825b582483058d9bafd534ed91493f2c015aefb9
1 # Copyright (c) 2002 ekit.com Inc (http://www.ekit-inc.com/)
2 #
3 # Permission is hereby granted, free of charge, to any person obtaining a copy
4 # of this software and associated documentation files (the "Software"), to deal
5 # in the Software without restriction, including without limitation the rights
6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 # copies of the Software, and to permit persons to whom the Software is
8 # furnished to do so, subject to the following conditions:
9 #
10 # The above copyright notice and this permission notice shall be included in
11 # all copies or substantial portions of the Software.
12 #
13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 # SOFTWARE.
21 # $Id: test_security.py,v 1.10 2006-02-03 04:04:37 richard Exp $
23 import os, unittest, shutil
25 from roundup import backends
26 from roundup.password import Password
27 from db_test_base import setupSchema, MyTestCase, config
29 class PermissionTest(MyTestCase):
30 def setUp(self):
31 backend = backends.get_backend('anydbm')
32 # remove previous test, ignore errors
33 if os.path.exists(config.DATABASE):
34 shutil.rmtree(config.DATABASE)
35 os.makedirs(config.DATABASE + '/files')
36 self.db = backend.Database(config, 'admin')
37 setupSchema(self.db, 1, backend)
39 def testInterfaceSecurity(self):
40 ' test that the CGI and mailgw have initialised security OK '
41 # TODO: some asserts
43 def testInitialiseSecurity(self):
44 ei = self.db.security.addPermission(name="Edit", klass="issue",
45 description="User is allowed to edit issues")
46 self.db.security.addPermissionToRole('User', ei)
47 ai = self.db.security.addPermission(name="View", klass="issue",
48 description="User is allowed to access issues")
49 self.db.security.addPermissionToRole('User', ai)
51 def testAdmin(self):
52 ei = self.db.security.addPermission(name="Edit", klass="issue",
53 description="User is allowed to edit issues")
54 self.db.security.addPermissionToRole('User', ei)
55 ei = self.db.security.addPermission(name="Edit", klass=None,
56 description="User is allowed to edit issues")
57 self.db.security.addPermissionToRole('Admin', ei)
59 u1 = self.db.user.create(username='one', roles='Admin')
60 u2 = self.db.user.create(username='two', roles='User')
62 self.assert_(self.db.security.hasPermission('Edit', u1, None))
63 self.assert_(not self.db.security.hasPermission('Edit', u2, None))
66 def testGetPermission(self):
67 self.db.security.getPermission('Edit')
68 self.db.security.getPermission('View')
69 self.assertRaises(ValueError, self.db.security.getPermission, 'x')
70 self.assertRaises(ValueError, self.db.security.getPermission, 'Edit',
71 'fubar')
73 add = self.db.security.addPermission
74 get = self.db.security.getPermission
76 # class
77 ei = add(name="Edit", klass="issue")
78 self.assertEquals(get('Edit', 'issue'), ei)
79 ai = add(name="View", klass="issue")
80 self.assertEquals(get('View', 'issue'), ai)
82 # property
83 epi = add(name="Edit", klass="issue", properties=['title'])
84 self.assertEquals(get('Edit', 'issue', properties=['title']), epi)
85 api = add(name="View", klass="issue", properties=['title'])
86 self.assertEquals(get('View', 'issue', properties=['title']), api)
88 # check function
89 dummy = lambda: 0
90 eci = add(name="Edit", klass="issue", check=dummy)
91 self.assertEquals(get('Edit', 'issue', check=dummy), eci)
92 aci = add(name="View", klass="issue", check=dummy)
93 self.assertEquals(get('View', 'issue', check=dummy), aci)
95 # all
96 epci = add(name="Edit", klass="issue", properties=['title'],
97 check=dummy)
98 self.assertEquals(get('Edit', 'issue', properties=['title'],
99 check=dummy), epci)
100 apci = add(name="View", klass="issue", properties=['title'],
101 check=dummy)
102 self.assertEquals(get('View', 'issue', properties=['title'],
