testERP5Security.py 23.6 KB
Newer Older
1
##############################################################################
2
# -*- coding: utf-8 -*-
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
# Copyright (c) 2004 Nexedi SARL and Contributors. All Rights Reserved.
#                                    Jerome Perrin <jerome@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################

"""Tests ERP5 User Management.
"""

32
import unittest
33
import transaction
34

35 36
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase,\
                                                     get_request
37
from AccessControl.SecurityManagement import newSecurityManager
38
from AccessControl.SecurityManagement import getSecurityManager
39
from zLOG import LOG
40
from Products.ERP5Type.Cache import clearCache
41
from Products.PluggableAuthService import PluggableAuthService
42
try:
43
  from Interface.Verify import verifyClass
44
except ImportError:
45
  from zope.interface.verify import verifyClass
46
from DateTime import DateTime
47

48 49 50
class TestUserManagement(ERP5TypeTestCase):
  """Tests User Management in ERP5Security.
  """
51

52 53
  def getTitle(self):
    """Title of the test."""
54
    return "ERP5Security: User Management"
55

56 57 58
  def getBusinessTemplateList(self):
    """List of BT to install. """
    return ('erp5_base',)
59

60 61
  def beforeTearDown(self):
    """Clears person module and invalidate caches when tests are finished."""
62
    # XXX Isn't it better to clear the cache when deleting a Person ?
Romain Courteaud's avatar
Romain Courteaud committed
63
    clearCache(cache_factory_list=('erp5_content_short', ))
64 65
    self.getPersonModule().manage_delObjects([x for x in
                             self.getPersonModule().objectIds()])
66
    transaction.commit()
67
    self.tic()
68

69
  def login(self):
70
    uf = self.getUserFolder()
71 72 73 74
    uf._doAddUser('alex', '', ['Manager', 'Assignee', 'Assignor',
                               'Associate', 'Auditor', 'Author'], [])
    user = uf.getUserById('alex').__of__(uf)
    newSecurityManager(None, user)
75 76 77 78 79

  def getUserFolder(self):
    """Returns the acl_users. """
    return self.getPortal().acl_users

80
  def test_GroupManagerInterfaces(self):
81
    """Tests group manager plugin respects interfaces."""
82
    # XXX move to GroupManager test class
83 84 85 86
    from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
    from Products.ERP5Security.ERP5GroupManager import ERP5GroupManager
    verifyClass(IGroupsPlugin, ERP5GroupManager)

87
  def test_UserManagerInterfaces(self):
88
    """Tests user manager plugin respects interfaces."""
89 90 91 92 93 94
    from Products.PluggableAuthService.interfaces.plugins import\
                IAuthenticationPlugin, IUserEnumerationPlugin
    from Products.ERP5Security.ERP5UserManager import ERP5UserManager
    verifyClass(IAuthenticationPlugin, ERP5UserManager)
    verifyClass(IUserEnumerationPlugin, ERP5UserManager)

95
  def test_UserFolder(self):
96
    """Tests user folder has correct meta type."""
97
    self.failUnless(isinstance(self.getUserFolder(),
98 99
        PluggableAuthService.PluggableAuthService))

100 101 102 103 104
  def loginAsUser(self, username):
    uf = self.portal.acl_users
    user = uf.getUserById(username).__of__(uf)
    newSecurityManager(None, user)

105 106
  def _makePerson(self, open_assignment=1, assignment_start_date=None,
                  assignment_stop_date=None, **kw):
107 108
    """Creates a person in person module, and returns the object, after
    indexing is done. """
109 110
    person_module = self.getPersonModule()
    new_person = person_module.newContent(
111
                     portal_type='Person', **kw)
112 113 114
    assignment = new_person.newContent(portal_type = 'Assignment',
                                       start_date=assignment_start_date,
                                       stop_date=assignment_stop_date,)
115 116
    if open_assignment:
      assignment.open()
117
    transaction.commit()
118
    self.tic()
119 120
    return new_person

