Back to index

plone3  3.1.7
Classes | Functions | Variables
GroupUserFolder.tests.testGroupUserFolder Namespace Reference

Classes

class  TestGroupUserFolder
class  TestGroupUserFolderCopy

Functions

def test04localRoles
 self.failUnless(self.compareGroups("ng6", ("ng5", )))
def test05nestedGroups
def test06doubleNesting
 self.failUnless(self.compareRoles(None, "group_ng6", ()))
def test08traversal
def test10GRUFMethods
def test11LocalRoleBlocking
def test12LocalRoleSecurity
def test13TestCMFLRBehaviour
def test14Allowed
def test15user_names
def test16user_group_same_name
def test17AnonymousGetLocalRolesForDisplay
def test18ManagePropertiesInformationGetLocalRolesForDisplay
def test19ManagePropertiesInformationGetLocalRolesForDisplay
def _mergedLocalRoles
def test_suite

Variables

string __version__ = "$Revision: $"
 GroupUserFolder Copyright (C)2006 Ingeniweb.
string __docformat__ = 'restructuredtext'
tuple app = ZopeTestCase.app()
string base = 'http://%s:%d/%s'

Function Documentation

Returns a merging of object and its ancestors'
__ac_local_roles__.
This will call gruf's methods. It's made that may to mimic the
usual CMF code.

Definition at line 490 of file testGroupUserFolder.py.

00490 
00491 def _mergedLocalRoles(object):
00492     """Returns a merging of object and its ancestors'
00493     __ac_local_roles__.
00494     This will call gruf's methods. It's made that may to mimic the
00495     usual CMF code."""
00496     return object.acl_users._getAllLocalRoles(object)
00497 
00498 
00499 #                                                   #
00500 #                 Copy / Paste support              #
00501 #                                                   #

Here is the caller graph for this function:

self.failUnless(self.compareGroups("ng6", ("ng5", )))

    self.failUnless(self.compareGroups("u12", ()))  @verbatim 

Test the security matrix on a local role

We just check that people has the right roles

Definition at line 199 of file testGroupUserFolder.py.

00199 
00200     def test04localRoles(self,):
00201         """
00202         Test the security matrix on a local role
00203 
00204         We just check that people has the right roles
00205         """
00206         self.failUnless(self.compareRoles(self.gruf_folder, "u1", ()))
00207         self.failUnless(self.compareRoles(self.gruf_folder, "u2", ()))
00208         self.failUnless(self.compareRoles(self.gruf_folder, "u3", ("r1", )))
00209         self.failUnless(self.compareRoles(self.gruf_folder, "u4", ("r1", "r2", )))
00210         self.failUnless(self.compareRoles(self.gruf_folder, "u5", ("r1", "r2", )))
00211         self.failUnless(self.compareRoles(self.gruf_folder, "u6", ("r1", "r2", )))
00212         self.failUnless(self.compareRoles(self.gruf_folder, "u7", ("r1", "r2", "r3", )))
00213 
00214         self.failUnless(self.compareRoles(self.lr, "u1", ()))
00215         self.failUnless(self.compareRoles(self.lr, "u2", ("r3", )))
00216         self.failUnless(self.compareRoles(self.lr, "u3", ("r1", "r3", )))
00217         self.failUnless(self.compareRoles(self.lr, "u4", ("r1", "r2", "r3", )))
00218         self.failUnless(self.compareRoles(self.lr, "u5", ("r1", "r2", )))
00219         self.failUnless(self.compareRoles(self.lr, "u6", ("r1", "r2", "r3", )))
00220         self.failUnless(self.compareRoles(self.lr, "u7", ("r1", "r2", "r3", )))
00221 
00222         self.failUnless(self.compareRoles(self.sublr, "u2", ("r3", )))
00223         self.failUnless(self.compareRoles(self.sublr, "u3", ("r1", "r2", "r3", )))
00224         self.failUnless(self.compareRoles(self.sublr, "u6", ("r1", "r2", "r3", )))
00225 
00226         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00227         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00228         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00229 
00230         self.failUnless(self.compareRoles(self.subsublr2, "u2", ("r3", )))
00231         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", "r3", )))
00232         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", "r3", )))
00233 
00234         self.failUnless(self.compareRoles(self.sublr3, "u2", ()))
00235         self.failUnless(self.compareRoles(self.sublr3, "u3", ("r1", "r2", )))
00236         self.failUnless(self.compareRoles(self.sublr3, "u6", ("r1", "r2", )))
00237 
00238         self.failUnless(self.compareRoles(self.subsublr3, "u2", ()))
00239         self.failUnless(self.compareRoles(self.subsublr3, "u3", ("r1", "r2", )))
00240         self.failUnless(self.compareRoles(self.subsublr3, "u6", ("r1", "r2", )))
00241 
        
Test security on nested groups

Definition at line 242 of file testGroupUserFolder.py.

