Back to index

plone3  3.1.7
Public Member Functions | Public Attributes
GroupUserFolder.tests.testLDAPUserFolder.TestLDAPUserFolderBasics Class Reference
Inheritance diagram for GroupUserFolder.tests.testLDAPUserFolder.TestLDAPUserFolderBasics:
Inheritance graph
[legend]
Collaboration diagram for GroupUserFolder.tests.testLDAPUserFolder.TestLDAPUserFolderBasics:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def gruf_sources_setup
def test01_LDAPUp
def gruf_setup
def security_context_setup
def security_context_setup_users

Public Attributes

 gruf_folder
 gruf
 lr
 sublr
 sublr2
 sublr3
 subsublr2
 subsublr3

Detailed Description

Basic LDAPUserFolder binding
This test just creates a LDAPUF connexion for the user source and performs a few API tests.
Heavy LDAP testing is delegated to TestLDAPUserFolder class.

Definition at line 105 of file testLDAPUserFolder.py.


Member Function Documentation

gruf_setup(self,) => Basic gruf setup

Definition at line 86 of file GRUFTestCase.py.

00086 
00087     def gruf_setup(self,):
00088         """
00089         gruf_setup(self,) => Basic gruf setup
00090         """
00091         # Replace default acl_user by a GRUF one
00092         self.folder.manage_delObjects(['acl_users'])
00093         self.folder.manage_addProduct['OFSP'].manage_addFolder('testFolder')
00094         self.gruf_folder = self.folder.testFolder
00095         self.gruf_folder.manage_addProduct['GroupUserFolder'].manage_addGroupUserFolder()
00096         self.gruf = self.gruf_folder.acl_users
00097 

Here is the caller graph for this function:

Basic LDAP initialization inside gruf's user source

Reimplemented from GroupUserFolder.tests.GRUFTestCase.GRUFTestCase.

Reimplemented in GroupUserFolder.tests.testLDAPGroupFolder.TestLDAPUserFolderGroups.

Definition at line 112 of file testLDAPUserFolder.py.

00112 
00113     def gruf_sources_setup(self,):
00114         """
00115         Basic LDAP initialization inside gruf's user source
00116         """
00117         # User source replacement
00118         self.gruf.replaceUserSource("Users",
00119             "manage_addProduct/LDAPUserFolder/manage_addLDAPUserFolder",
00120             #title = dg('title'),
00121             #LDAP_server = dg('server'),
00122             #login_attr = dg('login_attr'),
00123             #uid_attr = dg('uid_attr'),
00124             #users_base = dg('users_base'),
00125             #users_scope = dg('users_scope'),
00126             #roles= dg('roles'),
00127             #groups_base = dg('groups_base'),
00128             #groups_scope = dg('groups_scope'),
00129             #binduid = dg('binduid'),
00130             #bindpwd = dg('bindpwd'),
00131             #binduid_usage = dg('binduid_usage'),
00132             #rdn_attr = dg('rdn_attr'),
00133             #local_groups = dg('local_groups'),
00134             #encryption = dg('encryption'),
00135             #use_ssl = dg('use_ssl'),
00136             #read_only=dg('read_only'),
00137             )
00138 
00139         # Edit LDAPUF 'cause objectClass cannot be set otherwise :(
00140         self.gruf.Users.acl_users.manage_edit(
00141             title = dg('title'),
00142             login_attr = dg('login_attr'),
00143             uid_attr = dg('uid_attr'),
00144             users_base = dg('users_base'),
00145             users_scope = dg('users_scope'),
00146             roles= dg('roles'),
00147             obj_classes = 'top,inetOrgPerson',
00148             groups_base = dg('groups_base'),
00149             groups_scope = dg('groups_scope'),
00150             binduid = dg('binduid'),
00151             bindpwd = dg('bindpwd'),
00152             binduid_usage = dg('binduid_usage'),
00153             rdn_attr = dg('rdn_attr'),
00154             local_groups = dg('local_groups'),
00155             encryption = dg('encryption'),
00156             read_only=dg('read_only'),
00157             )
00158 
00159         # Purge existing users in order to start on a clean basis
00160         self.delete_created_users()
00161 

