Mercurial > p > roundup > code

view test/test_security.py @ 3682:193f316dbbe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More transitive-property support. - Implemented transitive properties in sort and group specs. Sort/group specs can now be lists of specs. - All regression tests except for one metakit backend test related to metakit having no representation of NULL pass - Fixed more PEP 8 whitespace peeves (and probably introduced some new ones :-) - Moved Proptree from support.py to hyperdb.py due to circular import - Moved some proptree-specific methods from Class to Proptree - Added a test for sorting by ids -> should be numeric sort (which now really works for all backends) - Added "required" attribute to all property classes in hyperdb (e.g., String, Link,...), see Feature Requests [SF#539081] -> factored common stuff to _Type. Note that I also converted to a new-style class when I was at it. Bad: The repr changes for new-style classes which made some SQL backends break (!) because the repr of Multilink is used in the schema storage. Fixed the repr to be independent of the class type. - Added get_required_props to Class. Todo: should also automagically make the key property required... - Add a sort_repr method to property classes. This defines the sort-order. Individual backends may use diffent routines if the outcome is the same. This one has a special case for id properties to make the sorting numeric. Using these methods isn't mandatory in backends as long as the sort-order is correct. - Multilink sorting takes orderprop into account. It used to sort by ids. You can restore the old behaviour by specifying id as the orderprop of the Multilink if you really need that. - If somebody specified a Link or Multilink as orderprop, we sort by labelprop of that class -- not transitively by orderprop. I've resited the tempation to implement recursive orderprop here: There could even be loops if several classes specify a Link or Multilink as the orderprop... - Fixed a bug in Metakit-Backend: When sorting by Links, the backend would do a natural join to the Link class. It would rename the "id" attribute before joining but *not* all the other attributes of the joined class. So in one test-case we had a name-clash with priority.name and status.name when sorting *and* grouping by these attributes. Depending on the order of joining this would produce a name-clash with broken sort-results (and broken display if the original class has an attribute that clashes). I'm now doing the sorting of Links in the generic filter method for the metakit backend. I've left the dead code in the metakit-backend since correctly implementing this in the backend will probably be more efficient. - updated doc/design.html with the new docstring of filter.
author Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date Mon, 21 Aug 2006 12:19:48 +0000
parents 75dc225613cc
children 222efa59ee6c
line wrap: on
line source

# Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
#   The above copyright notice and this permission notice shall be included in
#   all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

# $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $

import os, unittest, shutil

from roundup import backends
from roundup.password import Password
from db_test_base import setupSchema, MyTestCase, config

class PermissionTest(MyTestCase):
    def setUp(self):
        backend = backends.get_backend('anydbm')
        # remove previous test, ignore errors
        if os.path.exists(config.DATABASE):
            shutil.rmtree(config.DATABASE)
        os.makedirs(config.DATABASE + '/files')
        self.db = backend.Database(config, 'admin')
        setupSchema(self.db, 1, backend)

    def testInterfaceSecurity(self):
        ' test that the CGI and mailgw have initialised security OK '
        # TODO: some asserts

    def testInitialiseSecurity(self):
        ei = self.db.security.addPermission(name="Edit", klass="issue",
                        description="User is allowed to edit issues")
        self.db.security.addPermissionToRole('User', ei)
        ai = self.db.security.addPermission(name="View", klass="issue",
                        description="User is allowed to access issues")
        self.db.security.addPermissionToRole('User', ai)

    def testAdmin(self):
        ei = self.db.security.addPermission(name="Edit", klass="issue",
                        description="User is allowed to edit issues")
        self.db.security.addPermissionToRole('User', ei)
        ei = self.db.security.addPermission(name="Edit", klass=None,
                        description="User is allowed to edit issues")
        self.db.security.addPermissionToRole('Admin', ei)

        u1 = self.db.user.create(username='one', roles='Admin')
        u2 = self.db.user.create(username='two', roles='User')

        self.assert_(self.db.security.hasPermission('Edit', u1, None))
        self.assert_(not self.db.security.hasPermission('Edit', u2, None))


    def testGetPermission(self):
        self.db.security.getPermission('Edit')
        self.db.security.getPermission('View')
        self.assertRaises(ValueError, self.db.security.getPermission, 'x')
        self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
            'fubar')

        add = self.db.security.addPermission
        get = self.db.security.getPermission