121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
  def _assertUserExists(self, login, password):
    """Checks that a user with login and password exists and can log in to the
    system.
    """
    from Products.PluggableAuthService.interfaces.plugins import\
                                                      IAuthenticationPlugin
    uf = self.getUserFolder()
    self.assertNotEquals(uf.getUserById(login, None), None)
    for plugin_name, plugin in uf._getOb('plugins').listPlugins(
                                IAuthenticationPlugin ):
      if plugin.authenticateCredentials(
                  {'login':login, 'password':password}) is not None:
        break
    else:
      self.fail("No plugin could authenticate '%s' with password '%s'" %
              (login, password))
137

138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
  def _assertUserDoesNotExists(self, login, password):
    """Checks that a user with login and password does not exists and cannot
    log in to the system.
    """
    from Products.PluggableAuthService.interfaces.plugins import\
                                                        IAuthenticationPlugin
    uf = self.getUserFolder()
    for plugin_name, plugin in uf._getOb('plugins').listPlugins(
                              IAuthenticationPlugin ):
      if plugin.authenticateCredentials(
                {'login':login, 'password':password}) is not None:
        self.fail(
           "Plugin %s should not have authenticated '%s' with password '%s'" %
           (plugin_name, login, password))

153
  def test_PersonWithLoginPasswordAreUsers(self):
154
    """Tests a person with a login & password is a valid user."""
155
    p = self._makePerson(reference='the_user', password='secret',)
156
    self._assertUserExists('the_user', 'secret')
157

158 159
  def test_PersonLoginCaseSensitive(self):
    """Login/password are case sensitive."""
160
    p = self._makePerson(reference='the_user', password='secret',)
161
    self._assertUserExists('the_user', 'secret')
162
    self._assertUserDoesNotExists('the_User', 'secret')
163

164 165 166 167 168 169 170 171 172 173 174 175 176 177 178
  def test_PersonLoginIsNotStripped(self):
    """Make sure 'foo ', ' foo' and ' foo ' do not match user 'foo'. """
    p = self._makePerson(reference='foo', password='secret',)
    self._assertUserExists('foo', 'secret')
    self._assertUserDoesNotExists('foo ', 'secret')
    self._assertUserDoesNotExists(' foo', 'secret')
    self._assertUserDoesNotExists(' foo ', 'secret')

  def test_PersonLoginCannotBeComposed(self):
    """Make sure ZSQLCatalog keywords cannot be used at login time"""
    p = self._makePerson(reference='foo', password='secret',)
    self._assertUserExists('foo', 'secret')
    self._assertUserDoesNotExists('bar', 'secret')
    self._assertUserDoesNotExists('bar OR foo', 'secret')

179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198
  def test_PersonLoginQuote(self):
    p = self._makePerson(reference="'", password='secret',)
    self._assertUserExists("'", 'secret')

  def test_PersonLogin_OR_Keyword(self):
    p = self._makePerson(reference='foo OR bar', password='secret',)
    self._assertUserExists('foo OR bar', 'secret')
    self._assertUserDoesNotExists('foo', 'secret')

  def test_PersonLoginCatalogKeyWord(self):
    # use something that would turn the username in a ZSQLCatalog catalog keyword
    p = self._makePerson(reference="foo%", password='secret',)
    self._assertUserExists("foo%", 'secret')
    self._assertUserDoesNotExists("foo", 'secret')
    self._assertUserDoesNotExists("foobar", 'secret')

  def test_PersonLoginNGT(self):
    p = self._makePerson(reference='< foo', password='secret',)
    self._assertUserExists('< foo', 'secret')

199 200
  def test_PersonLoginNonAscii(self):
    """Login can contain non ascii chars."""
201
    p = self._makePerson(reference='j\xc3\xa9', password='secret',)
202 203 204
    self._assertUserExists('j\xc3\xa9', 'secret')

  def test_PersonWithLoginWithEmptyPasswordAreNotUsers(self):
205
    """Tests a person with a login but no password is not a valid user."""
206
    self._makePerson(reference='the_user')
207
    self._assertUserDoesNotExists('the_user', None)
208
    self._makePerson(reference='another_user', password='',)
209
    self._assertUserDoesNotExists('another_user', '')
210

