Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add ftests for the role component in grokcore.security
- Loading branch information
1 parent
968196a
commit e3a129a
Showing
6 changed files
with
163 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,6 +11,7 @@ def read(*rnames): | |
| ) | ||
|
|
||
| tests_require = [ | ||
| 'zope.app.wsgi', | ||
| 'zope.configuration', | ||
| 'zope.testing', | ||
| ] | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| <configure | ||
| xmlns="http://namespaces.zope.org/zope" | ||
| xmlns:grok="http://namespaces.zope.org/grok" | ||
| xmlns:browser="http://namespaces.zope.org/browser" | ||
| i18n_domain="grokcore.security" | ||
| package="grokcore.security"> | ||
|
|
||
| <include package="grokcore.view" file="ftesting.zcml" /> | ||
| <include package="grokcore.security" file="meta.zcml" /> | ||
| <include package="grokcore.view" file="publication_security.zcml" /> | ||
|
|
||
| <grok:grok package=".ftests" /> | ||
|
|
||
| </configure> |
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| """ | ||
| Viewing a protected view with insufficient privileges will yield | ||
| Unauthorized: | ||
| >>> from zope.app.wsgi.testlayer import Browser | ||
| >>> browser = Browser() | ||
| >>> browser.open("http://localhost/@@cavepainting") | ||
| Traceback (most recent call last): | ||
| HTTPError: HTTP Error 401: Unauthorized | ||
| >>> browser.open("http://localhost/@@editcavepainting") | ||
| Traceback (most recent call last): | ||
| HTTPError: HTTP Error 401: Unauthorized | ||
| >>> browser.open("http://localhost/@@erasecavepainting") | ||
| Traceback (most recent call last): | ||
| HTTPError: HTTP Error 401: Unauthorized | ||
| Let's now grant anonymous the PaintingOwner role locally (so that we | ||
| don't have to modify the global setup). Then we can access the views | ||
| just fine: | ||
| >>> from zope.securitypolicy.interfaces import IPrincipalRoleManager | ||
| >>> root = getRootFolder() | ||
| >>> IPrincipalRoleManager(root).assignRoleToPrincipal( | ||
| ... 'paint.PaintingOwner', 'zope.anybody') | ||
| >>> browser.open("http://localhost/@@cavepainting") | ||
| >>> print browser.contents | ||
| What a beautiful painting. | ||
| >>> browser.open("http://localhost/@@editcavepainting") | ||
| >>> print browser.contents | ||
| Let's make it even prettier. | ||
| >>> browser.open("http://localhost/@@erasecavepainting") | ||
| >>> print browser.contents | ||
| Oops, mistake, let's erase it. | ||
| >>> browser.open("http://localhost/@@approvecavepainting") | ||
| Traceback (most recent call last): | ||
| HTTPError: HTTP Error 401: Unauthorized | ||
| """ | ||
|
|
||
| import grokcore.security | ||
| import grokcore.view | ||
| import grokcore.component as grok | ||
| import zope.interface | ||
|
|
||
| class ViewPermission(grokcore.security.Permission): | ||
| grok.name('paint.ViewPainting') | ||
|
|
||
| class EditPermission(grokcore.security.Permission): | ||
| grok.name('paint.EditPainting') | ||
|
|
||
| class ErasePermission(grokcore.security.Permission): | ||
| grok.name('paint.ErasePainting') | ||
|
|
||
| class ApprovePermission(grokcore.security.Permission): | ||
| grok.name('paint.ApprovePainting') | ||
|
|
||
| class PaintingOwner(grokcore.security.Role): | ||
| grok.name('paint.PaintingOwner') | ||
| grok.title('Painting Owner') | ||
| grokcore.security.permissions( | ||
| 'paint.ViewPainting', 'paint.EditPainting', 'paint.ErasePainting') | ||
|
|
||
| class CavePainting(grokcore.view.View): | ||
|
|
||
| grok.context(zope.interface.Interface) | ||
| grokcore.security.require(ViewPermission) | ||
|
|
||
| def render(self): | ||
| return 'What a beautiful painting.' | ||
|
|
||
| class EditCavePainting(grokcore.view.View): | ||
|
|
||
| grok.context(zope.interface.Interface) | ||
| grokcore.security.require(EditPermission) | ||
|
|
||
| def render(self): | ||
| return 'Let\'s make it even prettier.' | ||
|
|
||
| class EraseCavePainting(grokcore.view.View): | ||
|
|
||
| grok.context(zope.interface.Interface) | ||
| grokcore.security.require(ErasePermission) | ||
|
|
||
| def render(self): | ||
| return 'Oops, mistake, let\'s erase it.' | ||
|
|
||
| class ApproveCavePainting(grokcore.view.View): | ||
|
|
||
| grok.context(zope.interface.Interface) | ||
| grokcore.security.require(ApprovePermission) | ||
|
|
||
| def render(self): | ||
| return 'Painting owners cannot approve their paintings.' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| import re | ||
| import doctest | ||
| import unittest | ||
| import grokcore.security | ||
|
|
||
| from pkg_resources import resource_listdir | ||
| from zope.testing import renormalizing | ||
| from zope.app.wsgi.testlayer import BrowserLayer, http | ||
|
|
||
| FunctionalLayer = BrowserLayer(grokcore.security) | ||
|
|
||
| checker = renormalizing.RENormalizing([ | ||
| # Accommodate to exception wrapping in newer versions of mechanize | ||
| (re.compile(r'httperror_seek_wrapper:', re.M), 'HTTPError:'), | ||
| ]) | ||
|
|
||
| def suiteFromPackage(name): | ||
| files = resource_listdir(__name__, name) | ||
| suite = unittest.TestSuite() | ||
| for filename in files: | ||
| if not filename.endswith('.py'): | ||
| continue | ||
| if filename == '__init__.py': | ||
| continue | ||
| dottedname = 'grokcore.security.ftests.%s.%s' % (name, filename[:-3]) | ||
| test = doctest.DocTestSuite( | ||
| dottedname, | ||
| checker=checker, | ||
| extraglobs=dict( | ||
| http=http, | ||
| getRootFolder=FunctionalLayer.getRootFolder), | ||
| optionflags=( | ||
| doctest.ELLIPSIS + | ||
| doctest.NORMALIZE_WHITESPACE + | ||
| doctest.REPORT_NDIFF)) | ||
| test.layer = FunctionalLayer | ||
| suite.addTest(test) | ||
| return suite | ||
|
|
||
| def test_suite(): | ||
| suite = unittest.TestSuite() | ||
| for name in [ | ||
| 'role' | ||
| ]: | ||
| suite.addTest(suiteFromPackage(name)) | ||
| return suite | ||
|
|
||
| if __name__ == '__main__': | ||
| unittest.main(defaultTest='test_suite') |