00242 
00243     def test05nestedGroups(self,):
00244         """
00245         Test security on nested groups
00246         """
00247         # Test group roles
00248         self.failUnless(self.compareRoles(None, "group_ng1", ()))
00249         self.failUnless(self.compareRoles(None, "group_ng2", ('r1', 'r2', )))
00250         self.failUnless(self.compareRoles(None, "group_ng3", ('r1', 'r2', )))
00251         self.failUnless(self.compareRoles(None, "group_ng4", ('r1', 'r2', 'r3', )))
        self.failUnless(self.compareRoles(None, "group_ng5", ('r1', 'r2', 'r3', )))

self.failUnless(self.compareRoles(None, "group_ng6", ()))

    self.failUnless(self.compareRoles(None, "u12", ("r1", "r2", "r3")))         self.failUnless(self.compareRoles(self.gruf_folder.lr, "u12", ("r1", "r2", "r3")))  @verbatim 

Test against double nesting

Definition at line 269 of file testGroupUserFolder.py.

00269 
00270     def test06doubleNesting(self,):
00271         """
00272         Test against double nesting
00273         """
00274         self.failUnless(self.compareGroups("group_compta", ('intranet', 'extranet', )))
00275 

test traversal to ensure management screens are correctly accessible

Definition at line 276 of file testGroupUserFolder.py.

00276 
00277     def test08traversal(self,):
00278         """
00279         test traversal to ensure management screens are correctly accessible
00280         """
00281         # Check if we can traverse a GRUF to fetch a user (check a dummy method on it)
00282         traversed = self.gruf.restrictedTraverse("u1")
00283         Log(LOG_DEBUG, traversed)
00284         self.failUnless(traversed.meta_type == "Group User Folder")
00285 
00286         # Now, do the same but with a folder of the same name
00287         self.gruf_folder.manage_addProduct['OFSP'].manage_addFolder('u1')
00288         traversed = self.gruf.restrictedTraverse("u1")
00289         Log(LOG_DEBUG, traversed)
00290         self.failUnless(traversed.meta_type == "Group User Folder")
00291 

Here is the call graph for this function:

We test that GRUF's API is well protected

Definition at line 296 of file testGroupUserFolder.py.

00296 
00297     def test10GRUFMethods(self,):
00298         """
00299         We test that GRUF's API is well protected
00300         """
00301         self.assertRaises(Unauthorized, self.gruf_folder.restrictedTraverse, 'acl_users/getGRUFPhysicalRoot')
00302         self.assertRaises(Unauthorized, self.gruf_folder.restrictedTraverse, 'acl_users/getGRUFPhysicalRoot')
00303         #urllib.urlopen(base+'/acl_users/getGRUFId')
00304 

We block LR acquisition on sublr2.
See GRUFTestCase to understand what happens (basically, roles in brackets
will be removed from sublr2).

Definition at line 309 of file testGroupUserFolder.py.

00309 
00310     def test11LocalRoleBlocking(self,):
00311         """
00312         We block LR acquisition on sublr2.
00313         See GRUFTestCase to understand what happens (basically, roles in brackets
00314         will be removed from sublr2).
00315         """
00316         # Initial check
00317         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00318         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00319         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00320         self.failUnless(self.compareRoles(self.subsublr2, "u2", ("r3", )))
00321         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", "r3", )))
00322         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", "r3", )))
00323         
00324         # Disable LR acquisition on sublr2 and test the stuff
00325         self.gruf._acquireLocalRoles(self.sublr2, 0)
00326         self.failUnless(self.compareRoles(self.sublr2, "u2", ()))
00327         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", )))
00328         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", )))
00329         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00330         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", "r2", )))
00331         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))
00332 
00333         # Now we disable LR acq. on subsublr2 and check what happens
00334         self.gruf._acquireLocalRoles(self.subsublr2, 0)
00335         self.failUnless(self.compareRoles(self.sublr2, "u2", ()))
00336         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", )))
00337         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", )))
00338         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00339         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", )))
00340         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))
00341 
00342         # We enable back on sublr2. subsublr2 mustn't change.
00343         self.gruf._acquireLocalRoles(self.sublr2, 1)
00344         self.failUnless(self.compareRoles(self.sublr2, "u2", ("r3", )))
00345         self.failUnless(self.compareRoles(self.sublr2, "u3", ("r1", "r2", "r3", )))
00346         self.failUnless(self.compareRoles(self.sublr2, "u6", ("r1", "r2", "r3", )))
00347         self.failUnless(self.compareRoles(self.subsublr2, "u2", ()))
00348         self.failUnless(self.compareRoles(self.subsublr2, "u3", ("r1", )))
00349         self.failUnless(self.compareRoles(self.subsublr2, "u6", ("r1", "r2", )))

