Skip to content

Commit

Permalink
100% coverage for zopepolicy.py
Browse files Browse the repository at this point in the history
  • Loading branch information
@jamadden
jamadden committed Aug 24, 2018
1 parent e6d5780 commit ad6c984
Show file tree
Hide file tree
Showing 2 changed files with 115 additions and 10 deletions.
111 changes: 109 additions & 2 deletions src/zope/securitypolicy/tests/test_zopepolicy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,11 @@
from zope.component.testing import setUp as componentSetUp
from zope.component.testing import tearDown as componentTearDown
from zope.annotation.interfaces import IAnnotatable
from zope.annotation.interfaces import IAttributeAnnotatable
from zope.annotation.attribute import AttributeAnnotations
from zope.security.management import endInteraction
from zope.testing.cleanup import CleanUp
from zope import interface

from zope.securitypolicy.interfaces import IGrantInfo
from zope.securitypolicy.interfaces import IPrincipalRoleManager
Expand All @@ -35,9 +38,10 @@
AnnotationRolePermissionManager
from zope.securitypolicy.grantinfo import \
AnnotationGrantInfo
from zope.securitypolicy import zopepolicy


class TestZCML(unittest.TestCase):
class TestZCML(CleanUp, unittest.TestCase):

def testMetaZCML(self):
import zope.configuration
Expand All @@ -53,9 +57,112 @@ def testConfigureZCML(self):
def testSecuritypolicyZCML(self):
import zope.configuration
import zope.securitypolicy
import zope.annotation
zope.configuration.xmlconfig.file(
"configure.zcml", zope.annotation)

zope.configuration.xmlconfig.file(
"securitypolicy.zcml", zope.securitypolicy)

settings = zopepolicy.settingsForObject(self)
self.assertEqual(
settings[0],
('(no name)', {})
)
self.assertEqual(
settings[1][0],
'global settings'
)

self.assertIn(
'principalPermissions',
settings[1][1]
)
self.assertIn(
'rolePermissions',
settings[1][1]
)
self.assertIn(
'principalRoles',
settings[1][1]
)

# Making us annotatable changes our data; we don't have anything
# but we do have managers
interface.alsoProvides(self, IAttributeAnnotatable)
settings = zopepolicy.settingsForObject(self)
self.assertEqual(
settings[0],
('(no name)',
{'principalPermissions': [], 'principalRoles': [], 'rolePermissions': []})
)


class TestZopePolicy(CleanUp, unittest.TestCase):

def setUp(self):
super(TestZopePolicy, self).setUp()
self.policy = zopepolicy.ZopeSecurityPolicy()

def test_checkPermission_system_user(self):
from zope.security.management import system_user

class Participation(object):
principal = system_user
interaction = None

self.policy.add(Participation())

self.assertTrue(self.policy.checkPermission('perm', self))

def test_checkPermission_multiple_participations_for_same_id(self):

class Principal(object):
id = 'principal'

class Participation(object):
principal = Principal()
interaction = None

self.policy.add(Participation())
self.policy.add(Participation())

invoked_counter = []
def cached_decision(self, *args):
invoked_counter.append(args)
return True

self.policy.cached_decision = cached_decision
self.assertTrue(self.policy.checkPermission('perm', self))
self.assertEqual(1, len(invoked_counter))

def test__findGroupsFor_seen(self):
group_id = 'group'
class Principal(object):
groups = (group_id,)

seen = {group_id}

# Does nothing because we've already been seen
self.assertEqual(
self.policy._findGroupsFor(Principal(), None, seen),
()
)

def test__findGroupsFor_LookupError(self):
# lookup errors are ignored
from zope.authentication.interfaces import PrincipalLookupError
class Principal(object):
groups = ('group',)

def getPrincipal(gid):
raise PrincipalLookupError(gid)

self.assertEqual(
self.policy._findGroupsFor(Principal(), getPrincipal, []),
()
)


def setUp(test):
componentSetUp()
Expand All @@ -75,5 +182,5 @@ def test_suite():
DocFileSuite('zopepolicy.txt',
package='zope.securitypolicy',
setUp=setUp, tearDown=componentTearDown),
unittest.makeSuite(TestZCML),
unittest.defaultTestLoader.loadTestsFromName(__name__)
))
14 changes: 6 additions & 8 deletions src/zope/securitypolicy/zopepolicy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,44 +326,42 @@ def settingsForObject(ob):
principalPermissions = IPrincipalPermissionMap(ob, None)
if principalPermissions is not None:
settings = principalPermissions.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
for (p, pr, s) in sorted(settings)]

principalRoles = IPrincipalRoleMap(ob, None)
if principalRoles is not None:
settings = principalRoles.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
for (r, p, s) in sorted(settings)]

rolePermissions = IRolePermissionMap(ob, None)
if rolePermissions is not None:
settings = rolePermissions.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
for (p, r, s) in sorted(settings)]

ob = getattr(ob, '__parent__', None)

data = {}
result.append(('global settings', data))

settings = principalPermissionManager.getPrincipalsAndPermissions()
settings.sort()
data['principalPermissions'] = [
{'principal': pr, 'permission': p, 'setting': s}
for (p, pr, s) in settings]
for (p, pr, s) in sorted(settings)]

settings = principalRoleManager.getPrincipalsAndRoles()
data['principalRoles'] = [
{'principal': p, 'role': r, 'setting': s}
for (r, p, s) in settings]
for (r, p, s) in sorted(settings)]

settings = rolePermissionManager.getRolesAndPermissions()
data['rolePermissions'] = [
{'permission': p, 'role': r, 'setting': s}
for (p, r, s) in settings]
for (p, r, s) in sorted(settings)]

return result

0 comments on commit ad6c984

Please sign in to comment.