Back to index

plone3  3.1.7
test_ZODBRoleManager.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights
00004 # Reserved.
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 import unittest
00016 
00017 from Products.PluggableAuthService.tests.conformance \
00018     import IRolesPlugin_conformance
00019 from Products.PluggableAuthService.tests.conformance \
00020     import IRoleEnumerationPlugin_conformance
00021 from Products.PluggableAuthService.tests.conformance \
00022     import IRoleAssignerPlugin_conformance
00023 
00024 from Products.PluggableAuthService.plugins.tests.helpers \
00025      import FauxPAS, FauxSmartPAS, DummyUser, makeRequestAndResponse
00026 
00027 class ZODBRoleManagerTests( unittest.TestCase
00028                           , IRolesPlugin_conformance
00029                           , IRoleEnumerationPlugin_conformance
00030                           , IRoleAssignerPlugin_conformance
00031                           ):
00032 
00033     def _getTargetClass( self ):
00034 
00035         from Products.PluggableAuthService.plugins.ZODBRoleManager \
00036             import ZODBRoleManager
00037 
00038         return ZODBRoleManager
00039 
00040     def _makeOne( self, id='test', *args, **kw ):
00041 
00042         return self._getTargetClass()( id=id, *args, **kw )
00043 
00044     def test_empty( self ):
00045 
00046         zrm = self._makeOne()
00047 
00048         self.assertEqual( len( zrm.listRoleIds() ), 0 )
00049         self.assertEqual( len( zrm.enumerateRoles() ), 0 )
00050 
00051         user = DummyUser( 'userid' )
00052         roles = zrm.getRolesForPrincipal( user )
00053         self.assertEqual( len( roles ), 0 )
00054 
00055     def test_addRole( self ):
00056 
00057         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00058             import FauxRoot
00059 
00060         root = FauxRoot()
00061         zrm = self._makeOne().__of__( root )
00062 
00063         zrm.addRole( 'roleid', 'Role', 'This is a role' )
00064 
00065         role_ids = zrm.listRoleIds()
00066         self.assertEqual( len( role_ids ), 1 )
00067         self.assertEqual( role_ids[0], 'roleid' )
00068 
00069         info_list = zrm.enumerateRoles()
00070         self.assertEqual( len( info_list ), 1 )
00071         info = info_list[ 0 ]
00072         self.assertEqual( info[ 'id' ], 'roleid' )
00073 
00074     def test_addRole_duplicate_check( self ):
00075 
00076         zrm = self._makeOne()
00077 
00078         zrm.addRole( 'roleid', 'Role', 'This is a role' )
00079 
00080         self.assertRaises( KeyError, zrm.addRole
00081                          , 'roleid', 'Alias', 'duplicate' )
00082 
00083     def test_removeRole_nonesuch( self ):
00084 
00085         zrm = self._makeOne()
00086 
00087         self.assertRaises( KeyError, zrm.removeRole, 'nonesuch' )
00088 
00089     def test_removeRole_valid_id( self ):
00090 
00091         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00092             import FauxRoot
00093 
00094         root = FauxRoot()
00095         zrm = self._makeOne().__of__( root )
00096 
00097         zrm.addRole( 'roleid', 'Role', 'This is a role' )
00098         zrm.addRole( 'doomed', 'Fatal', 'rust never sleeps' )
00099 
00100         zrm.removeRole( 'doomed' )
00101 
00102         role_ids = zrm.listRoleIds()
00103         self.assertEqual( len( role_ids ), 1 )
00104         self.assertEqual( len( zrm.enumerateRoles() ), 1 )
00105         self.assertEqual( role_ids[0], 'roleid' )
00106 
00107     def test_enumerateRoles_no_criteria( self ):
00108 
00109         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00110             import FauxRoot
00111 
00112         root = FauxRoot()
00113         zrm = self._makeOne( id='no_crit' ).__of__( root )
00114 
00115         ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
00116 
00117         for id in ID_LIST:
00118 
00119             zrm.addRole( id, 'Role %s' % id, 'This is role, %s' % id )
00120 
00121         info_list = zrm.enumerateRoles()
00122 
00123         self.assertEqual( len( info_list ), len( ID_LIST ) )
00124 
00125         sorted = list( ID_LIST )
