![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
2 #
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
4 # of this software and associated documentation files (the "Software"), to deal
5 # in the Software without restriction, including without limitation the rights
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 # copies of the Software, and to permit persons to whom the Software is
8 # furnished to do so, subject to the following conditions:
9 #
10 # The above copyright notice and this permission notice shall be included in
11 # all copies or substantial portions of the Software.
12 #
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 # SOFTWARE.
21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $
23 import os, unittest, shutil
25 from roundup import backends
26 from roundup.password import Password
27 from db_test_base import setupSchema, MyTestCase, config
29 class PermissionTest(MyTestCase):
30 def setUp(self):
31 backend = backends.get_backend('anydbm')
32 # remove previous test, ignore errors
33 if os.path.exists(config.DATABASE):
34 shutil.rmtree(config.DATABASE)
35 os.makedirs(config.DATABASE + '/files')
36 self.db = backend.Database(config, 'admin')
37 setupSchema(self.db, 1, backend)
39 def testInterfaceSecurity(self):
40 ' test that the CGI and mailgw have initialised security OK '
41 # TODO: some asserts
43 def testInitialiseSecurity(self):
44 ei = self.db.security.addPermission(name="Edit", klass="issue",
45 description="User is allowed to edit issues")
46 self.db.security.addPermissionToRole('User', ei)
47 ai = self.db.security.addPermission(name="View", klass="issue",
48 description="User is allowed to access issues")
49 self.db.security.addPermissionToRole('User', ai)
51 def testAdmin(self):
52 ei = self.db.security.addPermission(name="Edit", klass="issue",
53 description="User is allowed to edit issues")
54 self.db.security.addPermissionToRole('User', ei)
55 ei = self.db.security.addPermission(name="Edit", klass=None,
56 description="User is allowed to edit issues")
57 self.db.security.addPermissionToRole('Admin', ei)
59 u1 = self.db.user.create(username='one', roles='Admin')
60 u2 = self.db.user.create(username='two', roles='User')
62 self.assert_(self.db.security.hasPermission('Edit', u1, None))
63 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
66 def testGetPermission(self):
67 self.db.security.getPermission('Edit')
68 self.db.security.getPermission('View')
69 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
70 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
71 'fubar')
73 add = self.db.security.addPermission
74 get = self.db.security.getPermission
76 # class
77 ei = add(name="Edit", klass="issue")
78 self.assertEquals(get('Edit', 'issue'), ei)
79 ai = add(name="View", klass="issue")
80 self.assertEquals(get('View', 'issue'), ai)
82 # property
83 epi = add(name="Edit", klass="issue", properties=['title'])
84 self.assertEquals(get('Edit', 'issue', properties=['title']), epi)
85 api = add(name="View", klass="issue", properties=['title'])
86 self.assertEquals(get('View', 'issue', properties=['title']), api)
88 # check function
89 dummy = lambda: 0
90 eci = add(name="Edit", klass="issue", check=dummy)
91 self.assertEquals(get('Edit', 'issue', check=dummy), eci)
92 aci = add(name="View", klass="issue", check=dummy)
93 self.assertEquals(get('View', 'issue', check=dummy), aci)
95 # all
96 epci = add(name="Edit", klass="issue", properties=['title'],
97 check=dummy)
98 self.assertEquals(get('Edit', 'issue', properties=['title'],
99 check=dummy), epci)
100 apci = add(name="View", klass="issue", properties=['title'],
101 check=dummy)
102 self.assertEquals(get('View', 'issue', properties=['title'],
103 check=dummy), apci)
105 def testDBinit(self):
106 self.db.user.create(username="demo", roles='User')
107 self.db.user.create(username="anonymous", roles='Anonymous')
109 def testAccessControls(self):
110 add = self.db.security.addPermission
111 has = self.db.security.hasPermission
112 addRole = self.db.security.addRole
113 addToRole = self.db.security.addPermissionToRole
115 none = self.db.user.create(username='none', roles='None')
117 # test admin access
118 addRole(name='Super')
119 addToRole('Super', add(name="Test"))
120 super = self.db.user.create(username='super', roles='Super')
122 # test class-level access
123 addRole(name='Role1')