211
  def test_PersonWithEmptyLoginAreNotUsers(self):
212
    """Tests a person with empty login & password is a valid user."""
213
    self._makePerson(reference='', password='secret')
214
    self._assertUserDoesNotExists('', 'secret')
215

216 217
  def test_PersonWithLoginWithNotAssignmentAreNotUsers(self):
    """Tests a person with a login & password and no assignment open is not a valid user."""
218 219
    self._makePerson(reference='the_user', password='secret', open_assignment=0)
    self._assertUserDoesNotExists('the_user', 'secret')
220

221
  def test_PersonWithSuperUserLoginCannotBeCreated(self):
222 223 224
    """Tests one cannot create person with the "super user" special login."""
    from Products.ERP5Security.ERP5UserManager import SUPER_USER
    self.assertRaises(RuntimeError, self._makePerson, reference=SUPER_USER)
225

226
  def test_PersonWithSuperUserLogin(self):
227 228 229 230
    """Tests one cannot use the "super user" special login."""
    from Products.ERP5Security.ERP5UserManager import SUPER_USER
    self._assertUserDoesNotExists(SUPER_USER, '')

231 232 233 234 235 236 237 238 239 240 241 242
  def test_searchUsers(self):
    p1 = self._makePerson(reference='person1')
    p2 = self._makePerson(reference='person2')
    self.assertEquals(set(['person1', 'person2']),
      set([x['userid'] for x in
        self.portal.acl_users.searchUsers(id='person')]))

  def test_searchUsersExactMatch(self):
    p = self._makePerson(reference='person')
    p1 = self._makePerson(reference='person1')
    p2 = self._makePerson(reference='person2')
    self.assertEquals(['person', ],
243
         [x['userid'] for x in
244 245
           self.portal.acl_users.searchUsers(id='person', exact_match=True)])

246
  def test_MultiplePersonReference(self):
247 248 249
    """Tests that it's refused to create two Persons with same reference."""
    self._makePerson(reference='new_person')
    self.assertRaises(RuntimeError, self._makePerson, reference='new_person')
250

251
  def test_PersonCopyAndPaste(self):
252 253 254 255 256 257 258
    """If we copy and paste a person, login must not be copyied."""
    person = self._makePerson(reference='new_person')
    person_module = self.getPersonModule()
    copy_data = person_module.manage_copyObjects([person.getId()])
    changed, = person_module.manage_pasteObjects(copy_data)
    self.assertNotEquals(person_module[changed['new_id']].getReference(),
                         person_module[changed['id']].getReference())
259

260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276
  def test_PreferenceTool_setNewPassword(self):
    # Preference Tool has an action to change password
    pers = self._makePerson(reference='the_user', password='secret',)
    transaction.commit()
    self.tic()
    self._assertUserExists('the_user', 'secret')
    self.loginAsUser('the_user')
    self.portal.REQUEST.set('current_password', 'secret')
    self.portal.REQUEST.set('new_password', 'new_secret')
    self.portal.portal_preferences.PreferenceTool_setNewPassword()
    self._assertUserExists('the_user', 'new_secret')
    self._assertUserDoesNotExists('the_user', 'secret')

    # password is not stored in plain text
    self.assertNotEquals('new_secret', pers.getPassword())


277 278 279 280 281 282 283 284 285 286
  def test_OpenningAssignmentClearCache(self):
    """Openning an assignment for a person clear the cache automatically."""
    pers = self._makePerson(reference='the_user', password='secret',
                            open_assignment=0)
    self._assertUserDoesNotExists('the_user', 'secret')
    assi = pers.newContent(portal_type='Assignment')
    assi.open()
    self._assertUserExists('the_user', 'secret')
    assi.close()
    self._assertUserDoesNotExists('the_user', 'secret')
287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303

  def test_PersonNotIndexedNotCached(self):
    pers = self._makePerson(password='secret',)
    pers.setReference('the_user')
    # not indexed yet
    self._assertUserDoesNotExists('the_user', 'secret')

    transaction.commit()
    self.tic()

    self._assertUserExists('the_user', 'secret')

  def test_PersonNotValidNotCached(self):
    pers = self._makePerson(reference='the_user', password='other',)
    self._assertUserDoesNotExists('the_user', 'secret')
    pers.setPassword('secret')
    self._assertUserExists('the_user', 'secret')
304 305


306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329
  def test_AssignmentWithDate(self):
    """Tests a person with an assignment with correct date is a valid user."""
    date = DateTime()
    p = self._makePerson(reference='the_user', password='secret',
                         assignment_start_date=date-5,
                         assignment_stop_date=date+5)
    self._assertUserExists('the_user', 'secret')

  def test_AssignmentWithBadStartDate(self):
    """Tests a person with an assignment with bad start date is not a valid user."""
    date = DateTime()
    p = self._makePerson(reference='the_user', password='secret',
                         assignment_start_date=date+1,
                         assignment_stop_date=date+5)
    self._assertUserDoesNotExists('the_user', 'secret')

  def test_AssignmentWithBadStopDate(self):
    """Tests a person with an assignment with bad stop date is not a valid user."""
    date = DateTime()
    p = self._makePerson(reference='the_user', password='secret',
                         assignment_start_date=date-5,
                         assignment_stop_date=date-1)
    self._assertUserDoesNotExists('the_user', 'secret')

330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348
class TestLocalRoleManagement(ERP5TypeTestCase):
  """Tests Local Role Management with ERP5Security.

  This test should probably part of ERP5Type ?
  """
  def getTitle(self):
    return "ERP5Security: User Role Management"

  def afterSetUp(self):
    """Called after setup completed.
    """
    self.portal = self.getPortal()
    # configure group, site, function categories
    for bc in ['group', 'site', 'function']:
      base_cat = self.getCategoryTool()[bc]
      code = bc[0].upper()
      base_cat.newContent(portal_type='Category',
                          id='subcat',
                          codification="%s1" % code)
349 350 351 352
    # add another function subcategory.
    self.getCategoryTool()['function'].newContent(portal_type='Category',
                                                  id='another_subcat',
                                                  codification='Function2')
353 354 355 356 357 358 359
    self.defined_category = "group/subcat\n"\
                            "site/subcat\n"\
                            "function/subcat"
    # any member can add organisations
    self.portal.organisation_module.manage_permission(
            'Add portal content', roles=['Member', 'Manager'], acquire=1)

Romain Courteaud's avatar
Romain Courteaud committed
360
    self.username = 'usérn@me'
361 362 363 364 365 366 367 368 369
    # create a user and open an assignement
    pers = self.getPersonModule().newContent(portal_type='Person',
                                             reference=self.username,
                                             password=self.username)
    assignment = pers.newContent( portal_type='Assignment',
                                  group='subcat',
                                  site='subcat',
                                  function='subcat' )
    assignment.open()
370
    transaction.commit()
371
    self.tic()
372

373 374 375 376 377
  def beforeTearDown(self):
    """Called before teardown."""
    # clear base categories
    for bc in ['group', 'site', 'function']:
      base_cat = self.getCategoryTool()[bc]
378
      base_cat.manage_delObjects(list(base_cat.objectIds()))
379
    # clear role definitions
380 381
    for ti in self.getTypesTool().objectValues():
      ti.manage_delObjects(list(ti.objectIds(spec='ERP5 Role Information')))
382
    # clear modules
383 384 385
    for module in self.portal.objectValues():
      if module.getId().endswith('_module'):
        module.manage_delObjects(list(module.objectIds()))
386
    # commit this
387
    transaction.commit()
388
    self.tic()
389
    # XXX Isn't it better to clear the cache when deleting a Person ?
Romain Courteaud's avatar
Romain Courteaud committed
390
    clearCache(cache_factory_list=('erp5_content_short', ))
391 392 393 394 395

  def loginAsUser(self, username):
    uf = self.portal.acl_users
    user = uf.getUserById(username).__of__(uf)
    newSecurityManager(None, user)
396