00126         sorted.sort()
00127 
00128         for i in range( len( sorted ) ):
00129 
00130             self.assertEqual( info_list[ i ][ 'id' ], sorted[ i ] )
00131             self.assertEqual( info_list[ i ][ 'pluginid' ], 'no_crit' )
00132             self.assertEqual( info_list[ i ][ 'properties_url' ]
00133                             , 'no_crit/manage_roles?role_id=%s' % sorted[ i ])
00134             self.assertEqual( info_list[ i ][ 'members_url' ]
00135                             , 'no_crit/manage_roles?role_id=%s&assign=1'
00136                                 % sorted[ i ])
00137 
00138     def test_enumerateRoles_exact( self ):
00139 
00140         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00141             import FauxRoot
00142 
00143         root = FauxRoot()
00144         zrm = self._makeOne( id='exact' ).__of__( root )
00145 
00146         ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
00147 
00148         for id in ID_LIST:
00149 
00150             zrm.addRole( id, 'Role %s' % id, 'This is role, %s' % id )
00151 
00152         info_list = zrm.enumerateRoles( id='bar', exact_match=True )
00153 
00154         self.assertEqual( len( info_list ), 1 )
00155         info = info_list[ 0 ]
00156 
00157         self.assertEqual( info[ 'id' ], 'bar' )
00158         self.assertEqual( info[ 'pluginid' ], 'exact' )
00159         self.assertEqual( info[ 'properties_url' ]
00160                         , 'exact/manage_roles?role_id=bar' )
00161         self.assertEqual( info[ 'members_url' ]
00162                         , 'exact/manage_roles?role_id=bar&assign=1' )
00163         self.assertEqual( info[ 'title' ], 'Role bar' )
00164         self.assertEqual( info[ 'description' ], 'This is role, bar' )
00165 
00166 
00167     def test_enumerateRoles_partial( self ):
00168 
00169         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00170             import FauxRoot
00171 
00172         root = FauxRoot()
00173         zrm = self._makeOne( id='partial' ).__of__( root )
00174 
00175         ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
00176 
00177         for id in ID_LIST:
00178 
00179             zrm.addRole( id, 'Role %s' % id, 'This is role, %s' % id )
00180 
00181         info_list = zrm.enumerateRoles( id='ba', exact_match=False )
00182 
00183         self.assertEqual( len( info_list ), len( ID_LIST ) - 1 ) # no 'foo'
00184 
00185         sorted = list( ID_LIST )
00186         sorted.sort()
00187 
00188         for i in range( len( sorted ) - 1 ):
00189 
00190             self.assertEqual( info_list[ i ][ 'id' ], sorted[ i ] )
00191             self.assertEqual( info_list[ i ][ 'pluginid' ], 'partial' )
00192             self.assertEqual( info_list[ i ][ 'properties_url' ]
00193                             , 'partial/manage_roles?role_id=%s' % sorted[ i ])
00194             self.assertEqual( info_list[ i ][ 'members_url' ]
00195                             , 'partial/manage_roles?role_id=%s&assign=1' 
00196                                 % sorted[ i ])
00197             self.assertEqual( info_list[ i ][ 'title' ]
00198                             , 'Role %s' % sorted[ i ] )
00199             self.assertEqual( info_list[ i ][ 'description' ]
00200                             , 'This is role, %s' % sorted[ i ] )
00201 
00202     def test_enumerateRoles_multiple( self ):
00203 
00204         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00205             import FauxRoot
00206 
00207         root = FauxRoot()
00208         zrm = self._makeOne( id='partial' ).__of__( root )
00209 
00210         ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
00211 
00212         for id in ID_LIST:
00213 
00214             zrm.addRole( id, 'Role %s' % id, 'This is role, %s' % id )
00215 
00216         info_list = zrm.enumerateRoles( id=ID_LIST )
00217 
00218         self.assertEqual( len( info_list ), len( ID_LIST ) )
00219 
00220         for info in info_list:
00221             self.failUnless( info[ 'id' ] in ID_LIST )
00222 
00223         SUBSET = ID_LIST[:3]
00224 
00225         info_list = zrm.enumerateRoles( id=SUBSET )
