Back to index

plone3  3.1.7
testLDAPGroupFolder.py
Go to the documentation of this file.
00001 # -*- coding: utf-8 -*-
00002 ## GroupUserFolder
00003 ## Copyright (C)2006 Ingeniweb
00004 
00005 ## This program is free software; you can redistribute it and/or modify
00006 ## it under the terms of the GNU General Public License as published by
00007 ## the Free Software Foundation; either version 2 of the License, or
00008 ## (at your option) any later version.
00009 
00010 ## This program is distributed in the hope that it will be useful,
00011 ## but WITHOUT ANY WARRANTY; without even the implied warranty of
00012 ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00013 ## GNU General Public License for more details.
00014 
00015 ## You should have received a copy of the GNU General Public License
00016 ## along with this program; see the file COPYING. If not, write to the
00017 ## Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00018 """
00019 
00020 """
00021 __version__ = "$Revision:  $"
00022 # $Source:  $
00023 # $Id: testLDAPGroupFolder.py 34725 2006-12-15 12:27:06Z encolpe $
00024 __docformat__ = 'restructuredtext'
00025 
00026 import os, sys
00027 if __name__ == '__main__':
00028     execfile(os.path.join(sys.path[0], 'framework.py'))
00029 
00030 
00031 
00032 # Load fixture
00033 from Testing import ZopeTestCase
00034 
00035 # Permissions / security
00036 from AccessControl.Permissions import access_contents_information, view, add_documents_images_and_files, change_images_and_files, view_management_screens
00037 from AccessControl.SecurityManagement import newSecurityManager, noSecurityManager, getSecurityManager
00038 from AccessControl import Unauthorized
00039 from AccessControl.User import UnrestrictedUser
00040 
00041 import urllib
00042 
00043 # Create the error_log object
00044 app = ZopeTestCase.app()
00045 ZopeTestCase.utils.setupSiteErrorLog(app)
00046 ZopeTestCase.close(app)
00047 
00048 # Start the web server
00049 host, port = ZopeTestCase.utils.startZServer(4)
00050 base = 'http://%s:%d/%s' %(host, port, ZopeTestCase.folder_name)
00051 
00052     
00053 # Get global vars
00054 #from Products.GroupUserFolder.global_symbols import *
00055 from Products.GroupUserFolder.interfaces import IUserFolder
00056 from Interface import Verify
00057 
00058 # Install our product
00059 ZopeTestCase.installProduct('GroupUserFolder')
00060 ZopeTestCase.installProduct('LDAPUserFolder')
00061 
00062 import GRUFTestCase
00063 import testGroupUserFolderAPI
00064 import testLDAPUserFolder
00065 from Log import *
00066 
00067 
00068 try:
00069     from LDAPconfig import defaults
00070 except ImportError:
00071     Log(LOG_ERROR, """
00072     To perform this test case, you must provide a 'LDAPconfig.py' file with the following structure:
00073 
00074 defaults = { 'title'  : 'LDAP User Folder'
00075            , 'server' : 'localhost:389'
00076            , 'login_attr' : 'cn'
00077            , 'uid_attr': 'cn'
00078            , 'users_base' : 'ou=people,dc=dataflake,dc=org'
00079            , 'users_scope' : 2
00080            , 'roles' : 'Anonymous'
00081            , 'groups_base' : 'ou=groups,dc=dataflake,dc=org'
00082            , 'groups_scope' : 2
00083            , 'binduid' : 'cn=Manager,dc=dataflake,dc=org'
00084            , 'bindpwd' : 'mypass'
00085            , 'binduid_usage' : 1
00086            , 'rdn_attr' : 'cn'
00087            , 'local_groups' : 1                 # Keep this true
00088            , 'use_ssl' : 0
00089            , 'encryption' : 'SHA'
00090            , 'read_only' : 0
00091            }
00092 
00093     Of course, you've got to replace all values by some relevant ones for your project.
00094     This test case won't complete without.
00095 
00096     NEVER PUT THIS FILE INTO YOUR CVS ! Unless you want your password to be publicly known...
00097     """)
00098     ldapuf = False
00099 else:
00100     ldapuf = True
00101     dg = defaults.get
00102 
00103 
00104 
00105 
00106 ##class TestLDAPUserFolderGroups(GRUFTestCase.GRUFTestCase):
00107 class TestLDAPUserFolderGroups(testLDAPUserFolder.TestLDAPUserFolderAPI):
00108     """
00109     Now we create groups into LDAP. Groups won't be locally stored anymore.
00110     Remember that according to LDAPUF, a LDAP group = a zope role.
00111     However, for GRUF, a zope group = a zope role.
00112     So, by transitivity, we must be able at some point to say that a zope group = a LDAP group ;)
00113 
00114     The only caveat with this system is that we have to declare the zope roles we'll use in LDAP.
00115     That's why we create a few additional groups in gruf_sources_setup().
00116     """
00117 
00118     def gruf_sources_setup(self,):
00119         """
00120         Basic LDAP initialization inside gruf's user source
00121         """
00122         # User source replacement
00123         self.gruf.replaceUserSource("Users",
00124             "manage_addProduct/LDAPUserFolder/manage_addLDAPUserFolder",
00125             )
00126         self.gruf.replaceUserSource(
00127             "Groups",
00128             "manage_addProduct/GroupUserFolder/manage_addLDAPGroupFolder",
00129             title = "MyLDAPGF",
00130             luf = "Users",
00131             )
00132 
00133         # Edit LDAPUF 'cause objectClass cannot be set otherwise :(
00134         self.gruf.Users.acl_users.manage_edit(
00135             title = dg('title'),
00136             #LDAP_server = dg('server'),
00137             login_attr = dg('login_attr'),
00138             uid_attr = dg('uid_attr'),
00139             users_base = dg('users_base'),
00140             users_scope = dg('users_scope'),
00141             roles= dg('roles'),
00142             obj_classes = 'top,inetOrgPerson',
00143             groups_base = dg('groups_base'),
00144             groups_scope = dg('groups_scope'),
00145             binduid = dg('binduid'),
00146             bindpwd = dg('bindpwd'),
00147             binduid_usage = dg('binduid_usage'),
00148             rdn_attr = dg('rdn_attr'),
00149             local_groups = dg('local_groups'),
00150             encryption = dg('encryption'),
00151             #use_ssl = dg('use_ssl'),
00152             #read_only=dg('read_only'),
00153             )
00154 
00155         self.delete_created_users()
00156 
00157     def delete_created_users(self,):
00158         "ldap-specify deletion"
00159         # Purge existing users in order to start on a clean basis
00160         groups = [
00161             "g1",
00162             "g2",
00163             "g3",
00164             "g4",
00165             "ng1",
00166             "ng2",
00167             "ng3",
00168             "ng4",
00169             "ng5",
00170             "created_group",
00171             "test_prefix",
00172             "extranet",
00173             "intranet",
00174             "compta",
00175             "r1",
00176             "r2",
00177             "r3",
00178             "r4",
00179             ]
00180         g_dn = []
00181         for group in groups:
00182             g_dn.append("cn=%s,%s" % (group, self.gruf.Users.acl_users.groups_base, ))
00183         self.gruf.Users.acl_users.manage_deleteGroups(g_dn)
00184         self.gruf.userFolderDelUsers([
00185             "manager",
00186             "u1",
00187             "u2",
00188             "u3",
00189             "u4",
00190             "u5",
00191             "u6",
00192             "u7",
00193             "u8",
00194             "u9",
00195             "u10",
00196             "u11",
00197             "created_user",
00198             "group_test_prefix",
00199             ])
00200 
00201     def security_context_setup_groups(self,):
00202         "create groups. We splitted to allow LDAP tests to override this"
00203         # Create roles as GROUPS
00204         self.gruf.userFolderAddGroup('r1', )
00205         self.gruf.userFolderAddGroup('r2', )
00206         self.gruf.userFolderAddGroup('r3', )
00207         self.gruf.userFolderAddGroup('r4', )
00208 
00209         # Create a few groups
00210         self.gruf.userFolderAddGroup('g1', ())
00211         self.gruf.userFolderAddGroup('g2', ('r1', ))
00212         self.gruf.userFolderAddGroup('g3', ('r2', ))
00213         self.gruf.userFolderAddGroup('g4', ('r2', 'r3', ))
00214 
00215         # Create nested groups
00216         self.gruf.userFolderAddGroup('ng1', (), ('g1', ))
00217         self.gruf.userFolderAddGroup('ng2', (), ('g2', 'g3', ))
00218         self.gruf.userFolderAddGroup('ng3', (), ('g2', 'ng2', ))
00219         self.gruf.userFolderAddGroup('ng4', ('r3', ), ('g2', 'ng2', ))
00220         self.gruf.userFolderAddGroup('ng5', (), ('g2', 'ng4', ))
00221 
00222         # Special case of nesting
00223         self.gruf.userFolderAddGroup('extranet', (), ())
00224         self.gruf.userFolderAddGroup('intranet', (), ('extranet', ))
00225         self.gruf.userFolderAddGroup('compta', (), ('intranet', 'extranet' ))
00226 
00227     def testLDAPSourceMove(self,):
00228         """Ensure that LDAPGroupFolder will still work correctly if we move
00229         a source. This caused core dumps or GRUF3Beta1.
