Mercurial > p > roundup > code

annotate test/test_security.py @ 5200:16a8a3f0772c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Reset state of: self.db.security.set_props_only_default(False) at end of testGetPermission. I thought each test_X module had a fresh environment an load of all modules. I guess that is not the case as not resetting the props_only default to false seemed to bleed into the testAuthFilter in text_xmlrpc.py. However the funny part is it only caused problem in travis ci. Not in my manual running of the full test suite on two platforms. However I am pulling errors because the framework is not skipping the postgres tests for text_xmlrpc. Maybe that failure is hiding something?? If I run just the test_xmlrpc module I would not expect an issue since the security test suite won't be invoked. I am using different versions of the test harness and python so maybe.....
author John Rouillard <rouilj@ieee.org>
date Sat, 18 Mar 2017 15:12:39 -0400
parents e0732fd6a6c7
children c94fd717e28c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # of this software and associated documentation files (the "Software"), to deal
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # in the Software without restriction, including without limitation the rights
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # copies of the Software, and to permit persons to whom the Software is
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # furnished to do so, subject to the following conditions:
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # The above copyright notice and this permission notice shall be included in
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # all copies or substantial portions of the Software.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 # SOFTWARE.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21 import os, unittest, shutil
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
23 from roundup import backends
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
24 import roundup.password
1873
f63aa57386b0 Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 1176
diff changeset
25 from db_test_base import setupSchema, MyTestCase, config
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
27
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
28 class PermissionTest(MyTestCase, unittest.TestCase):
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29 def setUp(self):
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
30 backend = backends.get_backend('anydbm')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 # remove previous test, ignore errors
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 if os.path.exists(config.DATABASE):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 shutil.rmtree(config.DATABASE)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 os.makedirs(config.DATABASE + '/files')
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
35 self.db = backend.Database(config, 'admin')
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
36 setupSchema(self.db, 1, backend)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 def testInterfaceSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 ' test that the CGI and mailgw have initialised security OK '
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 # TODO: some asserts
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 def testInitialiseSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 ei = self.db.security.addPermission(name="Edit", klass="issue",
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 description="User is allowed to edit issues")
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 self.db.security.addPermissionToRole('User', ei)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
46 ai = self.db.security.addPermission(name="View", klass="issue",
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
47 description="User is allowed to access issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 self.db.security.addPermissionToRole('User', ai)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
50 def testAdmin(self):
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
51 ei = self.db.security.addPermission(name="Edit", klass="issue",
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
52 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
53 self.db.security.addPermissionToRole('User', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
54 ei = self.db.security.addPermission(name="Edit", klass=None,
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
55 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
56 self.db.security.addPermissionToRole('Admin', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
57
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
58 u1 = self.db.user.create(username='one', roles='Admin')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
59 u2 = self.db.user.create(username='two', roles='User')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
60
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
61 self.assert_(self.db.security.hasPermission('Edit', u1, None))
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
62 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
63
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
64
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
65 def testGetPermission(self):
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
66 self.db.security.getPermission('Edit')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
67 self.db.security.getPermission('View')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
68 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
69 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
70 'fubar')
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
71
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
72 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
73 get = self.db.security.getPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
74
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
75 # class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
76 ei = add(name="Edit", klass="issue")
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
77 self.assertEquals(get('Edit', 'issue'), ei)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
78 ai = add(name="View", klass="issue")
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
79 self.assertEquals(get('View', 'issue'), ai)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
80
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
81 # property
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
82 epi1 = add(name="Edit", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
83 self.assertEquals(get('Edit', 'issue', properties=['title']), epi1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
84 epi2 = add(name="Edit", klass="issue", properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
85 props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
86 self.assertEquals(get('Edit', 'issue', properties=['title'], props_only=False), epi1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
87 self.assertEquals(get('Edit', 'issue', properties=['title'], props_only=True), epi2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
88 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
89 self.assertEquals(get('Edit', 'issue', properties=['title']), epi2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
90 api1 = add(name="View", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
91 self.assertEquals(get('View', 'issue', properties=['title']), api1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
92 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
93 api2 = add(name="View", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
94 self.assertEquals(get('View', 'issue', properties=['title']), api2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
95 self.assertNotEquals(get('View', 'issue', properties=['title']), api1)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
96
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
97 # check function
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
98 dummy = lambda: 0
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
99 eci = add(name="Edit", klass="issue", check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
100 self.assertEquals(get('Edit', 'issue', check=dummy), eci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
101 # props_only only makes sense if you are setting props.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
102 # make it a no-op unless properties is set.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
103 self.assertEquals(get('Edit', 'issue', check=dummy,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
104 props_only=True), eci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
105 aci = add(name="View", klass="issue", check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
106 self.assertEquals(get('View', 'issue', check=dummy), aci)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
107
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
108 # all
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
109 epci = add(name="Edit", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
110 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
111
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
112 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
113 # implicit props_only=False
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
114 self.assertEquals(get('Edit', 'issue', properties=['title'],
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
115 check=dummy), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
116 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
117 self.assertEquals(get('Edit', 'issue', properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
118 check=dummy, props_only=False), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
119
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
120 # implicit props_only=True
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
121 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
122 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
123 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
124 check=dummy)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
125 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
126 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
127 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
128 check=dummy, props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
129
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
130 apci = add(name="View", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
131 check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
132 self.assertEquals(get('View', 'issue', properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
133 check=dummy), apci)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
134
5200
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
135 # Reset to default. Somehow this setting looks like it
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
136 # was bleeding through to other tests in test_xmlrpc.