00226 
00227         self.assertEqual( len( info_list ), len( SUBSET ) )
00228 
00229         for info in info_list:
00230             self.failUnless( info[ 'id' ] in SUBSET )
00231 
00232     def test_enumerateRoles_exact_nonesuch( self ):
00233 
00234         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00235             import FauxRoot
00236 
00237         root = FauxRoot()
00238         zgm = self._makeOne( id='exact_nonesuch' ).__of__( root )
00239 
00240         ID_LIST = ( 'foo', 'bar', 'baz', 'bam' )
00241 
00242         for id in ID_LIST:
00243 
00244             zgm.addRole( id, 'Role %s' % id, 'This is role, %s' % id )
00245 
00246         self.assertEquals( zgm.enumerateRoles( id='qux', exact_match=True )
00247                          , () )
00248 
00249     def test_assignRoleToPrincipal_nonesuch( self ):
00250 
00251         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00252             import FauxRoot
00253 
00254         root = FauxRoot()
00255         zrm = self._makeOne( id='assign_nonesuch' ).__of__( root )
00256 
00257         self.assertRaises( KeyError, zrm.assignRoleToPrincipal, 'test', 'foo' )
00258 
00259     def test_assignRoleToPrincipal_user( self ):
00260 
00261         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00262             import FauxRoot
00263 
00264         root = FauxRoot()
00265         zrm = self._makeOne( id='assign_user' ).__of__( root )
00266         zrm.addRole( 'test1' )
00267         zrm.addRole( 'test2' )
00268         user = DummyUser( 'foo' )
00269 
00270         roles = zrm.getRolesForPrincipal( user )
00271         self.assertEqual( len( roles ), 0 )
00272 
00273         zrm.assignRoleToPrincipal( 'test1', 'foo' )
00274 
00275         roles = zrm.getRolesForPrincipal( user )
00276         self.assertEqual( len( roles ), 1 )
00277         self.failUnless( 'test1' in roles )
00278 
00279         zrm.assignRoleToPrincipal( 'test2', 'foo' )
00280 
00281         roles = zrm.getRolesForPrincipal( user )
00282         self.assertEqual( len( roles ), 2 )
00283         self.failUnless( 'test1' in roles )
00284         self.failUnless( 'test2' in roles )
00285 
00286     def test_assignRoleToPrincipal_group( self ):
00287 
00288         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00289             import FauxRoot
00290 
00291         root = FauxRoot()
00292         zrm = self._makeOne( id='assign_user' ).__of__( root )
00293         zrm.addRole( 'test1' )
00294         zrm.addRole( 'test2' )
00295         user = DummyUser( 'foo', ( 'qux', ) )
00296 
00297         roles = zrm.getRolesForPrincipal( user )
00298         self.assertEqual( len( roles ), 0 )
00299 
00300         zrm.assignRoleToPrincipal( 'test1', 'qux' )
00301 
00302         roles = zrm.getRolesForPrincipal( user )
00303         self.assertEqual( len( roles ), 1 )
00304         self.failUnless( 'test1' in roles )
00305 
00306     def test_assignRoleToPrincipal_new( self ):
00307 
00308         root = FauxPAS()
00309         zrm = self._makeOne( id='assign_new' ).__of__( root )
00310 
00311         zrm.addRole( 'test' )
00312         self.assertEqual( len( zrm.listAssignedPrincipals( 'test' ) ), 0 )
00313 
00314         new = zrm.assignRoleToPrincipal( 'test', 'foo' )
00315 
00316         self.failUnless( new )
00317 
00318         assigned = [x[0] for x in zrm.listAssignedPrincipals( 'test' )]
00319 
00320         self.assertEqual( len( assigned ), 1 )
00321         self.assertEqual( assigned[0], 'foo' )
00322 
00323     def test_assignRoleToPrincipal_already( self ):
00324 
00325         root = FauxPAS()
00326         zrm = self._makeOne( id='assign_already' ).__of__( root )
00327 
00328         zrm.addRole( 'test' )
00329 
00330         zrm.assignRoleToPrincipal( 'test', 'foo' )
00331         new = zrm.assignRoleToPrincipal( 'test', 'foo' )
00332 
00333         self.failIf( new )
00334 
00335         assigned = [x[0] for x in zrm.listAssignedPrincipals( 'test' )]
00336 
00337         self.assertEqual( len( assigned ), 1 )
00338         self.assertEqual( assigned[0], 'foo' )
00339 
00340     def test_assignRoleBeforeRemovingPrincipal( self ):
