Mercurial > p > roundup > code

comparison test/test_security.py @ 3535:75dc225613cc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix security check for hasPermission(Permission, None) add hasRole to HTMLUser
author Richard Jones <richard@users.sourceforge.net>
date Fri, 03 Feb 2006 04:04:37 +0000
parents c26f2ba69c78
children 222efa59ee6c
comparison
equal deleted inserted replaced
3534:ad9f06e32f7c 3535:75dc225613cc
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 # SOFTWARE. 19 # SOFTWARE.
20 20
21 # $Id: test_security.py,v 1.9 2005-01-28 04:07:58 richard Exp $ 21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $
22 22
23 import os, unittest, shutil 23 import os, unittest, shutil
24 24
25 from roundup import backends 25 from roundup import backends
26 from roundup.password import Password 26 from roundup.password import Password
39 def testInterfaceSecurity(self): 39 def testInterfaceSecurity(self):
40 ' test that the CGI and mailgw have initialised security OK ' 40 ' test that the CGI and mailgw have initialised security OK '
41 # TODO: some asserts 41 # TODO: some asserts
42 42
43 def testInitialiseSecurity(self): 43 def testInitialiseSecurity(self):
44 ''' Create some Permissions and Roles on the security object
45
46 This function is directly invoked by security.Security.__init__()
47 as a part of the Security object instantiation.
48 '''
49 ei = self.db.security.addPermission(name="Edit", klass="issue", 44 ei = self.db.security.addPermission(name="Edit", klass="issue",
50 description="User is allowed to edit issues") 45 description="User is allowed to edit issues")
51 self.db.security.addPermissionToRole('User', ei) 46 self.db.security.addPermissionToRole('User', ei)
52 ai = self.db.security.addPermission(name="View", klass="issue", 47 ai = self.db.security.addPermission(name="View", klass="issue",
53 description="User is allowed to access issues") 48 description="User is allowed to access issues")
54 self.db.security.addPermissionToRole('User', ai) 49 self.db.security.addPermissionToRole('User', ai)
50
51 def testAdmin(self):
52 ei = self.db.security.addPermission(name="Edit", klass="issue",
53 description="User is allowed to edit issues")
54 self.db.security.addPermissionToRole('User', ei)
55 ei = self.db.security.addPermission(name="Edit", klass=None,
56 description="User is allowed to edit issues")
57 self.db.security.addPermissionToRole('Admin', ei)
58
59 u1 = self.db.user.create(username='one', roles='Admin')
60 u2 = self.db.user.create(username='two', roles='User')
61
62 self.assert_(self.db.security.hasPermission('Edit', u1, None))
63 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
64
55 65
56 def testGetPermission(self): 66 def testGetPermission(self):
57 self.db.security.getPermission('Edit') 67 self.db.security.getPermission('Edit')
58 self.db.security.getPermission('View') 68 self.db.security.getPermission('View')
59 self.assertRaises(ValueError, self.db.security.getPermission, 'x') 69 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
Roundup Issue Tracker: http://roundup-tracker.org/