1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
2 #
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
4 # of this software and associated documentation files (the "Software"), to deal
5 # in the Software without restriction, including without limitation the rights
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 # copies of the Software, and to permit persons to whom the Software is
8 # furnished to do so, subject to the following conditions:
9 #
10 # The above copyright notice and this permission notice shall be included in
11 # all copies or substantial portions of the Software.
12 #
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 # SOFTWARE.
21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $
23 import os, unittest, shutil
25 from roundup import backends
26 import roundup.password
27 from db_test_base import setupSchema, MyTestCase, config
29 class PermissionTest(MyTestCase):
30 def setUp(self):
31 backend = backends.get_backend('anydbm')
32 # remove previous test, ignore errors
33 if os.path.exists(config.DATABASE):
34 shutil.rmtree(config.DATABASE)
35 os.makedirs(config.DATABASE + '/files')
36 self.db = backend.Database(config, 'admin')
37 setupSchema(self.db, 1, backend)
39 def testInterfaceSecurity(self):
40 ' test that the CGI and mailgw have initialised security OK '
41 # TODO: some asserts
43 def testInitialiseSecurity(self):
44 ei = self.db.security.addPermission(name="Edit", klass="issue",
45 description="User is allowed to edit issues")
46 self.db.security.addPermissionToRole('User', ei)
47 ai = self.db.security.addPermission(name="View", klass="issue",
48 description="User is allowed to access issues")
49 self.db.security.addPermissionToRole('User', ai)
51 def testAdmin(self):
52 ei = self.db.security.addPermission(name="Edit", klass="issue",
53 description="User is allowed to edit issues")
54 self.db.security.addPermissionToRole('User', ei)
55 ei = self.db.security.addPermission(name="Edit", klass=None,
56 description="User is allowed to edit issues")
57 self.db.security.addPermissionToRole('Admin', ei)
59 u1 = self.db.user.create(username='one', roles='Admin')
60 u2 = self.db.user.create(username='two', roles='User')
62 self.assert_(self.db.security.hasPermission('Edit', u1, None))
63 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
66 def testGetPermission(self):
67 self.db.security.getPermission('Edit')
68 self.db.security.getPermission('View')
69 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
70 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
71 'fubar')
73 add = self.db.security.addPermission
74 get = self.db.security.getPermission
76 # class
77 ei = add(name="Edit", klass="issue")
78 self.assertEquals(get('Edit', 'issue'), ei)
79 ai = add(name="View", klass="issue")
80 self.assertEquals(get('View', 'issue'), ai)
82 # property
83 epi = add(name="Edit", klass="issue", properties=['title'])
84 self.assertEquals(get('Edit', 'issue', properties=['title']), epi)
85 api = add(name="View", klass="issue", properties=['title'])
86 self.assertEquals(get('View', 'issue', properties=['title']), api)
88 # check function
89 dummy = lambda: 0
90 eci = add(name="Edit", klass="issue", check=dummy)
91 self.assertEquals(get('Edit', 'issue', check=dummy), eci)
92 aci = add(name="View", klass="issue", check=dummy)
93 self.assertEquals(get('View', 'issue', check=dummy), aci)
95 # all
96 epci = add(name="Edit", klass="issue", properties=['title'],
97 check=dummy)
98 self.assertEquals(get('Edit', 'issue', properties=['title'],
99 check=dummy), epci)
100 apci = add(name="View", klass="issue", properties=['title'],
101 check=dummy)
102 self.assertEquals(get('View', 'issue', properties=['title'],
103 check=dummy), apci)
105 def testDBinit(self):
106 self.db.user.create(username="demo", roles='User')
107 self.db.user.create(username="anonymous", roles='Anonymous')
109 def testAccessControls(self):
110 add = self.db.security.addPermission
111 has = self.db.security.hasPermission
112 addRole = self.db.security.addRole
113 addToRole = self.db.security.addPermissionToRole
115 none = self.db.user.create(username='none', roles='None')
117 # test admin access
118 addRole(name='Super')
119 addToRole('Super', add(name="Test"))
120 super = self.db.user.create(username='super', roles='Super')
122 # test class-level access
123 addRole(name='Role1')
124 addToRole('Role1', add(name="Test", klass="test"))
125 user1 = self.db.user.create(username='user1', roles='Role1')
126 self.assertEquals(has('Test', user1, 'test'), 1)
127 self.assertEquals(has('Test', super, 'test'), 1)
128 self.assertEquals(has('Test', none, 'test'), 0)
130 # property
131 addRole(name='Role2')
132 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
133 user2 = self.db.user.create(username='user2', roles='Role2')
134 # *any* access to class
135 self.assertEquals(has('Test', user1, 'test'), 1)
136 self.assertEquals(has('Test', user2, 'test'), 1)
138 # *any* access to item
139 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
140 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
141 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
142 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
144 # now property test
145 self.assertEquals(has('Test', user2, 'test', property='a'), 1)
146 self.assertEquals(has('Test', user2, 'test', property='b'), 1)
147 self.assertEquals(has('Test', user2, 'test', property='c'), 0)
148 self.assertEquals(has('Test', user1, 'test', property='a'), 1)
149 self.assertEquals(has('Test', user1, 'test', property='b'), 1)
150 self.assertEquals(has('Test', user1, 'test', property='c'), 1)
151 self.assertEquals(has('Test', super, 'test', property='a'), 1)
152 self.assertEquals(has('Test', super, 'test', property='b'), 1)
153 self.assertEquals(has('Test', super, 'test', property='c'), 1)
154 self.assertEquals(has('Test', none, 'test', property='a'), 0)
155 self.assertEquals(has('Test', none, 'test', property='b'), 0)
156 self.assertEquals(has('Test', none, 'test', property='c'), 0)
157 self.assertEquals(has('Test', none, 'test'), 0)
159 # check function
160 check = lambda db, userid, itemid: itemid == '1'
161 addRole(name='Role3')
162 addToRole('Role3', add(name="Test", klass="test", check=check))
163 user3 = self.db.user.create(username='user3', roles='Role3')
164 # *any* access to class
165 self.assertEquals(has('Test', user1, 'test'), 1)
166 self.assertEquals(has('Test', user2, 'test'), 1)
167 self.assertEquals(has('Test', user3, 'test'), 1)
168 self.assertEquals(has('Test', none, 'test'), 0)
169 # now check function
170 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
171 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
172 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
173 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
174 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
175 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
176 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
177 self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
178 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
179 self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
181 def testTransitiveSearchPermissions(self):
182 add = self.db.security.addPermission
183 has = self.db.security.hasSearchPermission
184 addRole = self.db.security.addRole
185 addToRole = self.db.security.addPermissionToRole
186 addRole(name='User')
187 addRole(name='Anonymous')
188 addRole(name='Issue')
189 addRole(name='Msg')
190 addRole(name='UV')
191 user = self.db.user.create(username='user1', roles='User')
192 anon = self.db.user.create(username='anonymous', roles='Anonymous')
193 ui = self.db.user.create(username='user2', roles='Issue')
194 uim = self.db.user.create(username='user3', roles='Issue,Msg')
195 uimu = self.db.user.create(username='user4', roles='Issue,Msg,UV')
196 iv = add(name="View", klass="issue")
197 addToRole('User', iv)
198 addToRole('Anonymous', iv)
199 addToRole('Issue', iv)
200 ms = add(name="Search", klass="msg")
201 addToRole('User', ms)
202 addToRole('Anonymous', ms)
203 addToRole('Msg', ms)
204 uv = add(name="View", klass="user")
205 addToRole('User', uv)
206 addToRole('UV', uv)
207 self.assertEquals(has(anon, 'issue', 'messages'), 1)
208 self.assertEquals(has(anon, 'issue', 'messages.author'), 0)
209 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
210 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 0)
211 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
212 self.assertEquals(has(user, 'issue', 'messages'), 1)
213 self.assertEquals(has(user, 'issue', 'messages.author'), 1)
214 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1)
215 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
216 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
218 self.assertEquals(has(ui, 'issue', 'messages'), 0)
219 self.assertEquals(has(ui, 'issue', 'messages.author'), 0)
220 self.assertEquals(has(ui, 'issue', 'messages.author.username'), 0)
221 self.assertEquals(has(ui, 'issue', 'messages.recipients'), 0)
222 self.assertEquals(has(ui, 'issue', 'messages.recipients.username'), 0)
224 self.assertEquals(has(uim, 'issue', 'messages'), 1)
225 self.assertEquals(has(uim, 'issue', 'messages.author'), 0)
226 self.assertEquals(has(uim, 'issue', 'messages.author.username'), 0)
227 self.assertEquals(has(uim, 'issue', 'messages.recipients'), 0)
228 self.assertEquals(has(uim, 'issue', 'messages.recipients.username'), 0)
230 self.assertEquals(has(uimu, 'issue', 'messages'), 1)
231 self.assertEquals(has(uimu, 'issue', 'messages.author'), 1)
232 self.assertEquals(has(uimu, 'issue', 'messages.author.username'), 1)
233 self.assertEquals(has(uimu, 'issue', 'messages.recipients'), 1)
234 self.assertEquals(has(uimu, 'issue', 'messages.recipients.username'), 1)
236 # roundup.password has its own built-in test, call it.
237 def test_password(self):
238 roundup.password.test()
240 def test_suite():
241 suite = unittest.TestSuite()
242 suite.addTest(unittest.makeSuite(PermissionTest))
243 return suite
245 if __name__ == '__main__':
246 runner = unittest.TextTestRunner()
247 unittest.main(testRunner=runner)
249 # vim: set filetype=python sts=4 sw=4 et si :