Mercurial > p > roundup > code
annotate test/test_security.py @ 2077:3e0961d6d44d
Added the "actor" property.
Metakit backend not done (still not confident I know how it's supposed
to work ;)
Currently it will come up as NULL in the RDBMS backends for older items.
The *dbm backends will look up the journal. I hope to remedy the former
before 0.7's release.
Fixed a bunch of migration issues in the rdbms backends while I was at it
(index changes for key prop changes) and simplified the class table update
code for RDBMSes that have "alter table" in their command set (ie. not
sqlite) ... migration from "version 1" to "version 2" still hasn't
actually been tested yet though.
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Mon, 15 Mar 2004 05:50:20 +0000 |
| parents | f63aa57386b0 |
| children | 79f91a6dbc7f |
| rev | line source |
|---|---|
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 # Permission is hereby granted, free of charge, to any person obtaining a copy |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 # of this software and associated documentation files (the "Software"), to deal |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 # in the Software without restriction, including without limitation the rights |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 # copies of the Software, and to permit persons to whom the Software is |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 # furnished to do so, subject to the following conditions: |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 # The above copyright notice and this permission notice shall be included in |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
11 # all copies or substantial portions of the Software. |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
12 # |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
19 # SOFTWARE. |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
20 |
|
1873
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
21 # $Id: test_security.py,v 1.6 2003-10-25 22:53:26 richard Exp $ |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
22 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
23 import os, unittest, shutil |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
24 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
25 from roundup.password import Password |
|
1873
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
26 from db_test_base import setupSchema, MyTestCase, config |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
27 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
28 class PermissionTest(MyTestCase): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
29 def setUp(self): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
30 from roundup.backends import anydbm |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
31 # remove previous test, ignore errors |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
32 if os.path.exists(config.DATABASE): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
33 shutil.rmtree(config.DATABASE) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
34 os.makedirs(config.DATABASE + '/files') |
|
1176
bd3b57859c37
On second thought, that last checkin was dumb.
Richard Jones <richard@users.sourceforge.net>
parents:
1090
diff
changeset
|
35 self.db = anydbm.Database(config, 'admin') |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
36 setupSchema(self.db, 1, anydbm) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
37 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
38 def testInterfaceSecurity(self): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
39 ' test that the CGI and mailgw have initialised security OK ' |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
40 # TODO: some asserts |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
41 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
42 def testInitialiseSecurity(self): |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
43 ''' Create some Permissions and Roles on the security object |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
44 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
45 This function is directly invoked by security.Security.__init__() |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
46 as a part of the Security object instantiation. |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
47 ''' |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
48 ei = self.db.security.addPermission(name="Edit", klass="issue", |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
49 description="User is allowed to edit issues") |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
50 self.db.security.addPermissionToRole('User', ei) |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
51 ai = self.db.security.addPermission(name="View", klass="issue", |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
52 description="User is allowed to access issues") |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
53 self.db.security.addPermissionToRole('User', ai) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
54 |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
55 def testGetPermission(self): |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
56 self.db.security.getPermission('Edit') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
57 self.db.security.getPermission('View') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
58 self.assertRaises(ValueError, self.db.security.getPermission, 'x') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
59 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit', |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
60 'fubar') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
61 ei = self.db.security.addPermission(name="Edit", klass="issue", |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
62 description="User is allowed to edit issues") |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
63 self.db.security.getPermission('Edit', 'issue') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
64 ai = self.db.security.addPermission(name="View", klass="issue", |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
65 description="User is allowed to access issues") |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
66 self.db.security.getPermission('View', 'issue') |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
67 |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
68 def testDBinit(self): |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
69 self.db.user.create(username="anonymous", roles='User') |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
70 |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
71 def testAccessControls(self): |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
72 self.testDBinit() |
|
909
ef9c759c243e
Fix to hasPermission, thanks Stefan Seefeld.
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
73 ei = self.db.security.addPermission(name="Edit", klass="issue", |
|
ef9c759c243e
Fix to hasPermission, thanks Stefan Seefeld.
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
74 description="User is allowed to edit issues") |
|
ef9c759c243e
Fix to hasPermission, thanks Stefan Seefeld.
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
75 self.db.security.addPermissionToRole('User', ei) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
76 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
77 # test class-level access |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
78 userid = self.db.user.lookup('admin') |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
79 self.assertEquals(self.db.security.hasPermission('Edit', userid, |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
80 'issue'), 1) |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
81 self.assertEquals(self.db.security.hasPermission('Edit', userid, |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
82 'user'), 1) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
83 userid = self.db.user.lookup('anonymous') |
|
905
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
84 self.assertEquals(self.db.security.hasPermission('Edit', userid, |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
85 'issue'), 1) |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
86 self.assertEquals(self.db.security.hasPermission('Edit', userid, |
|
502a5ae11cc5
Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents:
902
diff
changeset
|
87 'user'), 0) |
|
909
ef9c759c243e
Fix to hasPermission, thanks Stefan Seefeld.
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
88 self.assertEquals(self.db.security.hasPermission('View', userid, |
|
ef9c759c243e
Fix to hasPermission, thanks Stefan Seefeld.
Richard Jones <richard@users.sourceforge.net>
parents:
905
diff
changeset
|
89 'issue'), 0) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
90 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
91 # test node-level access |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
92 issueid = self.db.issue.create(title='foo', assignedto='admin') |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
93 userid = self.db.user.lookup('admin') |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
94 self.assertEquals(self.db.security.hasNodePermission('issue', |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
95 issueid, assignedto=userid), 1) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
96 self.assertEquals(self.db.security.hasNodePermission('issue', |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
97 issueid, nosy=userid), 0) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
98 self.db.issue.set(issueid, nosy=[userid]) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
99 self.assertEquals(self.db.security.hasNodePermission('issue', |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
100 issueid, nosy=userid), 1) |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
101 |
|
1873
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
102 def test_suite(): |
|
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
103 suite = unittest.TestSuite() |
|
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
104 suite.addTest(unittest.makeSuite(PermissionTest)) |
|
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
105 return suite |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
106 |
|
1873
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
107 if __name__ == '__main__': |
|
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
108 runner = unittest.TextTestRunner() |
|
f63aa57386b0
Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents:
1176
diff
changeset
|
109 unittest.main(testRunner=runner) |
|
902
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
110 |
|
b0d3d3535998
Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
111 # vim: set filetype=python ts=4 sw=4 et si |