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
137 # Is the security module being loaded only once for all tests??
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
138 self.db.security.set_props_only_default(False)
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
139
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
140 def testDBinit(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
141 self.db.user.create(username="demo", roles='User')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
142 self.db.user.create(username="anonymous", roles='Anonymous')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
143
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
144 def testAccessControls(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
145 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
146 has = self.db.security.hasPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
147 addRole = self.db.security.addRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
148 addToRole = self.db.security.addPermissionToRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
149
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
150 none = self.db.user.create(username='none', roles='None')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
151
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
152 # test admin access
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
153 addRole(name='Super')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
154 addToRole('Super', add(name="Test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
155 super = self.db.user.create(username='super', roles='Super')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
156
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
157 # test class-level access
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
158 addRole(name='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
159 addToRole('Role1', add(name="Test", klass="test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
160 user1 = self.db.user.create(username='user1', roles='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
161 self.assertEquals(has('Test', user1, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
162 self.assertEquals(has('Test', super, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
163 self.assertEquals(has('Test', none, 'test'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
164
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
165 # property
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
166 addRole(name='Role2')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
167 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
168 user2 = self.db.user.create(username='user2', roles='Role2')
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
169
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
170 # check function
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
171 check_old_style = lambda db, userid, itemid: itemid == '2'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
172 #def check_old_style(db, userid, itemid):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
173 # print "checking userid, itemid: %r"%((userid,itemid),)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
174 # return(itemid == '2')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
175
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
176 # setup to check function new style. Make sure that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
177 # other args are passed.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
178 def check(db,userid,itemid, **other):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
179 prop = other['property']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
180 prop = other['classname']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
181 prop = other['permission']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
182 return (itemid == '1')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
183
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
184 addRole(name='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
185 addToRole('Role3', add(name="Test", klass="test", check=check))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
186 user3 = self.db.user.create(username='user3', roles='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
187
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
188 addRole(name='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
189 addToRole('Role4', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
190 properties='a', props_only=True))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
191 user4 = self.db.user.create(username='user4', roles='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
192
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
193 self.db.security.set_props_only_default(props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
194 addRole(name='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
195 addToRole('Role5', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
196 check=check_old_style, properties=['a']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
197 user5 = self.db.user.create(username='user5', roles='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
198
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
199 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
200 addRole(name='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
201 addToRole('Role6', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
202 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
203 user6 = self.db.user.create(username='user6', roles='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
204
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
205 addRole(name='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
206 addToRole('Role7', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
207 check=check_old_style,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
208 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
209 user7 = self.db.user.create(username='user7', roles='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
210 print user7
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
211
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
212 # *any* access to class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
213 self.assertEquals(has('Test', user1, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
214 self.assertEquals(has('Test', user2, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
215 self.assertEquals(has('Test', user3, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
216 # user4 and user5 should not return true as the permission
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
217 # is limited to property checks
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
218 self.assertEquals(has('Test', user4, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
219 self.assertEquals(has('Test', user5, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
220 # user6 will will return access
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
221 self.assertEquals(has('Test', user6, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
222 # will work because check is ignored, if check was
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
223 # used this would work but next test would fail
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
224 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
225 # returns true because class tests ignore the check command
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
226 # if there is no itemid no check command is run
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
227 self.assertEquals(has('Test', user7, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
228 self.assertEquals(has('Test', none, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
229
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
230
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
231 # *any* access to item
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
232 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
233 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
234 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
235 self.assertEquals(has('Test', user4, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
236 self.assertEquals(has('Test', user5, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
237 self.assertEquals(has('Test', user6, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
238 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
239 self.assertEquals(has('Test', user7, 'test', itemid='1'), 0)
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
240 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
241 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
242
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
243 # now property test: no default itemid so check functions not run.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
244 self.assertEquals(has('Test', user7, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
245 self.assertEquals(has('Test', user7, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
246 self.assertEquals(has('Test', user7, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
247
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
248 self.assertEquals(has('Test', user6, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
249 self.assertEquals(has('Test', user6, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
250 self.assertEquals(has('Test', user6, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
251
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
252 self.assertEquals(has('Test', user5, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
253 self.assertEquals(has('Test', user5, 'test', property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
254 self.assertEquals(has('Test', user5, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
255
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
256 self.assertEquals(has('Test', user4, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
257 self.assertEquals(has('Test', user4, 'test', property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
258 self.assertEquals(has('Test', user4, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
259
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
260 self.assertEquals(has('Test', user3, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
261 self.assertEquals(has('Test', user3, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
262 self.assertEquals(has('Test', user3, 'test', property='c'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
263
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
264 self.assertEquals(has('Test', user2, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
265 self.assertEquals(has('Test', user2, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
266 self.assertEquals(has('Test', user2, 'test', property='c'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
267 self.assertEquals(has('Test', user1, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
268 self.assertEquals(has('Test', user1, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
269 self.assertEquals(has('Test', user1, 'test', property='c'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
270 self.assertEquals(has('Test', super, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
271 self.assertEquals(has('Test', super, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
272 self.assertEquals(has('Test', super, 'test', property='c'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
273 self.assertEquals(has('Test', none, 'test', property='a'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
274 self.assertEquals(has('Test', none, 'test', property='b'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
275 self.assertEquals(has('Test', none, 'test', property='c'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
276 self.assertEquals(has('Test', none, 'test'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
277
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
278 # now check function
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
279 self.assertEquals(has('Test', user7, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
280 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
281 self.assertEquals(has('Test', user6, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
282 self.assertEquals(has('Test', user6, 'test', itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
283 # check functions will not run for user4/user5 since the
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
284 # only perms are for properties only.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
285 self.assertEquals(has('Test', user5, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
286 self.assertEquals(has('Test', user5, 'test', itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
287 self.assertEquals(has('Test', user4, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
288 self.assertEquals(has('Test', user4, 'test', itemid='2'), 0)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
289 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
290 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
291 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
292 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
293 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
294 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
295 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
296 self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
297 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
298 self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
299
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
300 # now mix property and check commands
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
301 # check is old style props_only = false
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
302 self.assertEquals(has('Test', user7, 'test', property="c",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
303 itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
304 self.assertEquals(has('Test', user7, 'test', property="c",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
305 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
306
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
307 self.assertEquals(has('Test', user7, 'test', property="a",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
308 itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
309 self.assertEquals(has('Test', user7, 'test', property="a",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
310 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
311
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
312 # check is new style props_only = false
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
313 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
314 property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
315 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
316 property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
317 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
318 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
319 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
320 property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
321 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
322 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
323 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
324 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
325
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
326 # check is old style props_only = true
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
327 self.assertEquals(has('Test', user5, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
328 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
329 self.assertEquals(has('Test', user5, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
330 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
331 self.assertEquals(has('Test', user5, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
332 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
333 self.assertEquals(has('Test', user5, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
334 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
335
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
336 # check is new style props_only = true
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
337 self.assertEquals(has('Test', user4, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
338 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
339 self.assertEquals(has('Test', user4, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
340 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
341 self.assertEquals(has('Test', user4, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
342 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
343 self.assertEquals(has('Test', user4, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
344 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
345
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
346 def testTransitiveSearchPermissions(self):
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
347 add = self.db.security.addPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
348 has = self.db.security.hasSearchPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
349 addRole = self.db.security.addRole
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
350 addToRole = self.db.security.addPermissionToRole
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
351 addRole(name='User')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
352 addRole(name='Anonymous')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
353 addRole(name='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
354 addRole(name='Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
355 addRole(name='UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
356 user = self.db.user.create(username='user1', roles='User')
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
357 anon = self.db.user.create(username='anonymous', roles='Anonymous')
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
358 ui = self.db.user.create(username='user2', roles='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
359 uim = self.db.user.create(username='user3', roles='Issue,Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
360 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
361 iv = add(name="View", klass="issue")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
362 addToRole('User', iv)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
363 addToRole('Anonymous', iv)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
364 addToRole('Issue', iv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
365 ms = add(name="Search", klass="msg")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
366 addToRole('User', ms)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
367 addToRole('Anonymous', ms)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
368 addToRole('Msg', ms)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
369 uv = add(name="View", klass="user")
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
370 addToRole('User', uv)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
371 addToRole('UV', uv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
372 self.assertEquals(has(anon, 'issue', 'messages'), 1)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
373 self.assertEquals(has(anon, 'issue', 'messages.author'), 0)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
374 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
375 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
376 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
377 self.assertEquals(has(user, 'issue', 'messages'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
378 self.assertEquals(has(user, 'issue', 'messages.author'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
379 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
380 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
381 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
382
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
383 self.assertEquals(has(ui, 'issue', 'messages'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
384 self.assertEquals(has(ui, 'issue', 'messages.author'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
385 self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
386 self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
387 self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
388
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
389 self.assertEquals(has(uim, 'issue', 'messages'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
390 self.assertEquals(has(uim, 'issue', 'messages.author'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
391 self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
392 self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
393 self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
394
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
395 self.assertEquals(has(uimu, 'issue', 'messages'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
396 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
397 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
398 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
399 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
400
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
401 # roundup.password has its own built-in test, call it.
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
402 def test_password(self):
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
403 roundup.password.test()
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
404
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
405 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/