124 addToRole('Role1', add(name="Test", klass="test"))
125 user1 = self.db.user.create(username='user1', roles='Role1')
126 self.assertEquals(has('Test', user1, 'test'), 1)
127 self.assertEquals(has('Test', super, 'test'), 1)
128 self.assertEquals(has('Test', none, 'test'), 0)
130 # property
131 addRole(name='Role2')
132 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
133 user2 = self.db.user.create(username='user2', roles='Role2')
134 # *any* access to class
135 self.assertEquals(has('Test', user1, 'test'), 1)
136 self.assertEquals(has('Test', user2, 'test'), 1)
138 # *any* access to item
139 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
140 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
141 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
142 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
144 # now property test
145 self.assertEquals(has('Test', user2, 'test', property='a'), 1)
146 self.assertEquals(has('Test', user2, 'test', property='b'), 1)
147 self.assertEquals(has('Test', user2, 'test', property='c'), 0)
148 self.assertEquals(has('Test', user1, 'test', property='a'), 1)
149 self.assertEquals(has('Test', user1, 'test', property='b'), 1)
150 self.assertEquals(has('Test', user1, 'test', property='c'), 1)
151 self.assertEquals(has('Test', super, 'test', property='a'), 1)
152 self.assertEquals(has('Test', super, 'test', property='b'), 1)
153 self.assertEquals(has('Test', super, 'test', property='c'), 1)
154 self.assertEquals(has('Test', none, 'test', property='a'), 0)
155 self.assertEquals(has('Test', none, 'test', property='b'), 0)
156 self.assertEquals(has('Test', none, 'test', property='c'), 0)
157 self.assertEquals(has('Test', none, 'test'), 0)
159 # check function
160 check = lambda db, userid, itemid: itemid == '1'
161 addRole(name='Role3')
162 addToRole('Role3', add(name="Test", klass="test", check=check))
163 user3 = self.db.user.create(username='user3', roles='Role3')
164 # *any* access to class
165 self.assertEquals(has('Test', user1, 'test'), 1)
166 self.assertEquals(has('Test', user2, 'test'), 1)
167 self.assertEquals(has('Test', user3, 'test'), 1)
168 self.assertEquals(has('Test', none, 'test'), 0)
169 # now check function
170 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
171 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
172 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
173 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
174 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
175 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
176 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
177 self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
178 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
179 self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
181 def testTransitiveSearchPermissions(self):
182 add = self.db.security.addPermission
183 has = self.db.security.hasSearchPermission
184 addRole = self.db.security.addRole
185 addToRole = self.db.security.addPermissionToRole
186 user = self.db.user.create(username='user1', roles='User')
187 anon = self.db.user.create(username='anonymous', roles='Anonymous')
188 addRole(name='User')
189 addRole(name='Anonymous')
190 iv = add(name="View", klass="issue")
191 addToRole('User', iv)
192 addToRole('Anonymous', iv)
193 ms = add(name="Search", klass="msg")
194 addToRole('User', ms)
195 addToRole('Anonymous', ms)
196 addToRole('User', add(name="View", klass="user"))
197 self.assertEquals(has(anon, 'issue', 'messages'), 1)
198 self.assertEquals(has(anon, 'issue', 'messages.author'), 1)
199 self.assertEquals(has(anon, 'issue', 'messages.author.username'), 0)
200 self.assertEquals(has(anon, 'issue', 'messages.recipients'), 1)
201 self.assertEquals(has(anon, 'issue', 'messages.recipients.username'), 0)
202 self.assertEquals(has(user, 'issue', 'messages'), 1)
203 self.assertEquals(has(user, 'issue', 'messages.author'), 1)
204 self.assertEquals(has(user, 'issue', 'messages.author.username'), 1)
205 self.assertEquals(has(user, 'issue', 'messages.recipients'), 1)
206 self.assertEquals(has(user, 'issue', 'messages.recipients.username'), 1)
208 def test_suite():
209 suite = unittest.TestSuite()
210 suite.addTest(unittest.makeSuite(PermissionTest))
211 return suite
213 if __name__ == '__main__':
214 runner = unittest.TextTestRunner()
215 unittest.main(testRunner=runner)
217 # vim: set filetype=python sts=4 sw=4 et si :