Here is the call graph for this function:

Build a complex security environment

It creates:
  * 3 roles, r1, r2 and r3
  * 3 groups: g1, g2, g3
  * n users as follows (roles are between parenthesis)

      !   g1    ! g2(r1)     ! g3(r2)     ! g4(r2,r3)  !  Resulting roles !
  ------------!---------!------------!------------!------------!------------------!
  u1          !         !            !            !            !   => (no role)   !
  u2          !   X     !            !            !            !   => (no role)   !
  u3          !   X     !      X     !            !            !   => r1          !
  u4          !   X     !      X     !      X     !            !   => r1,r2       !
  u5(r1)      !         !      X     !      X     !            !   => r1,r2       !
  u6(r1)      !         !            !      X     !            !   => r1,r2       !
  u7(r1)      !         !            !            !     X      !   => r1,r2,r3    !
  ---------------------------------------------------------------------------------

It also creates a 'lr' folder in which g1 group and u3 and u6 are granted r3 role.


And then, it creates nested groups as follow (-> = belongs to group...):

     u/g   !  belongs to... ! resulting roles                     !
 ----------!----------------!-------------------------------------!
  ng1      !   g1           ! (no role)                           !
  ng2      !   g2, g3       ! r1, r2                              !
  ng3      !   g2, ng2      ! r1, r2                              !
  ng4(r3)  !   g2, ng2      ! r1, r2, r3                          !
  ng5      !   g2, ng4      ! r1, r2, r3                          !
  ng6      !   ng5, ng6     ! r1, r2, r3 (no circ. ref)           !
  u8       !   ng1          ! (no role)                           !
  u9       !   g1, ng2      ! r1, r2                              !
  u10      !   ng2, ng3     ! r1, r2                              !
  u11(r3)  !   ng2, ng3     ! r1, r2, r3                          !
  u12      !   ng5, ng6     ! r1, r2, r3                          !
 -----------------------------------------------------------------!

 Plus we have the following local roles matrix (roles inside parenthesis are implicitly
 user-defined, roles inside brackets are implicitly lr-defined).

 folder
   |
   |-- acl_users (GRUF)
   |
   |                                          r1    r2    r3
   |                             /--
   |                             | group_g1               x
   |-- lr                        | u3        (x)          x
       |                         | u6        (x)   (x)    x
       |                         \--
       |
       |                         /--
       |                         | group_g1              [x]
       |-- sublr                 | u3        (x)    x    [x]
       |                         | u6        (x)    x*   [x]
       |                         \--
       |
       |                         /--
       |                         | group_g1              [x]
       |-- sublr2                | u3        (x)    x    [x]
       |   |                     | u6        (x)    x*   [x]
       |   |                     \--
       |   |
       |   |                     /--
       |   |                     | group_g1              [x]
       |   |-- subsublr2         | u3        (x)   [x]   [x]
       |                         | u6        (x)  [(x)]  [x]
       |                         \--
       |
 (now we block local roles under this branch)
       |
       |                         /--
       |                         | group_g1              
       |-- sublr3                | u3        (x)    x    
   |                     | u6        (x)    x*   
   |                     \--
   |
   |                     /--
   |                     | group_g1              
   |-- subsublr3         | u3        (x)   [x]   
                         | u6        (x)  [(x)]  
                         \--
                         
*: u6 will have r2 as a localrole AND a userdefined role.

Definition at line 113 of file GRUFTestCase.py.