397 398
  def _getTypeInfo(self):
    return self.getTypesTool()['Organisation']
399

400 401
  def _getModuleTypeInfo(self):
    return self.getTypesTool()['Organisation Module']
402

403 404
  def _makeOne(self):
    return self.getOrganisationModule().newContent(portal_type='Organisation')
405

406 407 408
  def getBusinessTemplateList(self):
    """List of BT to install. """
    return ('erp5_base',)
409

410 411 412 413 414 415
  def test_RolesManagerInterfaces(self):
    """Tests group manager plugin respects interfaces."""
    from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin
    from Products.ERP5Security.ERP5RoleManager import ERP5RoleManager
    verifyClass(IRolesPlugin, ERP5RoleManager)

416 417 418 419 420 421 422 423
  def testMemberRole(self):
    """Test users have the Member role.
    """
    self.loginAsUser(self.username)
    self.failUnless('Member' in
            getSecurityManager().getUser().getRolesInContext(self.portal))
    self.failUnless('Member' in
            getSecurityManager().getUser().getRoles())
424

425 426 427
  def testSimpleLocalRole(self):
    """Test simple case of setting a role.
    """
428 429 430 431 432 433
    self._getTypeInfo().newContent(portal_type='Role Information',
      role_name='Assignor',
      description='desc.',
      title='an Assignor role for testing',
      role_category=self.defined_category,
      role_base_category_script_id='ERP5Type_getSecurityCategoryFromAssignment')
434 435
    obj = self._makeOne()
    self.assertEquals(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
436

437 438 439
    self.loginAsUser(self.username)
    self.failUnless('Assignor' in
            getSecurityManager().getUser().getRolesInContext(obj))
440

441 442 443 444 445
  def testDynamicLocalRole(self):
    """Test simple case of setting a dynamic role.
    The site category is not defined explictly the role, and will have the
    current site of the user.
    """
446 447 448 449 450 451 452 453
    self._getTypeInfo().newContent(portal_type='Role Information',
      role_name='Assignor',
      description='desc.',
      title='an Assignor role for testing',
      role_category_list=('group/subcat', 'function/subcat'),
      role_base_category_script_id='ERP5Type_getSecurityCategoryFromAssignment',
      role_base_category='site')

454 455 456 457 458
    self.loginAsUser(self.username)
    obj = self._makeOne()
    self.assertEquals(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
    self.failUnless('Assignor' in
            getSecurityManager().getUser().getRolesInContext(obj))
459

460
  def testAcquireLocalRoles(self):
461 462 463 464
    """Tests that document does not acquire loal roles from their parents if
    "acquire local roles" is not checked."""
    ti = self._getTypeInfo()
    ti.acquire_local_roles = False
465 466 467 468 469 470
    self._getModuleTypeInfo().newContent(portal_type='Role Information',
      role_name='Assignor',
      description='desc.',
      title='an Assignor role for testing',
      role_category=self.defined_category,
      role_base_category_script_id='ERP5Type_getSecurityCategoryFromAssignment')
471 472 473 474 475 476 477 478 479 480 481 482 483 484 485
    obj = self._makeOne()
    module = obj.getParentValue()
    module.updateLocalRolesOnSecurityGroups()
    # we said the we do not want acquire local roles.
    self.failIf(obj._getAcquireLocalRoles())
    # the local role is set on the module
    self.assertEquals(['Assignor'], module.__ac_local_roles__.get('F1_G1_S1'))
    # but not on the document
    self.assertEquals(None, obj.__ac_local_roles__.get('F1_G1_S1'))
    # same testing with roles in context.
    self.loginAsUser(self.username)
    self.failUnless('Assignor' in
            getSecurityManager().getUser().getRolesInContext(module))
    self.failIf('Assignor' in
            getSecurityManager().getUser().getRolesInContext(obj))
486 487 488 489 490 491 492 493

  def testGetUserByLogin(self):
    """Test getUserByLogin method
    """
    self.loginAsUser(self.username)

