Commit 2a2f650d authored by Brian Lloyd's avatar Brian Lloyd

unify policy tests

parent 455c21c7
...@@ -13,8 +13,8 @@ ...@@ -13,8 +13,8 @@
"""Tests of ZopeSecurityPolicy """Tests of ZopeSecurityPolicy
""" """
__rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.9 2004/01/27 16:59:23 tseaver Exp $' __rcs_id__='$Id: testZopeSecurityPolicy.py,v 1.10 2004/01/27 19:22:51 Brian Exp $'
__version__='$Revision: 1.9 $'[11:-2] __version__='$Revision: 1.10 $'[11:-2]
import os, sys, unittest import os, sys, unittest
...@@ -37,8 +37,11 @@ sysadmin_roles = ('RoleOfSysAdmin',) ...@@ -37,8 +37,11 @@ sysadmin_roles = ('RoleOfSysAdmin',)
class App(Explicit): class App(Explicit):
pass def unrestrictedTraverse(self, path):
ob = self
for el in path:
ob = getattr(ob, el)
return ob
class PublicMethod (Method): class PublicMethod (Method):
def getOwner(self): def getOwner(self):
...@@ -73,11 +76,26 @@ class setuidMethod (PublicMethod): ...@@ -73,11 +76,26 @@ class setuidMethod (PublicMethod):
_proxy_roles = sysadmin_roles _proxy_roles = sysadmin_roles
class OwnedSetuidMethod(Implicit):
__roles__ = eo_roles
_proxy_roles = sysadmin_roles
def getOwner(self, info=0):
if info:
return (('subobject', 'acl_users'), 'theowner')
else:
return self.aq_parent.aq_parent.acl_users.getUserById('theowner')
def getWrappedOwner(self):
acl_users = self.aq_parent.aq_parent.acl_users
user = acl_users.getUserById('theowner')
return user.__of__(acl_users)
class DangerousMethod (PublicMethod): class DangerousMethod (PublicMethod):
# Only accessible to sysadmin or people who use proxy roles # Only accessible to sysadmin or people who use proxy roles
__roles__ = sysadmin_roles __roles__ = sysadmin_roles
class SimpleItemish (Implicit): class SimpleItemish (Implicit):
public_m = PublicMethod() public_m = PublicMethod()
protected_m = ProtectedMethod() protected_m = ProtectedMethod()
...@@ -87,12 +105,23 @@ class SimpleItemish (Implicit): ...@@ -87,12 +105,23 @@ class SimpleItemish (Implicit):
public_prop = 'Public Value' public_prop = 'Public Value'
private_prop = 'Private Value' private_prop = 'Private Value'
class ImplictAcqObject(Implicit):
pass
class UnprotectedSimpleItem (SimpleItemish): class UnprotectedSimpleItem (SimpleItemish):
__allow_access_to_unprotected_subobjects__ = 1 __allow_access_to_unprotected_subobjects__ = 1
class OwnedSimpleItem(UnprotectedSimpleItem):
def getOwner(self, info=0):
if info:
return (('subobject', 'acl_users'), 'theowner')
else:
return self.aq_parent.acl_users.getuserById('theowner')
class RestrictedSimpleItem (SimpleItemish): class RestrictedSimpleItem (SimpleItemish):
__allow_access_to_unprotected_subobjects__ = 0 __allow_access_to_unprotected_subobjects__ = 0
...@@ -258,6 +287,39 @@ class ZopeSecurityPolicyTests (unittest.TestCase): ...@@ -258,6 +287,39 @@ class ZopeSecurityPolicyTests (unittest.TestCase):
else: else:
policy.validate('', '', name, '', None) policy.validate('', '', name, '', None)
def testProxyRoleScope(self):
self.a.subobject = ImplictAcqObject()
subobject = self.a.subobject
subobject.acl_users = UserFolder()
subobject.acl_users._addUser('theowner', 'password', 'password',
eo_roles + sysadmin_roles, ())
subobject.item = UnprotectedSimpleItem()
subitem = subobject.item
subitem.owned_setuid_m = OwnedSetuidMethod()
subitem.getPhysicalRoot = lambda root=self.a: root
item = self.a.item
item.getPhysicalRoot = lambda root=self.a: root
self.context.stack.append(subitem.owned_setuid_m.__of__(subitem))
# Out of owner context
self.assertPolicyAllows(item, 'public_m')
self.assertPolicyDenies(item, 'protected_m')
self.assertPolicyDenies(item, 'owned_m')
self.assertPolicyAllows(item, 'setuid_m')
self.assertPolicyDenies(item, 'dangerous_m')
# Inside owner context
self.assertPolicyAllows(subitem, 'public_m')
self.assertPolicyDenies(subitem, 'protected_m')
self.assertPolicyDenies(subitem, 'owned_m')
self.assertPolicyAllows(subitem, 'setuid_m')
self.assertPolicyAllows(subitem, 'dangerous_m')
def testUnicodeName(self):
policy = self.policy
assert policy.validate('', '', u'foo', '', None)
if 0: if 0:
# This test purposely generates a log entry. # This test purposely generates a log entry.
# Enable it if you don't mind it adding to the log. # Enable it if you don't mind it adding to the log.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment