeContent(self.folder, portal_type=t, id=t)
00025         self.object_id = t
00026         self.attrs = [f.getName() for f in inst.Schema().fields()
00027                       if isinstance(f.getStorage(), AttributeStorage)]
00028 
00029         self.check_attrs = """\
00030         content = getattr(context, '%(object_id)s')
00031         for attr in %(attrs)s:
00032             print getattr(content, attr, None)
00033         """ % {'object_id': self.object_id,
00034                'attrs': self.attrs}
00035 
00036         self.check_methods = """\
00037         content = getattr(context, '%(object_id)s')
00038         for meth in %(methods)s:
00039             print getattr(content, meth)()
00040         """ % {'object_id': self.object_id,
00041                'methods': ['foo']}
00042         self.logout()

Here is the call graph for this function:

Definition at line 49 of file test_security.py.

00049 
00050     def check(self, psbody):
00051         self.addPS('ps', body=psbody)
00052         try:
00053             self.folder.ps()
00054         except (ImportError, Unauthorized), e:
00055             self.fail(e)

Here is the call graph for this function:

Definition at line 56 of file test_security.py.

00056 
00057     def checkUnauthorized(self, psbody):
00058         self.addPS('ps', body=psbody)
00059         try:
00060             self.folder.ps()
00061         except (AttributeError, ImportError, Unauthorized), e:
00062             pass
00063         else:
00064             raise AssertionError, 'Unauthorized not raised'

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 78 of file test_security.py.

00078 
00079     def DISABLEDtest_method_access_no_perm(self):
00080         # XXX Fails in my Zope from Zope-2_7-branch, but works with
00081         # Zope from trunk.
00082         self.setRoles(['Manager'])
00083         p = self.inst
00084         p.manage_permission(TestView, roles=['Manager'], acquire=0)
00085         self.setRoles([])
00086         self.logout()
00087         self.checkUnauthorized(self.check_methods)

Here is the call graph for this function:

Definition at line 145 of file test_security.py.

00145 
00146     def test_at_post_scripts_unauthorized(self):
00147         # at_post_create_script and at_post_edit_script should not
00148         # be accessible to TTW code at all.
00149         self.setRoles(['Manager'])
00150         test = """\
00151         content = getattr(context, '%(object_id)s')
00152         content.at_post_create_script()
00153         content.at_post_edit_script()
00154         """ % {'object_id': self.object_id}
00155         self.checkUnauthorized(test)

Here is the call graph for this function:

Definition at line 65 of file test_security.py.

00065 
00066     def test_attribute_access_has_perm(self):
00067         self.check(self.check_attrs)

Here is the call graph for this function:

Definition at line 68 of file test_security.py.

00068 
00069     def test_attribute_access_no_perm(self):
00070         self.setRoles(['Manager'])
00071         p = self.inst
00072         p.manage_permission(TestView, roles=['Manager'], acquire=0)
00073         self.setRoles([])
00074         self.checkUnauthorized(self.check_attrs)

Here is the call graph for this function:

Definition at line 109 of file test_security.py.

00109 
00110     def test_field_write_has_perm(self):
00111         # Check that if the user does have the field.write_permission
00112         # then the value will be updated in edit() or update().
00113         p = self.inst
00114         p.update(title='Bla1')
00115         self.failUnlessEqual(p.Title(), 'Bla1')
00116 
00117         title = p.Title()
00118         p.edit(title='Bla2')
00119         self.failUnlessEqual(p.Title(), 'Bla2')
00120 
00121         title = p.Title()
00122         p.processForm(data=True, values={'title':'Bla3'})
00123         self.failUnlessEqual(p.Title(), 'Bla3')

Definition at line 88 of file test_security.py.

00088 
00089     def test_field_write_no_perm(self):
00090         # Check that if the user doesn't have the
00091         # field.write_permission then the value will not be updated in
00092         # edit() or update().
00093         self.setRoles(['Manager'])
00094         p = self.inst
00095         p.manage_permission(TestWrite, roles=['Manager'], acquire=0)
00096         self.setRoles([])
00097 
00098         title = p.Title()
00099         p.update(title='Bla')
00100         self.failUnlessEqual(title, p.Title())
00101 
00102         title = p.Title()
00103         p.edit(title='Bla')
00104         self.failUnlessEqual(title, p.Title())
00105 
00106         title = p.Title()
00107         p.processForm(data=True, values={'title':'Bla'})
00108         self.failUnlessEqual(title, p.Title())

Here is the call graph for this function:

Definition at line 138 of file test_security.py.

00138 
00139     def test_import_DisplayList(self):
00140         self.check('from Products.Archetypes import DisplayList')

Here is the call graph for this function:

Definition at line 124 of file test_security.py.

00124 
00125     def test_import_IndexIterator(self):
00126         self.check('from Products.Archetypes import IndexIterator')

Here is the call graph for this function:

Definition at line 131 of file test_security.py.

00131 
00132     def test_import_transaction_note(self):
00133         self.check('from Products.Archetypes import transaction_note')

Here is the call graph for this function:

Definition at line 75 of file test_security.py.

00075 
00076     def test_method_access_has_perm(self):
00077         self.check(self.check_methods)

Here is the call graph for this function:

Definition at line 141 of file test_security.py.

00141 
00142     def test_use_DisplayList(self):
00143         self.check('from Products.Archetypes import DisplayList;'
00144                    'print DisplayList((("foo", "bar"),)).keys()')

Here is the call graph for this function:

Definition at line 127 of file test_security.py.

00127 
00128     def test_use_IndexIterator(self):
00129         self.check('from Products.Archetypes import IndexIterator;'
00130                    'print IndexIterator().next()')

Here is the call graph for this function:

Definition at line 134 of file test_security.py.

00134 
00135     def test_use_transaction_note(self):
00136         self.check('from Products.Archetypes import transaction_note;'
00137                    'print transaction_note("foo")')

Here is the call graph for this function:


Member Data Documentation

string Archetypes.tests.test_security.AttributeProtectionTest._type = 'SimpleProtectedType' [static, private]

Definition at line 14 of file test_security.py.

Definition at line 25 of file test_security.py.

Definition at line 28 of file test_security.py.

Definition at line 35 of file test_security.py.

Definition at line 20 of file test_security.py.

Definition at line 23 of file test_security.py.

Definition at line 24 of file test_security.py.


The documentation for this class was generated from the following file: