securitySuite first version

d86b6a24 · Andreas Jung · 7e9dad98 · d86b6a24 · d86b6a24
Commit d86b6a24 authored Oct 01, 2001 by Andreas Jung
2 changed files
--- a/lib/python/AccessControl/securitySuite/framework.py
+++ b/lib/python/AccessControl/securitySuite/framework.py
+##############################################################################
+# 
+# Zope Public License (ZPL) Version 1.0
+# -------------------------------------
+# 
+# Copyright (c) Digital Creations.  All rights reserved.
+# 
+# This license has been certified as Open Source(tm).
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 
+# 1. Redistributions in source code must retain the above copyright
+#    notice, this list of conditions, and the following disclaimer.
+# 
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions, and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 
+# 3. Digital Creations requests that attribution be given to Zope
+#    in any manner possible. Zope includes a "Powered by Zope"
+#    button that is installed by default. While it is not a license
+#    violation to remove this button, it is requested that the
+#    attribution remain. A significant investment has been put
+#    into Zope, and this effort will continue if the Zope community
+#    continues to grow. This is one way to assure that growth.
+# 
+# 4. All advertising materials and documentation mentioning
+#    features derived from or use of this software must display
+#    the following acknowledgement:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    In the event that the product being advertised includes an
+#    intact Zope distribution (with copyright and license included)
+#    then this clause is waived.
+# 
+# 5. Names associated with Zope or Digital Creations must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission from Digital Creations.
+# 
+# 6. Modified redistributions of any form whatsoever must retain
+#    the following acknowledgment:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    Intact (re-)distributions of any official Zope release do not
+#    require an external acknowledgement.
+# 
+# 7. Modifications are encouraged but must be packaged separately as
+#    patches to official Zope releases.  Distributions that do not
+#    clearly separate the patches from the original work must be clearly
+#    labeled as unofficial distributions.  Modifications which do not
+#    carry the name Zope may be packaged in any form, as long as they
+#    conform to all of the clauses above.
+# 
+# 
+# Disclaimer
+# 
+#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
+#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+# 
+# 
+# This software consists of contributions made by Digital Creations and
+# many individuals on behalf of Digital Creations.  Specific
+# attributions are listed in the accompanying credits file.
+# 
+##############################################################################
+
+######################################################################
+# Set up unit testing framework
+#
+# The following code should be at the top of every test module:
+#
+# import os, sys
+# execfile(os.path.join(sys.path[0], 'framework.py'))
+#
+# ...and the following at the bottom:
+#
+# framework()
+
+
+# Find the Testing package
+if not sys.modules.has_key('Testing'):
+    p0 = sys.path[0]
+    if p0 and __name__ == '__main__':
+        os.chdir(p0)
+        p0 = ''
+    p = d = os.path.abspath(os.curdir)
+    while d:
+        if os.path.isdir(os.path.join(p, 'Testing')):
+            sys.path[:1] = [p0, os.pardir, p]
+            break
+        p, d = os.path.split(p)
+    else:
+        print 'Unable to locate Testing package.'
+        sys.exit(1)
+
+import Testing, unittest
+execfile(os.path.join(os.path.split(Testing.__file__)[0], 'common.py'))
+
+
--- a/lib/python/AccessControl/securitySuite/testSecurity.py
+++ b/lib/python/AccessControl/securitySuite/testSecurity.py
+#!/usr/bin/env python2.1
+
+import os, sys
+execfile(os.path.join(sys.path[0],'framework.py'))
+
+import unittest,re
+import Zope,ZPublisher,cStringIO
+from OFS.Folder import Folder
+from OFS.SimpleItem  import SimpleItem
+from AccessControl import ClassSecurityInfo
+from Acquisition import Implicit
+import Globals
+
+class TestObject(SimpleItem,Implicit):
+    """ test object """
+
+    security = ClassSecurityInfo()
+
+    def __init__(self,id,marker):
+        self.id = id
+        self.marker=marker
+
+    security.declarePrivate("private_func")
+    def private_func(self):
+        """ private func """
+        return "i am private"
+
+
+    security.declareProtected("Protect Permission","protected_func")
+    def protected_func(self):
+        """ proteced func """
+        return "i am protected "
+
+
+    security.declarePublic("public_func")
+    def public_func(self):
+        """ public func """
+        return "i am public"
+
+
+Globals.InitializeClass(TestObject)
+
+
+class TestFolder(Folder,Implicit):
+    """ test class """
+
+    security = ClassSecurityInfo()
+    security.declareObjectPrivate()
+
+Globals.InitializeClass(TestFolder)
+
+
+class User:
+
+    def __init__(self,username,password,roles):
+        self.username = username
+        self.password = password
+        self.roles    = roles
+
+    def auth(self):
+        return "%s:%s" % (self.username,self.password)
+
+
+    def __str__(self):
+        return "User(%s:%s:%s)" % (self.username,self.password,self.roles)
+
+    __repr__ = __str__
+
+
+USERS = (
+    User('user1','123',[]),
+    User('user2','123',[]),
+    User('owner','123',('Owner',)),
+    User('manager','123',('Manager',))
+)
+
+
+class SecurityTests(unittest.TestCase) :
+
+    def setUp(self):
+        """ my setup """
+
+        self.root = Zope.app()
+        acl = self.root.acl_users
+
+        for user in USERS:
+            
+            try: acl._delUsers( user.username )
+            except: pass
+   
+        for user in USERS:
+            acl._addUser(user.username,user.password,user.password,
+                            user.roles, [])
+
+        get_transaction().commit()
+
+        if 'folder1' in self.root.objectIds():
+            self.root._delObject('folder1') 
+
+        if 'object1' in self.root.objectIds():
+            self.root._delObject('object1') 
+        
+        f = TestFolder('folder1')
+        self.root._setObject('folder1',f)
+
+        f = TestFolder('folder2')
+        self.root.folder1._setObject('folder2',f)
+
+        obj = TestObject('object1','m1')
+        self.root.folder1._setObject('object1',obj)
+
+        obj = TestObject('looserObject','m1')
+        self.root.folder1._setObject('looserObject',obj)
+
+
+        obj = TestObject('object2','m2')
+        self.root.folder1.folder2._setObject('object2',obj)
+        print self.root.folder1.folder2.getOwner()
+    
+        get_transaction().commit()
+    
+
+
+    def testPublicFunc(self):
+        """ testing PublicFunc"""
+
+        path = "/folder1/object1/public_func" 
+
+        for user in USERS:
+            code,txt= self._request(path,u=user.auth())
+            assert code==200, (path,user,code,txt)
+
+    def testPublicFuncWithWrongAuth(self):
+        """ testing PublicFunc"""
+
+        path = "/folder1/object1/public_func" 
+
+        for user in USERS:
+            code,txt= self._request(path,u=user.auth()+'xx')
+            assert code==200, (path,user,code,txt)
+
+
+    def testPrivateFunc(self):
+        """ testing PrivateFunc"""
+
+        path = "/folder1/object1/private_func" 
+
+        for user in USERS:
+            code,txt= self._request(path,u=user.auth())
+            assert code==401, (path,user,code,txt)
+
+
+    def testProtectedFunc(self):
+        """ testing PrivateFunc"""
+
+        path = "/folder1/object1/protected_func" 
+
+        for user in USERS:
+            code,txt= self._request(path,u=user.auth())
+
+            if 'Manager' in user.roles:
+                assert code==200, (path,user,code,txt)
+            else:
+                assert code==401, (path,user,code,txt)
+
+
+
+    def testXX(self):
+        """ xxx """
+        for id,obj in self.root.objectItems():
+            print id,obj.getOwner()
+
+
+    def _request(self,*args,**kw):
+
+        reg = re.compile("Status: ([0-9]{1,4}) (.*)",re.I)\
+
+        io =cStringIO.StringIO()
+        kw['s']=io
+        ZPublisher.Zope(*args,**kw)
+        outp = io.getvalue()
+        mo = reg.search(outp)
+
+        code,txt = mo.groups()
+
+#        print "%-40s  %-20s   %3d %s" % (args[0],kw.get('u',''),int(code),txt)
+        return int(code),txt
+        
+        
+framework()
+