Back to index

plone3  3.1.7
test_FSSecurity.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2002 Zope Corporation and Contributors. All Rights Reserved.
00004 #
00005 # This software is subject to the provisions of the Zope Public License,
00006 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
00007 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00008 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00009 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00010 # FOR A PARTICULAR PURPOSE.
00011 #
00012 ##############################################################################
00013 """ Unit tests for security on FS* modules.
00014 
00015 $Id: test_FSSecurity.py 77186 2007-06-28 19:06:19Z yuppie $
00016 """
00017 
00018 import unittest
00019 import Testing
00020 
00021 from time import sleep
00022 
00023 from AccessControl.Permission import Permission
00024 from Globals import DevelopmentMode
00025 
00026 from Products.CMFCore.tests.base.testcase import LogInterceptor
00027 from Products.CMFCore.tests.base.testcase import RequestTest
00028 from Products.CMFCore.tests.base.testcase import WritableFSDVTest
00029 
00030 
00031 class FSSecurityBase(RequestTest, WritableFSDVTest, LogInterceptor):
00032 
00033     def _checkSettings(self, object, permissionname, acquire=0, roles=[]):
00034         # check the roles and acquire settings for a permission on an
00035         # object are as expected
00036         happy = 0
00037         for pstuff in object.ac_inherited_permissions(1):
00038             name, value = pstuff[:2]
00039             if name == permissionname:
00040                 p = Permission(name, value, object)
00041                 groles = p.getRoles(default=[])
00042                 acquired = isinstance(groles, list)
00043                 expected = {}
00044                 for role in roles:
00045                     expected[role] = 1
00046                 got = {}
00047                 for role in groles:
00048                     got[role] = 1
00049                 self.assertEqual((acquire, expected), (acquired, got))
00050                 happy = 1
00051         if not happy:
00052             raise ValueError("'%s' not found in inherited permissions."
00053                              % permissionname)
00054 
00055     def setUp( self ):
00056         # initialise skins
00057         WritableFSDVTest.setUp(self)
00058         self._registerDirectory(self)
00059         # set up ZODB
00060         RequestTest.setUp(self)
00061         # put object in ZODB
00062         root=self.root
00063         try: root._delObject('fake_skin')
00064         except AttributeError: pass
00065         root._setObject( 'fake_skin', self.ob.fake_skin )
00066 
00067     def tearDown( self ):
00068         RequestTest.tearDown(self)
00069         WritableFSDVTest.tearDown(self)
00070         self._ignore_log_errors()
00071         self._ignore_log_errors(subsystem='CMFCore.DirectoryView')
00072 
00073 
00074 class FSSecurityTests( FSSecurityBase, LogInterceptor ):
00075 
00076     def test_basicPermissions( self ):
00077         # Test basic FS permissions
00078         # check a normal method is as we'd expect
00079         self._checkSettings(self.ob.fake_skin.test1,'View',1,[])
00080         # now do some checks on the method with FS permissions
00081         self._checkSettings(self.ob.fake_skin.test4,'View',1,['Manager','Owner'])
00082         self._checkSettings(self.ob.fake_skin.test4,'Access contents information',0,[])
00083 
00084     def test_invalidPermissionNames( self ):
00085         import logging
00086         self._catch_log_errors(logging.ERROR,subsystem='CMFCore.DirectoryView')
00087         # Test for an invalid permission name
00088         # baseline
00089         self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00090         # add .rpm with dodgy permission name
00091         self._writeFile('test5.py.security','Access stoopid contents::')
00092         # check baseline
00093         self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00094 
00095     def test_invalidAcquireNames( self ):
00096         # Test for an invalid spelling of acquire
00097         # baseline
00098         self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00099         # add dodgy .rpm
00100         self._writeFile('test5.py.security','View:aquire:')
00101         # check baseline
00102         self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00103 
00104 if DevelopmentMode:
00105 
00106     class DebugModeTests( FSSecurityBase ):
00107 
00108         def test_addPRM( self ):
00109             # Test adding of a .security
00110             # baseline
00111             self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00112             # add
00113             self._writeFile('test5.py.security','View:acquire:Manager')
00114             # test
00115             self._checkSettings(self.ob.fake_skin.test5,'View',1,['Manager'])
00116 
00117         def test_delPRM( self ):
00118             # Test deleting of a .security
00119             # baseline
00120             self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00121             self._writeFile('test5.py.security','View:acquire:Manager')
00122             self._checkSettings(self.ob.fake_skin.test5,'View',1,['Manager'])
00123             # delete
00124             self._deleteFile('test5.py.security')
00125             # test
00126             self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00127 
00128         def test_editPRM( self ):
00129             # Test editing a .security
00130             # we need to wait a second here or the mtime will actually
00131             # have the same value as set in the last test.
00132             # Maybe someone brainier than me can figure out a way to make this
00133             # suck less :-(
00134             sleep(1)
00135 
00136             # baseline
00137             self._writeFile('test5.py.security','View::Manager,Anonymous')
00138             self._checkSettings(self.ob.fake_skin.test5,'View',0,['Manager','Anonymous'])
00139             # edit
00140             self._writeFile('test5.py.security','View:acquire:Manager')
00141             # test
00142             self._checkSettings(self.ob.fake_skin.test5,'View',1,['Manager'])
00143 
00144         def test_DelAddEditPRM( self ):
00145             # Test deleting, then adding, then editing a .security file
00146             # baseline
00147             self._writeFile('test5.py.security','View::Manager')
00148             # delete
00149             self._deleteFile('test5.py.security')
00150             self._checkSettings(self.ob.fake_skin.test5,'View',1,[])
00151 
00152             # we need to wait a second here or the mtime will actually
00153             # have the same value, no human makes two edits in less
00154             # than a second ;-)
00155             sleep(1)
00156 
00157             # add back
00158             self._writeFile('test5.py.security','View::Manager,Anonymous')
00159             self._checkSettings(self.ob.fake_skin.test5,'View',0,['Manager','Anonymous'])
00160 
00161             # edit
00162             self._writeFile('test5.py.security','View:acquire:Manager')
00163             # test
00164             self._checkSettings(self.ob.fake_skin.test5,'View',1,['Manager'])
00165 
00166 else:
00167 
00168     class DebugModeTests( FSSecurityBase ):
00169         pass
00170 
00171 
00172 def test_suite():
00173     return unittest.TestSuite((
00174         unittest.makeSuite(FSSecurityTests),
00175         unittest.makeSuite(DebugModeTests),
00176         ))
00177 
00178 if __name__ == '__main__':
00179     unittest.main(defaultTest='test_suite')