00341 
00342         root = FauxSmartPAS()
00343         root.user_ids['foo'] = 'foo'
00344 
00345         zrm = self._makeOne( id='assign_before_remove' ).__of__( root )
00346 
00347         zrm.addRole( 'test' )
00348         self.assertEqual( len( zrm.listAssignedPrincipals( 'test' ) ), 0 )
00349 
00350         new = zrm.assignRoleToPrincipal( 'test', 'foo' )
00351 
00352         self.failUnless( new )
00353 
00354         assigned = [x[1] for x in zrm.listAssignedPrincipals( 'test' )]
00355 
00356         self.assertEqual( len( assigned ), 1 )
00357         self.assertEqual( assigned[0], 'foo' )
00358 
00359         del root.user_ids['foo']
00360 
00361         assigned = [x[1] for x in zrm.listAssignedPrincipals( 'test' )]
00362 
00363         self.assertEqual( len( assigned ), 1 )
00364         self.assertEqual( assigned[0], '<foo: not found>' )
00365 
00366     def test_removeRoleFromPrincipal_nonesuch( self ):
00367 
00368         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00369             import FauxRoot
00370 
00371         root = FauxRoot()
00372         zrm = self._makeOne( id='remove_nonesuch' ).__of__( root )
00373 
00374         self.assertRaises( KeyError, zrm.removeRoleFromPrincipal
00375                          , 'test', 'foo' )
00376 
00377     def test_removeRoleFromPrincipal_existing( self ):
00378 
00379         root = FauxPAS()
00380         zrm = self._makeOne( id='remove_existing' ).__of__( root )
00381 
00382         zrm.addRole( 'test' )
00383 
00384         zrm.assignRoleToPrincipal( 'test', 'foo' )
00385         zrm.assignRoleToPrincipal( 'test', 'bar' )
00386         zrm.assignRoleToPrincipal( 'test', 'baz' )
00387 
00388         assigned = [x[0] for x in zrm.listAssignedPrincipals( 'test' )]
00389         self.assertEqual( len( assigned ), 3 )
00390         self.failUnless( 'foo' in assigned )
00391         self.failUnless( 'bar' in assigned )
00392         self.failUnless( 'baz' in assigned )
00393 
00394         removed = zrm.removeRoleFromPrincipal( 'test', 'bar' )
00395 
00396         self.failUnless( removed )
00397 
00398         assigned = [x[0] for x in zrm.listAssignedPrincipals( 'test' )]
00399         self.assertEqual( len( assigned ), 2 )
00400         self.failUnless( 'foo' in assigned )
00401         self.failIf( 'bar' in assigned )
00402         self.failUnless( 'baz' in assigned )
00403 
00404     def test_removeRoleFromPrincipal_noop( self ):
00405 
00406         root = FauxPAS()
00407         zrm = self._makeOne( id='remove_noop' ).__of__( root )
00408 
00409         zrm.addRole( 'test' )
00410 
00411         zrm.assignRoleToPrincipal( 'test', 'foo' )
00412         zrm.assignRoleToPrincipal( 'test', 'baz' )
00413 
00414         assigned = [x[0] for x in zrm.listAssignedPrincipals( 'test' )]
00415         self.assertEqual( len( assigned ), 2 )
00416         self.failUnless( 'foo' in assigned )
00417         self.failUnless( 'baz' in assigned )
00418 
00419         removed = zrm.removeRoleFromPrincipal( 'test', 'bar' )
00420 
00421         self.failIf( removed )
00422 
00423     def test_updateRole_nonesuch( self ):
00424 
00425         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00426             import FauxRoot
00427 
00428         root = FauxRoot()
00429         zrm = self._makeOne( id='update_nonesuch' ).__of__( root )
00430 
00431         self.assertRaises( KeyError, zrm.updateRole
00432                          , 'nonesuch', 'title', 'description' )
00433 
00434     def test_updateRole_normal( self ):
00435 
00436         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00437             import FauxRoot
00438 
00439         root = FauxRoot()
00440         zrm = self._makeOne( id='update_normal' ).__of__( root )
00441 
00442         zrm.addRole( 'role', 'Original Title', 'Original description' )
00443 
00444         info = zrm.getRoleInfo( 'role' )
00445         self.assertEqual( info[ 'id' ], 'role' )
00446         self.assertEqual( info[ 'title' ], 'Original Title' )
00447         self.assertEqual( info[ 'description' ], 'Original description' )
00448 