Access TTW

Definition at line 350 of file testGroupUserFolder.py.

00350 
00351     def test12LocalRoleSecurity(self):
00352         """Access TTW
00353         """
00354         try:
00355             self.gruf.acquireLocalRoles(self.sublr2, 1)
00356         except:
00357             failed = 1
00358         else:
00359             failed = 0
00360 
00361         if getSecurityManager().checkPermission(Permissions.change_permissions, self.sublr2,):
00362             self.failUnless(not failed, "Must have the permission here.")
00363         else:
00364             self.failUnless(failed, "Must NOT have the permission here.")
00365 

Special test to check that CMF's allowedRolesAndUsers is okay

Definition at line 366 of file testGroupUserFolder.py.

00366 
00367     def test13TestCMFLRBehaviour(self,):
00368         """Special test to check that CMF's allowedRolesAndUsers is okay
00369         """
00370         # Allowed patterns
00371         normal_allowed = ['r1', 'r2', 'r3', 'user:group_g1', 'user:u6', 'user:u3']
00372         normal_allowed.sort()
00373         blocked_allowed = ["r1", "r2", "r3", "user:u3", "user:u6", ]
00374         blocked_allowed.sort()
00375             
00376         # Normal behaviour
00377         ob = self.subsublr2
00378         allowed = {}
00379         for r in rolesForPermissionOn('View', ob):
00380             allowed[r] = 1
00381         localroles = _mergedLocalRoles(ob)
00382         for user, roles in localroles.items():
00383             for role in roles:
00384                 if allowed.has_key(role):
00385                     allowed['user:' + user] = 1
00386         if allowed.has_key('Owner'):
00387             del allowed['Owner']
00388         allowed = list(allowed.keys())
00389         allowed.sort()
00390         self.failUnlessEqual(allowed, normal_allowed)
00391 
00392         # LR-blocking behaviour
00393         self.gruf._acquireLocalRoles(self.sublr2, 0)
00394         ob = self.subsublr2
00395         allowed = {}
00396         for r in rolesForPermissionOn('View', ob):
00397             allowed[r] = 1
00398         localroles = _mergedLocalRoles(ob)
00399         for user, roles in localroles.items():
00400             for role in roles:
00401                 if allowed.has_key(role):
00402                     allowed['user:' + user] = 1
00403         if allowed.has_key('Owner'):
00404             del allowed['Owner']
00405         allowed = list(allowed.keys())
00406         allowed.sort()
00407         self.failUnlessEqual(allowed, blocked_allowed)
00408 

Here is the call graph for this function:

Test if the allowed() method is working properly.
We check the roles on lr, and then on sublr2 after local role blocking tweaking.

Definition at line 409 of file testGroupUserFolder.py.

00409 
00410     def test14Allowed(self,):
00411         """Test if the allowed() method is working properly.
00412         We check the roles on lr, and then on sublr2 after local role blocking tweaking.
00413         """
00414         u2 = self.gruf.getUser("u2")            # Belongs to group_g1
00415         u3 = self.gruf.getUser("u3")
00416         u6 = self.gruf.getUser("u6")
00417 
00418         # Positive assertions
00419         self.failUnless(u2.allowed(self.lr, ("r3", )))
00420         self.failUnless(u3.allowed(self.lr, ("r1", "r3", )))
00421         self.failUnless(u6.allowed(self.lr, ("r1", "r2", "r3", )))
00422         self.failUnless(u2.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00423         self.failUnless(u3.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00424         self.failUnless(u6.allowed(self.subsublr2, ("r1", "r2", "r3", )))
00425         self.failUnless(u3.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00426         self.failUnless(u6.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00427 
00428         # Negative assertions
00429         self.failUnless(not u2.allowed(self.lr, ("r1", "r2", )))
00430         self.failUnless(not u3.allowed(self.lr, ("r2", )))
00431         self.failUnless(not u2.allowed(self.subsublr2, ("r1", "r2", )))
00432         self.failUnless(not u2.allowed(self.subsublr3, ("r1", "r2", "r3", )))
00433         self.failUnless(not u3.allowed(self.subsublr3, ("r3", )))
00434         self.failUnless(not u6.allowed(self.subsublr3, ("r3", )))
00435 

test15user_names(self,) => check if the user_names() method return user IDS and
not user NAMES... This is an inconsistency in Zope's code...

