SecurityBase.py :  » Web-Frameworks » Zope » Zope-2.6.0 » lib » python » AccessControl » securitySuite » Python Open Source

Home
Python Open Source
1.3.1.2 Python
2.Ajax
3.Aspect Oriented
4.Blog
5.Build
6.Business Application
7.Chart Report
8.Content Management Systems
9.Cryptographic
10.Database
11.Development
12.Editor
13.Email
14.ERP
15.Game 2D 3D
16.GIS
17.GUI
18.IDE
19.Installer
20.IRC
21.Issue Tracker
22.Language Interface
23.Log
24.Math
25.Media Sound Audio
26.Mobile
27.Network
28.Parser
29.PDF
30.Project Management
31.RSS
32.Search
33.Security
34.Template Engines
35.Test
36.UML
37.USB Serial
38.Web Frameworks
39.Web Server
40.Web Services
41.Web Unit
42.Wiki
43.Windows
44.XML
Python Open Source » Web Frameworks » Zope 
Zope » Zope 2.6.0 » lib » python » AccessControl » securitySuite » SecurityBase.py
##############################################################################
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################


import sys, re, unittest, cStringIO
import ZPublisher, ResultObject
import OFS.Application
import AccessControl.SecurityManagement


# Set up a publishable, non-ZODB Zope application.
app = OFS.Application.Application()
def index_html():
    " "
    return "This is index_html."
app.index_html = index_html  # Will index_html ever go away? ;-)
class BoboApplication:
    # OFS.Application has a __bobo_traverse__ that ZPublisher thinks
    # it should use to find the "real" root of the application.
    # This class gets around that.
    def __bobo_traverse__(self, request, name=None):
        return app

# ZPublisher will look for these vars.
bobo_application = BoboApplication()
zpublisher_validated_hook=AccessControl.SecurityManagement.newSecurityManager
__bobo_before__=AccessControl.SecurityManagement.noSecurityManager


class SecurityBase(unittest.TestCase) :
    """ Base class for all security tests
    $Id: SecurityBase.py,v 1.7 2002/08/14 21:27:32 mj Exp $
    """

    status_regex = re.compile("Status: ([0-9]{1,4}) (.*)",re.I)\


    ################################################################
    # print the object hierachy
    ################################################################

    def _testHierarchy(self):
        """ print all test objects, permissions and roles """
        self._PrintTestEnvironment(root=self.root.test)


    def _PrintTestEnvironment(self,root):
        """ print recursive all objects """

        print '....'*len(root.getPhysicalPath()),root.getId()

        folderObjs = []

        for id,obj in root.objectItems():

            if obj.meta_type in ['Folder','TestFolder']:
                folderObjs.append(obj)

            else:
                print '    '*(1+len(root.getPhysicalPath())),obj.getId(),
                print getattr(obj,"__roles__",(None,))

        for folder in folderObjs:
            self._PrintTestEnvironment(folder)


    ################################################################
    # Check functions for permissions, roles and friends
    ################################################################

    def _checkPermission(self, user, hier, perm, expected):
        """ permission check on an objects for a given user.

           -- 'user' is a user object as returned from a user folder

           -- 'hier' is the path to the object in the notation 'f1.f2.f3.obj'

           -- 'perm' is a permission name

           -- 'expected' is either 0 or 1
        """

        s = "self.root.%s" % hier
        obj = eval(s)

        res = user.has_permission(perm,obj)

        if res != expected:
            raise AssertionError, \
                self._perm_debug (s,perm,res,expected)


    def _checkRoles(self,hier,expected_roles=()):
        """ check roles for a given object.

           -- 'hier' is the path to the object in the notation 'f1.f2.f3.obj'

           -- 'expected_roles' is a sequence of expected roles

        """

        s = "self.root.%s.__roles__" % hier
        roles = eval(s)

        same = 0
        if roles is None or expected_roles is None:
            if (roles is None or tuple(roles) == ('Anonymous',)) and (
                expected_roles is None or
                tuple(expected_roles) == ('Anonymous',)):
                same = 1
        else:
            got = {}
            for r in roles: got[r] = 1
            expected = {}
            for r in expected_roles: expected[r] = 1
            if got == expected:  # Dict compare does the Right Thing.
                same = 1
        if not same:
            raise AssertionError, self._roles_debug(hier,roles,expected_roles)

    def _checkRequest(self,*args,**kw):
        """ perform a ZPublisher request """


        expected_code = kw.get('expected',200)
        del kw['expected']
        res = apply(self._request,args,kw)

        if expected_code != res.code:
            raise AssertionError, \
               self._request_debug(res,expected_code,args,kw)


    ################################################################
    # Debugging helpers when raising AssertionError
    ################################################################

    def _perm_debug(self, obj , perm, res, expected):
        s+= 'Object: %s' % obj
        s+= ', Permission: %s' % perm
        s+= ', has permission: %s' % res
        s+= ', expected: %s' % expected

        return s


    def _roles_debug(self,hier,got_roles,expected_roles):

        s = 'Object: %s' % hier
        s+= ', has roles: %s' % `got_roles`
        s+= ', expected roles: %s' % `expected_roles`

        return s


    def _request_debug(self,res,expected,args,kw):

        s = 'Args: %s' % str(args)
        s+= ', KW: %s' % str(kw)
        s+= '\n%s\n' % res.__str__(with_output=0,expected=expected)

        return s


    def _request(self,*args,**kw):
        """ perform a Zope request """

        io =cStringIO.StringIO()
        kw['fp']=io
        # Publish this module.
        testargs = (__name__,) + args
        real_stdout = sys.stdout
        garbage_out = cStringIO.StringIO()
        sys.stdout = garbage_out  # Silence, ZPublisher!
        try:
            ZPublisher.test(*testargs,**kw)
        finally:
            sys.stdout = real_stdout
        outp = io.getvalue()
        mo = self.status_regex.search(outp)

        code,txt = mo.groups()

        res = ResultObject.ResultObject()
        res.request     = args
        res.user        = kw.get('u','')
        res.code        = int(code)
        res.return_text = txt
        res.output      = outp

        return res
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.