103 check=dummy), apci)
105 def testDBinit(self):
106 self.db.user.create(username="demo", roles='User')
107 self.db.user.create(username="anonymous", roles='Anonymous')
109 def testAccessControls(self):
110 add = self.db.security.addPermission
111 has = self.db.security.hasPermission
112 addRole = self.db.security.addRole
113 addToRole = self.db.security.addPermissionToRole
115 none = self.db.user.create(username='none', roles='None')
117 # test admin access
118 addRole(name='Super')
119 addToRole('Super', add(name="Test"))
120 super = self.db.user.create(username='super', roles='Super')
122 # test class-level access
123 addRole(name='Role1')
124 addToRole('Role1', add(name="Test", klass="test"))
125 user1 = self.db.user.create(username='user1', roles='Role1')
126 self.assertEquals(has('Test', user1, 'test'), 1)
127 self.assertEquals(has('Test', super, 'test'), 1)
128 self.assertEquals(has('Test', none, 'test'), 0)
130 # property
131 addRole(name='Role2')
132 addToRole('Role2', add(name="Test", klass="test", properties=['a','b']))
133 user2 = self.db.user.create(username='user2', roles='Role2')
134 # *any* access to class
135 self.assertEquals(has('Test', user1, 'test'), 1)
136 self.assertEquals(has('Test', user2, 'test'), 1)
138 # *any* access to item
139 self.assertEquals(has('Test', user1, 'test', itemid='1'), 1)
140 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
141 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
142 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
144 # now property test
145 self.assertEquals(has('Test', user2, 'test', property='a'), 1)
146 self.assertEquals(has('Test', user2, 'test', property='b'), 1)
147 self.assertEquals(has('Test', user2, 'test', property='c'), 0)
148 self.assertEquals(has('Test', user1, 'test', property='a'), 1)
149 self.assertEquals(has('Test', user1, 'test', property='b'), 1)
150 self.assertEquals(has('Test', user1, 'test', property='c'), 1)
151 self.assertEquals(has('Test', super, 'test', property='a'), 1)
152 self.assertEquals(has('Test', super, 'test', property='b'), 1)
153 self.assertEquals(has('Test', super, 'test', property='c'), 1)
154 self.assertEquals(has('Test', none, 'test', property='a'), 0)
155 self.assertEquals(has('Test', none, 'test', property='b'), 0)
156 self.assertEquals(has('Test', none, 'test', property='c'), 0)
157 self.assertEquals(has('Test', none, 'test'), 0)
159 # check function
160 check = lambda db, userid, itemid: itemid == '1'
161 addRole(name='Role3')
162 addToRole('Role3', add(name="Test", klass="test", check=check))
163 user3 = self.db.user.create(username='user3', roles='Role3')
164 # *any* access to class
165 self.assertEquals(has('Test', user1, 'test'), 1)
166 self.assertEquals(has('Test', user2, 'test'), 1)
167 self.assertEquals(has('Test', user3, 'test'), 1)
168 self.assertEquals(has('Test', none, 'test'), 0)
169 # now check function
170 self.assertEquals(has('Test', user3, 'test', itemid='1'), 1)
171 self.assertEquals(has('Test', user3, 'test', itemid='2'), 0)
172 self.assertEquals(has('Test', user2, 'test', itemid='1'), 1)
173 self.assertEquals(has('Test', user2, 'test', itemid='2'), 1)
174 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
175 self.assertEquals(has('Test', user1, 'test', itemid='2'), 1)
176 self.assertEquals(has('Test', super, 'test', itemid='1'), 1)
177 self.assertEquals(has('Test', super, 'test', itemid='2'), 1)
178 self.assertEquals(has('Test', none, 'test', itemid='1'), 0)
179 self.assertEquals(has('Test', none, 'test', itemid='2'), 0)
181 def test_suite():
182 suite = unittest.TestSuite()
183 suite.addTest(unittest.makeSuite(PermissionTest))
184 return suite
186 if __name__ == '__main__':
187 runner = unittest.TextTestRunner()
188 unittest.main(testRunner=runner)
190 # vim: set filetype=python sts=4 sw=4 et si :