00230         """
00231         # Initial conditions
00232         self.failUnlessEqual(
00233             self.gruf.Users.acl_users.meta_type,
00234             "LDAPUserFolder",
00235             )
00236 
00237         # Add & swap
00238         self.gruf.addUserSource(
00239             "manage_addProduct/OFSP/manage_addUserFolder",
00240             )
00241         self.gruf.moveUserSourceUp("Users01")
00242         self.failUnlessEqual(
00243             self.gruf.Users.acl_users.meta_type,
00244             "User Folder",
00245             )
00246 
00247         # Stress it
00248         self.gruf.getUsers()
00249         self.gruf.getUserNames()
00250 
00251         # Put it back again
00252         self.gruf.moveUserSourceUp("Users01")
00253 
00254         # Stress it again
00255         self.gruf.getUsers()
00256         self.gruf.getUserNames()
00257 
00258 
00259     def test01_LDAPUp(self,):
00260         """Ensure LDAP is up and running
00261         """
00262         self.gruf.Users.acl_users.getUsers()
00263 
00264     def test02_groupHasRole(self,):
00265         """Test if a group can have a role
00266         """
00267         self.failUnless("r1" in self.gruf.getGroup("g2").getRoles(), self.gruf.getGroup("g2").getRoles(), )
00268 
00269     def test_getGroupNames(self,):
00270         pass                    # Ignore
00271 
00272     def test_getGroupIds(self,):
00273         pass                    # Ignore
00274 
00275     def test_getUserNames(self,):
00276         pass                    # Ignore
00277 
00278     def test_getUserIds(self,):
00279         pass                    # Ignore
00280 
00281     def test_getGroups(self,):
00282         pass                    # Ignore
00283 
00284     def test_userFolderDelRoles(self,):
00285         """
00286         We cannot create additional roles easily with LDAP...
00287         So we don't test this.
00288         """
00289         pass
00290 
00291 
00292 
00293     # Group access.
00294     # We add LDAP roles-specific tests
00295 
00296     def test_getGroupNames(self):
00297         """Same as getUserNames() but without pure users.
00298         """
00299         un = self.gruf.getGroupNames()
00300         users = [
00301             'g1', 'g2', "g3", "g4",
00302             "ng1", "ng2", "ng3", "ng4", "ng5",
00303             "extranet", "intranet", "compta",
00304             "r1", "r2", "r3", "r4",
00305             ]
00306         un.sort()
00307         users.sort()
00308         for u in users:
00309             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00310         for u in un:
00311             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00312 
00313     def test_getGroupIds(self,):
00314         un = self.gruf.getGroupIds()
00315         users = [
00316             'group_g1', 'group_g2', "group_g3", "group_g4",
00317             "group_ng1", "group_ng2", "group_ng3", "group_ng4", "group_ng5",
00318             "group_extranet", "group_intranet", "group_compta",
00319             "group_r1", "group_r2", "group_r3", "group_r4",
00320             ]
00321         un.sort()
00322         users.sort()
00323         for u in users:
00324             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00325         for u in un:
00326             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00327 
00328 
00329     def test_getGroups(self):
00330         """Overloaded because roles are groups"""
00331         objects = self.gruf.getGroups()
00332         un = map(lambda x: x.getId(), objects)
00333         users = [
00334             'group_g1', 'group_g2', "group_g3", "group_g4",
00335             "group_ng1", "group_ng2", "group_ng3", "group_ng4", "group_ng5",
00336             "group_extranet", "group_intranet", "group_compta",
00337             "group_r1", "group_r2", "group_r3", "group_r4",
00338             ]
00339         un.sort()
00340         users.sort()
00341         for u in users:
00342             self.failUnless(u in un, "Invalid users list: '%s' is not in acl_users." % (u,))
00343         for u in un:
00344             self.failUnless(u in users, "Invalid users list: '%s' is in acl_users but shouldn't be there." % (u,))
00345 
00346 
00347     def test_setRolesOnUsers(self):
00348         """Set a common set of roles for a bunch of user atoms.
00349         We changed this because LDAPUF add garbage roles :(
00350         See http://www.dataflake.org/tracker/issue_00376
00351         """
00352         self.gruf.setRolesOnUsers(["r1", "r2", "r3", ], ["u1", "u2", ])
00353         for r in ("r1", "r2", "r3",):
00354             self.failUnless(r in self.gruf.getUser("u1").getRoles(), self.gruf.getUser("u1").getRoles(), )
00355             self.failUnless(r in self.gruf.getUser("u2").getRoles(), self.gruf.getUser("u2").getRoles(), )
00356 
00357 
00358 
00359     def test_userFolderEditUser(self,):
00360         """Changed because of http://www.dataflake.org/tracker/issue_00376
00361         """
00362         self.gruf.userFolderEditUser(
00363             name = "u1",
00364             password = "secret2",
00365             roles = ["r1", ],
00366             groups = ["g1", ],
00367             )
00368         self.compareRoles(None, "u1", ['r1', "g1", ], )
00369 
00370     def test_getUsersOfRole(self):
00371         should_be = [
00372             'group_ng2','group_ng3',
00373             'group_ng4',
00374             'group_ng5',
00375             'u9',
00376             'u5',
00377             'u4',
00378             'u7',
00379             'u6',
00380             'u11',
00381             'u10',
00382             'group_g3',
00383             'group_g4',
00384             ]
00385         should_be.sort()
00386         users = list(self.gruf.getUsersOfRole("r2"))
00387         users.sort()
00388         self.failUnless(users == should_be, (should_be, users, ))
00389 
00390 
00391 if __name__ == '__main__':
00392     framework(descriptions=1, verbosity=1)
00393 else:
00394     import unittest
00395     def test_suite():
00396         suite = unittest.TestSuite()
00397         if ldapuf:
00398             suite.addTest(unittest.makeSuite(TestLDAPUserFolderGroups))
00399         return suite
00400