00449         zrm.updateRole( 'role', 'Updated Title', 'Updated description' )
00450 
00451         info = zrm.getRoleInfo( 'role' )
00452         self.assertEqual( info[ 'id' ], 'role' )
00453         self.assertEqual( info[ 'title' ], 'Updated Title' )
00454         self.assertEqual( info[ 'description' ], 'Updated description' )
00455 
00456     def test_removeRole_then_addRole( self ):
00457 
00458         from Products.PluggableAuthService.tests.test_PluggableAuthService \
00459             import FauxRoot
00460 
00461         root = FauxRoot()
00462         zrm = self._makeOne( id='remove_then_add' ).__of__( root )
00463         user = DummyUser( 'foo' )
00464 
00465         zrm.addRole( 'test' )
00466         zrm.assignRoleToPrincipal( 'test', 'foo' )
00467         self.failUnless( 'test' in zrm.getRolesForPrincipal( user ) )
00468 
00469         zrm.removeRole( 'test' )
00470         zrm.addRole( 'test' )
00471 
00472         self.failIf( 'test' in zrm.getRolesForPrincipal( user ) )
00473 
00474     def testPOSTProtections(self):
00475         from zExceptions import Forbidden
00476 
00477         USER_ID = 'testuser'
00478         ROLE_ID = 'myrole'
00479 
00480         root = FauxPAS()
00481         zrm = self._makeOne( id='remove_existing' ).__of__( root )
00482         zrm = self._makeOne()
00483         zrm.addRole(ROLE_ID)
00484 
00485         user = DummyUser( USER_ID )
00486 
00487         req, res = makeRequestAndResponse()
00488 
00489         # Fails with a GET
00490         # test assignRoleToPrincipal
00491         req.set('REQUEST_METHOD', 'GET')
00492         self.assertRaises(Forbidden, zrm.assignRoleToPrincipal,
00493                           ROLE_ID, USER_ID, REQUEST=req)
00494         # Works with a POST
00495         req.set('REQUEST_METHOD', 'POST')
00496         zrm.assignRoleToPrincipal(ROLE_ID, USER_ID, REQUEST=req)
00497 
00498         # test removeRoleFromPricipal
00499         req.set('REQUEST_METHOD', 'GET')
00500         self.assertRaises(Forbidden, zrm.removeRoleFromPrincipal,
00501                           ROLE_ID, USER_ID, REQUEST=req)
00502         req.set('REQUEST_METHOD', 'POST')
00503         zrm.removeRoleFromPrincipal(ROLE_ID, USER_ID, REQUEST=req)
00504 
00505         # test removeRole
00506         req.set('REQUEST_METHOD', 'GET')
00507         self.assertRaises(Forbidden, zrm.removeRole,
00508                           ROLE_ID, REQUEST=req)
00509         req.set('REQUEST_METHOD', 'POST')
00510         zrm.removeRole(ROLE_ID, REQUEST=req)
00511 
00512         # Readd the role for the manage_* methods
00513         zrm.addRole(ROLE_ID)
00514 
00515         # test manage_assignRoleToPrincipal
00516         req.set('REQUEST_METHOD', 'GET')
00517         self.assertRaises(Forbidden, zrm.manage_assignRoleToPrincipals,
00518                           ROLE_ID, [USER_ID], RESPONSE=res, REQUEST=req)
00519         req.set('REQUEST_METHOD', 'POST')
00520         zrm.manage_assignRoleToPrincipals(ROLE_ID, [USER_ID], RESPONSE=res,
00521                                           REQUEST=req)
00522 
00523         # test manage_removeRoleFromPricipal
00524         req.set('REQUEST_METHOD', 'GET')
00525         self.assertRaises(Forbidden, zrm.manage_removeRoleFromPrincipals,
00526                           ROLE_ID, [USER_ID], RESPONSE=res, REQUEST=req)
00527         req.set('REQUEST_METHOD', 'POST')
00528         zrm.manage_removeRoleFromPrincipals(ROLE_ID, [USER_ID], RESPONSE=res,
00529                                             REQUEST=req)
00530 
00531         # test manage_removeRoles
00532         req.set('REQUEST_METHOD', 'GET')
00533         self.assertRaises(Forbidden, zrm.manage_removeRoles,
00534                           [ROLE_ID], RESPONSE=res, REQUEST=req)
00535         req.set('REQUEST_METHOD', 'POST')
00536         zrm.manage_removeRoles([ROLE_ID], RESPONSE=res, REQUEST=req)
00537 
00538 
00539 
00540 if __name__ == "__main__":
00541     unittest.main()
00542 
00543 def test_suite():
00544     return unittest.TestSuite((
00545         unittest.makeSuite( ZODBRoleManagerTests ),
00546         ))               
00547