        # class
        ei = add(name="Edit", klass="issue")
        self.assertEquals(get('Edit', 'issue'), ei)
        ai = add(name="View", klass="issue")
        self.assertEquals(get('View', 'issue'), ai)

        # property
        epi = add(name="Edit", klass="issue", properties=['title'])
        self.assertEquals(get('Edit', 'issue', properties=['title']), epi)
        api = add(name="View", klass="issue", properties=['title'])
        self.assertEquals(get('View', 'issue', properties=['title']), api)
        
        # check function
        dummy = lambda: 0
        eci = add(name="Edit", klass="issue", check=dummy)
        self.assertEquals(get('Edit', 'issue', check=dummy), eci)
        aci = add(name="View", klass="issue", check=dummy)
        self.assertEquals(get('View', 'issue', check=dummy), aci)

        # all
        epci = add(name="Edit", klass="issue", properties=['title'],
            check=dummy)
        self.assertEquals(get('Edit', 'issue', properties=['title'],
            check=dummy), epci)
        apci = add(name="View", klass="issue", properties=['title'],
            check=dummy)
        self.assertEquals(get('View', 'issue', properties=['title'],
            check=dummy), apci)

    def testDBinit(self):
        self.db.user.create(username="demo", roles='User')
        self.db.user.create(username="anonymous", roles='Anonymous')

    def testAccessControls(self):
        add = self.db.security.addPermission
        has = self.db.security.hasPermission
        addRole = self.db.security.addRole
        addToRole = self.db.security.addPermissionToRole

        none = self.db.user.create(username='none', roles='None')

        # test admin access
        addRole(name='Super')
        addToRole('Super', add(name="Test"))
        super = self.db.user.create(username='super', roles='Super')

        # test class-level access
        addRole(name='Role1')
        addToRole('Role1', add(name="Test", klass="test"))
        user1 = self.db.user.create(username='user1', roles='Role1')
        self.assertEquals(has('Test', user1, 'test'), 1)
        self.assertEquals(has('Test', super, 'test'), 1)
        self.assertEquals(has('Test', none, 'test'), 0)

        # property
        addRole(name='Role2')
        addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
        user2 = self.db.user.create(username='user2', roles='Role2')
        # *any* access to class
        self.assertEquals(has('Test', user1, 'test'), 1)
        self.assertEquals(has('Test', user2, 'test'), 1)

        # *any* access to item
        self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', none, 'test', itemid='1'), 0)

        # now property test
        self.assertEquals(has('Test', user2, 'test', property='a'), 1)
        self.assertEquals(has('Test', user2, 'test', property='b'), 1)
        self.assertEquals(has('Test', user2, 'test', property='c'), 0)
        self.assertEquals(has('Test', user1, 'test', property='a'), 1)
        self.assertEquals(has('Test', user1, 'test', property='b'), 1)
        self.assertEquals(has('Test', user1, 'test', property='c'), 1)
        self.assertEquals(has('Test', super, 'test', property='a'), 1)
        self.assertEquals(has('Test', super, 'test', property='b'), 1)
        self.assertEquals(has('Test', super, 'test', property='c'), 1)
        self.assertEquals(has('Test', none, 'test', property='a'), 0)
        self.assertEquals(has('Test', none, 'test', property='b'), 0)
        self.assertEquals(has('Test', none, 'test', property='c'), 0)
        self.assertEquals(has('Test', none, 'test'), 0)

        # check function
        check = lambda db, userid, itemid: itemid == '1'
        addRole(name='Role3')
        addToRole('Role3', add(name="Test", klass="test", check=check))
        user3 = self.db.user.create(username='user3', roles='Role3')
        # *any* access to class
        self.assertEquals(has('Test', user1, 'test'), 1)
        self.assertEquals(has('Test', user2, 'test'), 1)
        self.assertEquals(has('Test', user3, 'test'), 1)
        self.assertEquals(has('Test', none, 'test'), 0)
        # now check function
        self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
        self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
        self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
        self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
        self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
        self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
        self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
        self.assertEquals(has('Test', none, 'test', itemid='2'), 0)

def test_suite():
    suite = unittest.TestSuite()
    suite.addTest(unittest.makeSuite(PermissionTest))
    return suite

if __name__ == '__main__':
    runner = unittest.TextTestRunner()
    unittest.main(testRunner=runner)

# vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/