00113 
00114     def security_context_setup(self,):
00115         """
00116         Build a complex security environment
00117 
00118         It creates:
00119           * 3 roles, r1, r2 and r3
00120           * 3 groups: g1, g2, g3
00121           * n users as follows (roles are between parenthesis)
00122 
00123                       !   g1    ! g2(r1)     ! g3(r2)     ! g4(r2,r3)  !  Resulting roles !
00124           ------------!---------!------------!------------!------------!------------------!
00125           u1          !         !            !            !            !   => (no role)   !
00126           u2          !   X     !            !            !            !   => (no role)   !
00127           u3          !   X     !      X     !            !            !   => r1          !
00128           u4          !   X     !      X     !      X     !            !   => r1,r2       !
00129           u5(r1)      !         !      X     !      X     !            !   => r1,r2       !
00130           u6(r1)      !         !            !      X     !            !   => r1,r2       !
00131           u7(r1)      !         !            !            !     X      !   => r1,r2,r3    !
00132           ---------------------------------------------------------------------------------
00133 
00134         It also creates a 'lr' folder in which g1 group and u3 and u6 are granted r3 role.
00135 
00136 
00137         And then, it creates nested groups as follow (-> = belongs to group...):
00138 
00139              u/g   !  belongs to... ! resulting roles                     !
00140          ----------!----------------!-------------------------------------!
00141           ng1      !   g1           ! (no role)                           !
00142           ng2      !   g2, g3       ! r1, r2                              !
00143           ng3      !   g2, ng2      ! r1, r2                              !
00144           ng4(r3)  !   g2, ng2      ! r1, r2, r3                          !
00145           ng5      !   g2, ng4      ! r1, r2, r3                          !
00146           ng6      !   ng5, ng6     ! r1, r2, r3 (no circ. ref)           !
00147           u8       !   ng1          ! (no role)                           !
00148           u9       !   g1, ng2      ! r1, r2                              !
00149           u10      !   ng2, ng3     ! r1, r2                              !
00150           u11(r3)  !   ng2, ng3     ! r1, r2, r3                          !
00151           u12      !   ng5, ng6     ! r1, r2, r3                          !
00152          -----------------------------------------------------------------!
00153 
00154          Plus we have the following local roles matrix (roles inside parenthesis are implicitly
00155          user-defined, roles inside brackets are implicitly lr-defined).
00156 
00157          folder
00158            |
00159            |-- acl_users (GRUF)
00160            |
00161            |                                          r1    r2    r3
00162            |                             /--
00163            |                             | group_g1               x
00164            |-- lr                        | u3        (x)          x
00165                |                         | u6        (x)   (x)    x
00166                |                         \--
00167                |
00168                |                         /--
00169                |                         | group_g1              [x]
00170                |-- sublr                 | u3        (x)    x    [x]
00171                |                         | u6        (x)    x*   [x]
00172                |                         \--
00173                |
00174                |                         /--
00175                |                         | group_g1              [x]
00176                |-- sublr2                | u3        (x)    x    [x]
00177                |   |                     | u6        (x)    x*   [x]
00178                |   |                     \--
00179                |   |
00180                |   |                     /--
00181                |   |                     | group_g1              [x]
00182                |   |-- subsublr2         | u3        (x)   [x]   [x]
00183                |                         | u6        (x)  [(x)]  [x]
00184                |                         \--
00185                |
00186          (now we block local roles under this branch)
00187                |
00188                |                         /--
00189                |                         | group_g1              
00190                |-- sublr3                | u3        (x)    x    
00191                    |                     | u6        (x)    x*   
00192                    |                     \--
00193                    |
00194                    |                     /--
00195                    |                     | group_g1              
00196                    |-- subsublr3         | u3        (x)   [x]   
00197                                          | u6        (x)  [(x)]  
00198                                          \--
00199                                          
00200         *: u6 will have r2 as a localrole AND a userdefined role.
00201         """
00202         # Create a few roles
00203         self.gruf.userFolderAddRole("r1")
00204         self.gruf.userFolderAddRole("r2")
00205         self.gruf.userFolderAddRole("r3")
00206 
00207         # Set View permission on those roles
00208         permissions = self.gruf_folder.ac_inherited_permissions(1)
00209         for ip in range(len(permissions)):
00210             name, value = permissions[ip][:2]
00211             if name == "View":
00212                 break
00213         p=Permission.Permission(name,value, self.gruf_folder)
00214         p.setRoles(("r1", "r2", "r3", ))
00215 
00216         # Setup users and groups
00217         self.security_context_setup_groups()
00218         self.security_context_setup_users()
00219         
00220         # Create a few folders to play with
00221         self.gruf_folder.manage_addProduct['OFSP'].manage_addFolder('lr')
00222         lr = self.gruf_folder.lr
00223         lr.manage_addProduct['OFSP'].manage_addFolder("sublr")
00224         sublr = self.gruf_folder.lr.sublr
00225         lr.manage_addProduct['OFSP'].manage_addFolder("sublr2")
00226         sublr2 = self.gruf_folder.lr.sublr2
00227         sublr2.manage_addProduct['OFSP'].manage_addFolder("subsublr2")
00228         subsublr2 = self.gruf_folder.lr.sublr2.subsublr2
00229         lr.manage_addProduct['OFSP'].manage_addFolder("sublr3")
00230         sublr3 = self.gruf_folder.lr.sublr3
00231         sublr3.manage_addProduct['OFSP'].manage_addFolder("subsublr3")
00232         subsublr3 = self.gruf_folder.lr.sublr3.subsublr3
00233         self.gruf._acquireLocalRoles(sublr3, 0)
00234         lr.manage_addLocalRoles("group_g1", ("r3", ))
00235         lr.manage_addLocalRoles("u3", ("r3", ))
00236         lr.manage_addLocalRoles("u6", ("r3", ))
00237         sublr.manage_addLocalRoles("u3", ("r2", ))
00238         sublr.manage_addLocalRoles("u6", ("r2", ))
00239         sublr2.manage_addLocalRoles("u3", ("r2", ))
00240         sublr2.manage_addLocalRoles("u6", ("r2", ))
00241         sublr3.manage_addLocalRoles("u3", ("r2", ))
00242         sublr3.manage_addLocalRoles("u6", ("r2", ))
00243         self.lr = lr
00244         self.sublr = sublr
00245         self.sublr2 = sublr2
00246         self.sublr3 = sublr3
00247         self.subsublr2 = subsublr2
00248         self.subsublr3 = subsublr3
00249 

