Mercurial > p > roundup > code

annotate test/test_security.py @ 5267:64ae2108df60

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add section on allowing user access to the labelprop for a class so that iterating over the class will work. Ezio found this flaw in the docs while working with the python tracker. Mark one other section as Required. Shorten another section heading.
author John Rouillard <rouilj@ieee.org>
date Sat, 16 Sep 2017 11:29:46 -0400
parents 16a8a3f0772c
children c94fd717e28c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4 # of this software and associated documentation files (the "Software"), to deal
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # in the Software without restriction, including without limitation the rights
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # copies of the Software, and to permit persons to whom the Software is
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # furnished to do so, subject to the following conditions:
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # The above copyright notice and this permission notice shall be included in
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 # all copies or substantial portions of the Software.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 #
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 # SOFTWARE.
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21 import os, unittest, shutil
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
23 from roundup import backends
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
24 import roundup.password
1873
f63aa57386b0 Backend improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 1176
diff changeset
25 from db_test_base import setupSchema, MyTestCase, config
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
5033
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
27
63c79c0992ae Update tests to work with py.test
John Kristensen <john@jerrykan.com>
parents: 4570
diff changeset
28 class PermissionTest(MyTestCase, unittest.TestCase):
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29 def setUp(self):
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
30 backend = backends.get_backend('anydbm')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 # remove previous test, ignore errors
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 if os.path.exists(config.DATABASE):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 shutil.rmtree(config.DATABASE)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 os.makedirs(config.DATABASE + '/files')
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
35 self.db = backend.Database(config, 'admin')
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
36 setupSchema(self.db, 1, backend)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 def testInterfaceSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 ' test that the CGI and mailgw have initialised security OK '
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40 # TODO: some asserts
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42 def testInitialiseSecurity(self):
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 ei = self.db.security.addPermission(name="Edit", klass="issue",
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 description="User is allowed to edit issues")
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 self.db.security.addPermissionToRole('User', ei)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
46 ai = self.db.security.addPermission(name="View", klass="issue",
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
47 description="User is allowed to access issues")
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48 self.db.security.addPermissionToRole('User', ai)
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49
3535
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
50 def testAdmin(self):
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
51 ei = self.db.security.addPermission(name="Edit", klass="issue",
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
52 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
53 self.db.security.addPermissionToRole('User', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
54 ei = self.db.security.addPermission(name="Edit", klass=None,
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
55 description="User is allowed to edit issues")
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
56 self.db.security.addPermissionToRole('Admin', ei)
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
57
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
58 u1 = self.db.user.create(username='one', roles='Admin')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
59 u2 = self.db.user.create(username='two', roles='User')
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
60
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
61 self.assert_(self.db.security.hasPermission('Edit', u1, None))
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
62 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
63
75dc225613cc fix security check for hasPermission(Permission, None)
Richard Jones <richard@users.sourceforge.net>
parents: 3119
diff changeset
64
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
65 def testGetPermission(self):
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
66 self.db.security.getPermission('Edit')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
67 self.db.security.getPermission('View')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
68 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
69 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
70 'fubar')
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
71
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
72 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
73 get = self.db.security.getPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
74
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
75 # class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
76 ei = add(name="Edit", klass="issue")
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
77 self.assertEquals(get('Edit', 'issue'), ei)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
78 ai = add(name="View", klass="issue")
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
79 self.assertEquals(get('View', 'issue'), ai)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
80
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
81 # property
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
82 epi1 = add(name="Edit", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
83 self.assertEquals(get('Edit', 'issue', properties=['title']), epi1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
84 epi2 = add(name="Edit", klass="issue", properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
85 props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
86 self.assertEquals(get('Edit', 'issue', properties=['title'], props_only=False), epi1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
87 self.assertEquals(get('Edit', 'issue', properties=['title'], props_only=True), epi2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
88 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
89 self.assertEquals(get('Edit', 'issue', properties=['title']), epi2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
90 api1 = add(name="View", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
91 self.assertEquals(get('View', 'issue', properties=['title']), api1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
92 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
93 api2 = add(name="View", klass="issue", properties=['title'])
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
94 self.assertEquals(get('View', 'issue', properties=['title']), api2)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
95 self.assertNotEquals(get('View', 'issue', properties=['title']), api1)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
96
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
97 # check function
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
98 dummy = lambda: 0
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
99 eci = add(name="Edit", klass="issue", check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
100 self.assertEquals(get('Edit', 'issue', check=dummy), eci)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
101 # props_only only makes sense if you are setting props.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
102 # make it a no-op unless properties is set.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
103 self.assertEquals(get('Edit', 'issue', check=dummy,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
104 props_only=True), eci)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
105 aci = add(name="View", klass="issue", check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
106 self.assertEquals(get('View', 'issue', check=dummy), aci)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
107
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
108 # all
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
109 epci = add(name="Edit", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
110 check=dummy)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
111
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
112 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
113 # implicit props_only=False
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
114 self.assertEquals(get('Edit', 'issue', properties=['title'],
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
115 check=dummy), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
116 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
117 self.assertEquals(get('Edit', 'issue', properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
118 check=dummy, props_only=False), epci)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
119
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
120 # implicit props_only=True
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
121 self.db.security.set_props_only_default(True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
122 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
123 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
124 check=dummy)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
125 # explicit props_only=False
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
126 self.assertRaises(ValueError, get, 'Edit', 'issue',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
127 properties=['title'],
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
128 check=dummy, props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
129
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
130 apci = add(name="View", klass="issue", properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
131 check=dummy)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
132 self.assertEquals(get('View', 'issue', properties=['title'],
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
133 check=dummy), apci)
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
134
5200
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
135 # Reset to default. Somehow this setting looks like it
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
136 # was bleeding through to other tests in test_xmlrpc.
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
137 # Is the security module being loaded only once for all tests??
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
138 self.db.security.set_props_only_default(False)
16a8a3f0772c Reset state of:
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
139
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
140 def testDBinit(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
141 self.db.user.create(username="demo", roles='User')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
142 self.db.user.create(username="anonymous", roles='Anonymous')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
143
905
502a5ae11cc5 Very close now. The cgi and mailgw now use the new security API.
Richard Jones <richard@users.sourceforge.net>
parents: 902
diff changeset
144 def testAccessControls(self):
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
145 add = self.db.security.addPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
146 has = self.db.security.hasPermission
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
147 addRole = self.db.security.addRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
148 addToRole = self.db.security.addPermissionToRole
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
149
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
150 none = self.db.user.create(username='none', roles='None')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
151
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
152 # test admin access
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
153 addRole(name='Super')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
154 addToRole('Super', add(name="Test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
155 super = self.db.user.create(username='super', roles='Super')
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
156
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
157 # test class-level access
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
158 addRole(name='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
159 addToRole('Role1', add(name="Test", klass="test"))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
160 user1 = self.db.user.create(username='user1', roles='Role1')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
161 self.assertEquals(has('Test', user1, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
162 self.assertEquals(has('Test', super, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
163 self.assertEquals(has('Test', none, 'test'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
164
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
165 # property
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
166 addRole(name='Role2')
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
167 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
168 user2 = self.db.user.create(username='user2', roles='Role2')
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
169
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
170 # check function
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
171 check_old_style = lambda db, userid, itemid: itemid == '2'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
172 #def check_old_style(db, userid, itemid):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
173 # print "checking userid, itemid: %r"%((userid,itemid),)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
174 # return(itemid == '2')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
175
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
176 # setup to check function new style. Make sure that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
177 # other args are passed.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
178 def check(db,userid,itemid, **other):
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
179 prop = other['property']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
180 prop = other['classname']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
181 prop = other['permission']
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
182 return (itemid == '1')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
183
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
184 addRole(name='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
185 addToRole('Role3', add(name="Test", klass="test", check=check))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
186 user3 = self.db.user.create(username='user3', roles='Role3')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
187
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
188 addRole(name='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
189 addToRole('Role4', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
190 properties='a', props_only=True))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
191 user4 = self.db.user.create(username='user4', roles='Role4')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
192
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
193 self.db.security.set_props_only_default(props_only=True)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
194 addRole(name='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
195 addToRole('Role5', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
196 check=check_old_style, properties=['a']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
197 user5 = self.db.user.create(username='user5', roles='Role5')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
198
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
199 self.db.security.set_props_only_default(False)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
200 addRole(name='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
201 addToRole('Role6', add(name="Test", klass="test", check=check,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
202 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
203 user6 = self.db.user.create(username='user6', roles='Role6')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
204
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
205 addRole(name='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
206 addToRole('Role7', add(name="Test", klass="test",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
207 check=check_old_style,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
208 properties=['a', 'b']))
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
209 user7 = self.db.user.create(username='user7', roles='Role7')
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
210 print user7
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
211
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
212 # *any* access to class
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
213 self.assertEquals(has('Test', user1, 'test'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
214 self.assertEquals(has('Test', user2, 'test'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
215 self.assertEquals(has('Test', user3, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
216 # user4 and user5 should not return true as the permission
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
217 # is limited to property checks
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
218 self.assertEquals(has('Test', user4, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
219 self.assertEquals(has('Test', user5, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
220 # user6 will will return access
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
221 self.assertEquals(has('Test', user6, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
222 # will work because check is ignored, if check was
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
223 # used this would work but next test would fail
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
224 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
225 # returns true because class tests ignore the check command
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
226 # if there is no itemid no check command is run
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
227 self.assertEquals(has('Test', user7, 'test'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
228 self.assertEquals(has('Test', none, 'test'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
229
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
230
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
231 # *any* access to item
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
232 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
233 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
234 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
235 self.assertEquals(has('Test', user4, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
236 self.assertEquals(has('Test', user5, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
237 self.assertEquals(has('Test', user6, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
238 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
239 self.assertEquals(has('Test', user7, 'test', itemid='1'), 0)
3119
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
240 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
241 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
c26f2ba69c78 some bits I missed, and the next release will be beta ;)
Richard Jones <richard@users.sourceforge.net>
parents: 3117
diff changeset
242
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
243 # now property test: no default itemid so check functions not run.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
244 self.assertEquals(has('Test', user7, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
245 self.assertEquals(has('Test', user7, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
246 self.assertEquals(has('Test', user7, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
247
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
248 self.assertEquals(has('Test', user6, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
249 self.assertEquals(has('Test', user6, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
250 self.assertEquals(has('Test', user6, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
251
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
252 self.assertEquals(has('Test', user5, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
253 self.assertEquals(has('Test', user5, 'test', property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
254 self.assertEquals(has('Test', user5, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
255
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
256 self.assertEquals(has('Test', user4, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
257 self.assertEquals(has('Test', user4, 'test', property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
258 self.assertEquals(has('Test', user4, 'test', property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
259
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
260 self.assertEquals(has('Test', user3, 'test', property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
261 self.assertEquals(has('Test', user3, 'test', property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
262 self.assertEquals(has('Test', user3, 'test', property='c'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
263
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
264 self.assertEquals(has('Test', user2, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
265 self.assertEquals(has('Test', user2, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
266 self.assertEquals(has('Test', user2, 'test', property='c'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
267 self.assertEquals(has('Test', user1, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
268 self.assertEquals(has('Test', user1, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
269 self.assertEquals(has('Test', user1, 'test', property='c'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
270 self.assertEquals(has('Test', super, 'test', property='a'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
271 self.assertEquals(has('Test', super, 'test', property='b'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
272 self.assertEquals(has('Test', super, 'test', property='c'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
273 self.assertEquals(has('Test', none, 'test', property='a'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
274 self.assertEquals(has('Test', none, 'test', property='b'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
275 self.assertEquals(has('Test', none, 'test', property='c'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
276 self.assertEquals(has('Test', none, 'test'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
277
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
278 # now check function
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
279 self.assertEquals(has('Test', user7, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
280 self.assertEquals(has('Test', user7, 'test', itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
281 self.assertEquals(has('Test', user6, 'test', itemid='1'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
282 self.assertEquals(has('Test', user6, 'test', itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
283 # check functions will not run for user4/user5 since the
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
284 # only perms are for properties only.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
285 self.assertEquals(has('Test', user5, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
286 self.assertEquals(has('Test', user5, 'test', itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
287 self.assertEquals(has('Test', user4, 'test', itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
288 self.assertEquals(has('Test', user4, 'test', itemid='2'), 0)
3117
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
289 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
290 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
291 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
292 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
293 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
294 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
295 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
296 self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
297 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
460eb0209a9e Permissions improvements.
Richard Jones <richard@users.sourceforge.net>
parents: 2926
diff changeset
298 self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
902
b0d3d3535998 Bugger it. Here's the current shape of the new security implementation.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
299
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
300 # now mix property and check commands
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
301 # check is old style props_only = false
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
302 self.assertEquals(has('Test', user7, 'test', property="c",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
303 itemid='2'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
304 self.assertEquals(has('Test', user7, 'test', property="c",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
305 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
306
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
307 self.assertEquals(has('Test', user7, 'test', property="a",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
308 itemid='2'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
309 self.assertEquals(has('Test', user7, 'test', property="a",
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
310 itemid='1'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
311
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
312 # check is new style props_only = false
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
313 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
314 property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
315 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
316 property='c'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
317 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
318 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
319 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
320 property='b'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
321 self.assertEquals(has('Test', user6, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
322 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
323 self.assertEquals(has('Test', user6, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
324 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
325
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
326 # check is old style props_only = true
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
327 self.assertEquals(has('Test', user5, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
328 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
329 self.assertEquals(has('Test', user5, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
330 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
331 self.assertEquals(has('Test', user5, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
332 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
333 self.assertEquals(has('Test', user5, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
334 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
335
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
336 # check is new style props_only = true
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
337 self.assertEquals(has('Test', user4, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
338 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
339 self.assertEquals(has('Test', user4, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
340 property='b'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
341 self.assertEquals(has('Test', user4, 'test', itemid='2',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
342 property='a'), 0)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
343 self.assertEquals(has('Test', user4, 'test', itemid='1',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
344 property='a'), 1)
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5186
diff changeset
345
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
346 def testTransitiveSearchPermissions(self):
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
347 add = self.db.security.addPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
348 has = self.db.security.hasSearchPermission
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
349 addRole = self.db.security.addRole
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
350 addToRole = self.db.security.addPermissionToRole
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
351 addRole(name='User')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
352 addRole(name='Anonymous')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
353 addRole(name='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
354 addRole(name='Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
355 addRole(name='UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
356 user = self.db.user.create(username='user1', roles='User')
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
357 anon = self.db.user.create(username='anonymous', roles='Anonymous')
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
358 ui = self.db.user.create(username='user2', roles='Issue')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
359 uim = self.db.user.create(username='user3', roles='Issue,Msg')
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
360 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
361 iv = add(name="View", klass="issue")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
362 addToRole('User', iv)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
363 addToRole('Anonymous', iv)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
364 addToRole('Issue', iv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
365 ms = add(name="Search", klass="msg")
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
366 addToRole('User', ms)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
367 addToRole('Anonymous', ms)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
368 addToRole('Msg', ms)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
369 uv = add(name="View", klass="user")
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
370 addToRole('User', uv)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
371 addToRole('UV', uv)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
372 self.assertEquals(has(anon, 'issue', 'messages'), 1)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
373 self.assertEquals(has(anon, 'issue', 'messages.author'), 0)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
374 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
375 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0)
4438
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
376 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
377 self.assertEquals(has(user, 'issue', 'messages'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
378 self.assertEquals(has(user, 'issue', 'messages.author'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
379 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
380 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
381 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
222efa59ee6c search permissions must allow transitive properties
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 3535
diff changeset
382
4444
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
383 self.assertEquals(has(ui, 'issue', 'messages'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
384 self.assertEquals(has(ui, 'issue', 'messages.author'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
385 self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
386 self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
387 self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
388
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
389 self.assertEquals(has(uim, 'issue', 'messages'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
390 self.assertEquals(has(uim, 'issue', 'messages.author'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
391 self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
392 self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
393 self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
394
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
395 self.assertEquals(has(uimu, 'issue', 'messages'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
396 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
397 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
398 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
399 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1)
8137456a86f3 more fixes to search permissions:
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4438
diff changeset
400
4480
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
401 # roundup.password has its own built-in test, call it.
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
402 def test_password(self):
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
403 roundup.password.test()
1613754d2646 Fix first part of Password handling security issue2550688
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents: 4444
diff changeset
404
2926
79f91a6dbc7f use new backends interface; fix vim modeline
Alexander Smishlajev <a1s@users.sourceforge.net>
parents: 1873
diff changeset
405 # vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/