Definition at line 436 of file testGroupUserFolder.py.

00436 
00437     def test15user_names(self,):
00438         """test15user_names(self,) => check if the user_names() method return user IDS and
00439         not user NAMES... This is an inconsistency in Zope's code...
00440         """
00441         un = self.gruf.user_names()
00442         users = [
00443             'group_g1', 'group_g2', "group_g3", "group_g4",
00444             "group_ng1", "group_ng2", "group_ng3", "group_ng4", "group_ng5",
00445             "manager",
00446             "u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10", "u11",
00447             "group_extranet", "group_intranet", "group_compta",
00448             ]
00449         un.sort()
00450         users.sort()
00451         for u in users:
00452             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00453         for u in un:
00454             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))

getLocalRolesForDisplay should know whether the local role on an object
belongs to a group or a user even if the two share a name.

Definition at line 455 of file testGroupUserFolder.py.

00455 
00456     def test16user_group_same_name(self):
00457         """getLocalRolesForDisplay should know whether the local role on an object
00458         belongs to a group or a user even if the two share a name.
00459         """
00460         # So we are allowed to call getLocalRolesForDisplay
00461         self.setPermissions([Permissions.manage_properties])
00462         self.gruf.userFolderAddGroup('foo', ('r1', ))
00463         self.gruf.userFolderAddUser('foo', 'secret', (), (), ('foo', ), )
00464         lr = self.gruf_folder.lr
00465         lr.manage_addProduct['OFSP'].manage_addFolder("foo_lr")
00466         foo_lr = lr.foo_lr
00467         foo_lr.manage_addLocalRoles("foo", ("r3", ))
00468         roles_map = self.gruf.getLocalRolesForDisplay(foo_lr)
00469         self.failUnless(('foo',('r3',),'user','foo') in roles_map)
00470         foo_lr.manage_addLocalRoles("group_foo", ("r2", ))
00471         roles_map = self.gruf.getLocalRolesForDisplay(foo_lr)
00472         self.failUnless(('foo',('r2',),'group','group_foo') in roles_map)

Definition at line 473 of file testGroupUserFolder.py.

00473 
00474     def test17AnonymousGetLocalRolesForDisplay(self):
00475         # getLocalRolesForDisplay should raise Unauthorized for Anonymous
00476         self.logout()
00477         self.assertRaises(Unauthorized, self.gruf.getLocalRolesForDisplay, self.gruf_folder)

Definition at line 478 of file testGroupUserFolder.py.

00478 
00479     def test18ManagePropertiesInformationGetLocalRolesForDisplay(self):
00480         # getLocalRolesForDisplay should raise Unauthorized for users
00481         # without Manage properties permission
00482         self.assertRaises(Unauthorized, self.gruf.getLocalRolesForDisplay, self.gruf_folder)

Definition at line 483 of file testGroupUserFolder.py.

00483 
00484     def test19ManagePropertiesInformationGetLocalRolesForDisplay(self):
00485         # getLocalRolesForDisplay should work for users with
00486         # Manage properties permission
00487         self.setPermissions([Permissions.manage_properties])
00488         self.gruf.getLocalRolesForDisplay(self.gruf_folder)
00489 

Definition at line 543 of file testGroupUserFolder.py.

00543 
00544     def test_suite():
00545         suite = unittest.TestSuite()
00546         suite.addTest(unittest.makeSuite(TestGroupUserFolder))
00547         suite.addTest(unittest.makeSuite(TestGroupUserFolderCopy))
00548         return suite

Variable Documentation

Definition at line 24 of file testGroupUserFolder.py.

GroupUserFolder Copyright (C)2006 Ingeniweb.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

Definition at line 21 of file testGroupUserFolder.py.

Definition at line 46 of file testGroupUserFolder.py.

Definition at line 52 of file testGroupUserFolder.py.