    # getUserByLogin accept login as a string
    self.portal.portal_caches.clearAllCache()
494
    transaction.commit()
495 496 497 498 499 500
    person_list = self.portal.acl_users.erp5_users.getUserByLogin(self.username)
    self.assertEquals(1, len(person_list))
    self.assertEquals(self.username, person_list[0].getReference())

    # getUserByLogin accept login as a list
    self.portal.portal_caches.clearAllCache()
501
    transaction.commit()
502 503 504 505 506 507
    person_list = self.portal.acl_users.erp5_users.getUserByLogin([self.username])
    self.assertEquals(1, len(person_list))
    self.assertEquals(self.username, person_list[0].getReference())

    # getUserByLogin accept login as a tuple
    self.portal.portal_caches.clearAllCache()
508
    transaction.commit()
509 510 511 512 513 514 515
    person_list = self.portal.acl_users.erp5_users.getUserByLogin((self.username,))
    self.assertEquals(1, len(person_list))
    self.assertEquals(self.username, person_list[0].getReference())

    # PreferenceTool pass a user as parameter
    user = getSecurityManager().getUser()
    self.portal.portal_caches.clearAllCache()
516
    transaction.commit()
517 518 519
    person_list = self.portal.acl_users.erp5_users.getUserByLogin(user)
    self.assertEquals(1, len(person_list))
    self.assertEquals(self.username, person_list[0].getReference())
520 521 522 523 524

  def testLocalRoleWithTraverser(self):
    """Make sure that local role works correctly when traversing
    """
    self.assert_(not self.portal.portal_types.Person.acquire_local_roles)
525

526 527 528 529 530 531 532 533 534 535
    self.getPersonModule().newContent(portal_type='Person',
                                      id='first_last',
                                      first_name='First',
                                      last_name='Last')
    loginable_person = self.getPersonModule().newContent(portal_type='Person',
                                                         reference='guest',
                                                         password='guest')
    assignment = loginable_person.newContent(portal_type='Assignment',
                                             function='another_subcat')
    assignment.open()
536
    transaction.commit()
537 538 539
    self.tic()

    person_module_type_information = self.getTypesTool()['Person Module']
540 541
    person_module_type_information.newContent(portal_type='Role Information',
      role_name='Auditor',
542
      description='',
543 544
      title='An Auditor role for testing',
      role_category='function/another_subcat')
545
    person_module_type_information.updateRoleMapping()
546
    transaction.commit()
547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562
    self.tic()

    person_module_path = self.getPersonModule().absolute_url(relative=1)
    response = self.publish('/%s/view' % person_module_path,
                            basic='guest:guest')
    self.assertEqual(response.getStatus(), 200)
    response = self.publish('/%s/first_last/getFirstName' % person_module_path,
                            basic='guest:guest')
    self.assertEqual(response.getStatus(), 401)

    # Organisation does not have explicitly declared getTitle method in
    # the class definition.
    # Add organisation and make sure guest cannot access to its getTitle.
    self.getOrganisationModule().newContent(portal_type='Organisation',
                                            id='my_company',
                                            title='Nexedi')
563
    transaction.commit()
564 565 566 567 568
    self.tic()
    response = self.publish('/%s/my_company/getTitle' % self.getOrganisationModule().absolute_url(relative=1),
                            basic='guest:guest')
    self.assertEqual(response.getStatus(), 401)

569 570 571 572 573
def test_suite():
  suite = unittest.TestSuite()
  suite.addTest(unittest.makeSuite(TestUserManagement))
  suite.addTest(unittest.makeSuite(TestLocalRoleManagement))
  return suite