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 250 of file GRUFTestCase.py.

00250 
00251     def security_context_setup_users(self,):
00252         # Create a manager and a few users
00253         self.gruf.userFolderAddUser('manager', 'secret', ('Manager',), (), (), )
00254         self.gruf.userFolderAddUser('u1', 'secret', (), (), (), )
00255         self.gruf.userFolderAddUser('u2', 'secret', (), (), ('g1', ), )
00256         self.gruf.userFolderAddUser('u3', 'secret', (), (), ('g1', 'g2'), )
00257         self.gruf.userFolderAddUser('u4', 'secret', (), (), ('g1', 'g2', 'g3'), )
00258         self.gruf.userFolderAddUser('u5', 'secret', ('r1', ), (), ('g2', 'g3'), )
00259         self.gruf.userFolderAddUser('u6', 'secret', ('r1', ), (), ('g3', ), )
00260         self.gruf.userFolderAddUser('u7', 'secret', ('r1', ), (), ('g4', ), )
00261 
00262         # Create nested-groups users
00263         self.gruf.userFolderAddUser('u8', 'secret', (), (), ('ng1', ), )        
00264         self.gruf.userFolderAddUser('u9', 'secret', (), (), ('g1', 'ng2', ), )
00265         self.gruf.userFolderAddUser('u10', 'secret', (), (), ('ng2', 'ng3', ), )        
        self.gruf.userFolderAddUser('u11', 'secret', ('r3', ), (), ('ng2', 'ng3', ), )        

Here is the caller graph for this function:

Ensure LDAP is up and running

Reimplemented in GroupUserFolder.tests.testLDAPGroupFolder.TestLDAPUserFolderGroups.

Definition at line 162 of file testLDAPUserFolder.py.

00162 
00163     def test01_LDAPUp(self,):
00164         """Ensure LDAP is up and running
00165         """
00166         self.gruf.Users.acl_users.getUsers()
00167 
00168 


Member Data Documentation

Definition at line 95 of file GRUFTestCase.py.

Definition at line 93 of file GRUFTestCase.py.

Definition at line 242 of file GRUFTestCase.py.

Definition at line 243 of file GRUFTestCase.py.

Definition at line 244 of file GRUFTestCase.py.

Definition at line 245 of file GRUFTestCase.py.

Definition at line 246 of file GRUFTestCase.py.

Definition at line 247 of file GRUFTestCase.py.


The documentation for this class was generated from the following file: