Mercurial > p > roundup > code
comparison test/test_security.py @ 3120:ac1803a09920 maint-0.8
far more merging from HEAD than is good
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Fri, 28 Jan 2005 04:10:22 +0000 |
| parents | 79f91a6dbc7f |
| children |
comparison
equal
deleted
inserted
replaced
| 3116:ed309360be21 | 3120:ac1803a09920 |
|---|---|
| 16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | 16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | 17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| 19 # SOFTWARE. | 19 # SOFTWARE. |
| 20 | 20 |
| 21 # $Id: test_security.py,v 1.7 2004-11-18 15:54:09 a1s Exp $ | 21 # $Id: test_security.py,v 1.7.2.1 2005-01-28 04:10:22 richard Exp $ |
| 22 | 22 |
| 23 import os, unittest, shutil | 23 import os, unittest, shutil |
| 24 | 24 |
| 25 from roundup import backends | 25 from roundup import backends |
| 26 from roundup.password import Password | 26 from roundup.password import Password |
| 57 self.db.security.getPermission('Edit') | 57 self.db.security.getPermission('Edit') |
| 58 self.db.security.getPermission('View') | 58 self.db.security.getPermission('View') |
| 59 self.assertRaises(ValueError, self.db.security.getPermission, 'x') | 59 self.assertRaises(ValueError, self.db.security.getPermission, 'x') |
| 60 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit', | 60 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit', |
| 61 'fubar') | 61 'fubar') |
| 62 ei = self.db.security.addPermission(name="Edit", klass="issue", | 62 |
| 63 description="User is allowed to edit issues") | 63 add = self.db.security.addPermission |
| 64 self.db.security.getPermission('Edit', 'issue') | 64 get = self.db.security.getPermission |
| 65 ai = self.db.security.addPermission(name="View", klass="issue", | 65 |
| 66 description="User is allowed to access issues") | 66 # class |
| 67 self.db.security.getPermission('View', 'issue') | 67 ei = add(name="Edit", klass="issue") |
| 68 self.assertEquals(get('Edit', 'issue'), ei) | |
| 69 ai = add(name="View", klass="issue") | |
| 70 self.assertEquals(get('View', 'issue'), ai) | |
| 71 | |
| 72 # property | |
| 73 epi = add(name="Edit", klass="issue", properties=['title']) | |
| 74 self.assertEquals(get('Edit', 'issue', properties=['title']), epi) | |
| 75 api = add(name="View", klass="issue", properties=['title']) | |
| 76 self.assertEquals(get('View', 'issue', properties=['title']), api) | |
| 77 | |
| 78 # check function | |
| 79 dummy = lambda: 0 | |
| 80 eci = add(name="Edit", klass="issue", check=dummy) | |
| 81 self.assertEquals(get('Edit', 'issue', check=dummy), eci) | |
| 82 aci = add(name="View", klass="issue", check=dummy) | |
| 83 self.assertEquals(get('View', 'issue', check=dummy), aci) | |
| 84 | |
| 85 # all | |
| 86 epci = add(name="Edit", klass="issue", properties=['title'], | |
| 87 check=dummy) | |
| 88 self.assertEquals(get('Edit', 'issue', properties=['title'], | |
| 89 check=dummy), epci) | |
| 90 apci = add(name="View", klass="issue", properties=['title'], | |
| 91 check=dummy) | |
| 92 self.assertEquals(get('View', 'issue', properties=['title'], | |
| 93 check=dummy), apci) | |
| 68 | 94 |
| 69 def testDBinit(self): | 95 def testDBinit(self): |
| 70 self.db.user.create(username="anonymous", roles='User') | 96 self.db.user.create(username="demo", roles='User') |
| 97 self.db.user.create(username="anonymous", roles='Anonymous') | |
| 71 | 98 |
| 72 def testAccessControls(self): | 99 def testAccessControls(self): |
| 73 self.testDBinit() | 100 add = self.db.security.addPermission |
| 74 ei = self.db.security.addPermission(name="Edit", klass="issue", | 101 has = self.db.security.hasPermission |
| 75 description="User is allowed to edit issues") | 102 addRole = self.db.security.addRole |
| 76 self.db.security.addPermissionToRole('User', ei) | 103 addToRole = self.db.security.addPermissionToRole |
| 104 | |
| 105 none = self.db.user.create(username='none', roles='None') | |
| 106 | |
| 107 # test admin access | |
| 108 addRole(name='Super') | |
| 109 addToRole('Super', add(name="Test")) | |
| 110 super = self.db.user.create(username='super', roles='Super') | |
| 77 | 111 |
| 78 # test class-level access | 112 # test class-level access |
| 79 userid = self.db.user.lookup('admin') | 113 addRole(name='Role1') |
| 80 self.assertEquals(self.db.security.hasPermission('Edit', userid, | 114 addToRole('Role1', add(name="Test", klass="test")) |
| 81 'issue'), 1) | 115 user1 = self.db.user.create(username='user1', roles='Role1') |
| 82 self.assertEquals(self.db.security.hasPermission('Edit', userid, | 116 self.assertEquals(has('Test', user1, 'test'), 1) |
| 83 'user'), 1) | 117 self.assertEquals(has('Test', super, 'test'), 1) |
| 84 userid = self.db.user.lookup('anonymous') | 118 self.assertEquals(has('Test', none, 'test'), 0) |
| 85 self.assertEquals(self.db.security.hasPermission('Edit', userid, | |
| 86 'issue'), 1) | |
| 87 self.assertEquals(self.db.security.hasPermission('Edit', userid, | |
| 88 'user'), 0) | |
| 89 self.assertEquals(self.db.security.hasPermission('View', userid, | |
| 90 'issue'), 0) | |
| 91 | 119 |
| 92 # test node-level access | 120 # property |
| 93 issueid = self.db.issue.create(title='foo', assignedto='admin') | 121 addRole(name='Role2') |
| 94 userid = self.db.user.lookup('admin') | 122 addToRole('Role2', add(name="Test", klass="test", properties=['a','b'])) |
| 95 self.assertEquals(self.db.security.hasNodePermission('issue', | 123 user2 = self.db.user.create(username='user2', roles='Role2') |
| 96 issueid, assignedto=userid), 1) | 124 # *any* access to class |
| 97 self.assertEquals(self.db.security.hasNodePermission('issue', | 125 self.assertEquals(has('Test', user1, 'test'), 1) |
| 98 issueid, nosy=userid), 0) | 126 self.assertEquals(has('Test', user2, 'test'), 1) |
| 99 self.db.issue.set(issueid, nosy=[userid]) | 127 |
| 100 self.assertEquals(self.db.security.hasNodePermission('issue', | 128 # *any* access to item |
| 101 issueid, nosy=userid), 1) | 129 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1) |
| 130 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1) | |
| 131 self.assertEquals(has('Test', super, 'test', itemid='1'), 1) | |
| 132 self.assertEquals(has('Test', none, 'test', itemid='1'), 0) | |
| 133 | |
| 134 # now property test | |
| 135 self.assertEquals(has('Test', user2, 'test', property='a'), 1) | |
| 136 self.assertEquals(has('Test', user2, 'test', property='b'), 1) | |
| 137 self.assertEquals(has('Test', user2, 'test', property='c'), 0) | |
| 138 self.assertEquals(has('Test', user1, 'test', property='a'), 1) | |
| 139 self.assertEquals(has('Test', user1, 'test', property='b'), 1) | |
| 140 self.assertEquals(has('Test', user1, 'test', property='c'), 1) | |
| 141 self.assertEquals(has('Test', super, 'test', property='a'), 1) | |
| 142 self.assertEquals(has('Test', super, 'test', property='b'), 1) | |
| 143 self.assertEquals(has('Test', super, 'test', property='c'), 1) | |
| 144 self.assertEquals(has('Test', none, 'test', property='a'), 0) | |
| 145 self.assertEquals(has('Test', none, 'test', property='b'), 0) | |
| 146 self.assertEquals(has('Test', none, 'test', property='c'), 0) | |
| 147 self.assertEquals(has('Test', none, 'test'), 0) | |
| 148 | |
| 149 # check function | |
| 150 check = lambda db, userid, itemid: itemid == '1' | |
| 151 addRole(name='Role3') | |
| 152 addToRole('Role3', add(name="Test", klass="test", check=check)) | |
| 153 user3 = self.db.user.create(username='user3', roles='Role3') | |
| 154 # *any* access to class | |
| 155 self.assertEquals(has('Test', user1, 'test'), 1) | |
| 156 self.assertEquals(has('Test', user2, 'test'), 1) | |
| 157 self.assertEquals(has('Test', user3, 'test'), 1) | |
| 158 self.assertEquals(has('Test', none, 'test'), 0) | |
| 159 # now check function | |
| 160 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1) | |
| 161 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0) | |
| 162 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1) | |
| 163 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1) | |
| 164 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1) | |
| 165 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1) | |
| 166 self.assertEquals(has('Test', super, 'test', itemid='1'), 1) | |
| 167 self.assertEquals(has('Test', super, 'test', itemid='2'), 1) | |
| 168 self.assertEquals(has('Test', none, 'test', itemid='1'), 0) | |
| 169 self.assertEquals(has('Test', none, 'test', itemid='2'), 0) | |
| 102 | 170 |
| 103 def test_suite(): | 171 def test_suite(): |
| 104 suite = unittest.TestSuite() | 172 suite = unittest.TestSuite() |
| 105 suite.addTest(unittest.makeSuite(PermissionTest)) | 173 suite.addTest(unittest.makeSuite(PermissionTest)) |
| 106 return suite | 174 return suite |