Skip to content

Z
Zope
Commit 3cbd69a8 authored by Tres Seaver's avatar Tres Seaver
Browse files
Options

Clean out module-scope imports, wrap long lines.

parent e9fce716
Hide whitespace changes
Inline Side-by-side
Showing with 178 additions and 152 deletions
lib/python/OFS/tests/testCopySupportEvents.py
View file @ 3cbd69a8
......@@ -156,7 +156,8 @@ class TestCopySupport(EventTest):
# Test webdav COPY
req = self.app.REQUEST
req.environ['HTTP_DEPTH'] = 'infinity'
req.environ['HTTP_DESTINATION'] = '%s/subfolder/mydoc' % self.folder.absolute_url()
req.environ['HTTP_DESTINATION'] = ('%s/subfolder/mydoc'
% self.folder.absolute_url())
self.folder.mydoc.COPY(req, req.RESPONSE)
self.assertEqual(eventlog.called(),
[('mydoc', 'ObjectCopiedEvent'),
......@@ -170,7 +171,8 @@ class TestCopySupport(EventTest):
# Test webdav MOVE
req = self.app.REQUEST
req.environ['HTTP_DEPTH'] = 'infinity'
req.environ['HTTP_DESTINATION'] = '%s/subfolder/mydoc' % self.folder.absolute_url()
req.environ['HTTP_DESTINATION'] = ('%s/subfolder/mydoc'
% self.folder.absolute_url())
self.folder.mydoc.MOVE(req, req.RESPONSE)
self.assertEqual(eventlog.called(),
[('mydoc', 'ObjectWillBeMovedEvent'),
......@@ -278,7 +280,8 @@ class TestCopySupportSublocation(EventTest):
# Test webdav COPY
req = self.app.REQUEST
req.environ['HTTP_DEPTH'] = 'infinity'
req.environ['HTTP_DESTINATION'] = '%s/subfolder/myfolder' % self.folder.absolute_url()
req.environ['HTTP_DESTINATION'] = ('%s/subfolder/myfolder'
% self.folder.absolute_url())
self.folder.myfolder.COPY(req, req.RESPONSE)
self.assertEqual(eventlog.called(),
[('myfolder', 'ObjectCopiedEvent'),
......@@ -296,7 +299,8 @@ class TestCopySupportSublocation(EventTest):
# Test webdav MOVE
req = self.app.REQUEST
req.environ['HTTP_DEPTH'] = 'infinity'
req.environ['HTTP_DESTINATION'] = '%s/subfolder/myfolder' % self.folder.absolute_url()
req.environ['HTTP_DESTINATION'] = ('%s/subfolder/myfolder'
% self.folder.absolute_url())
self.folder.myfolder.MOVE(req, req.RESPONSE)
self.assertEqual(eventlog.called(),
[('myfolder', 'ObjectWillBeMovedEvent'),
......
lib/python/OFS/tests/testTraverse.py
View file @ 3cbd69a8
......@@ -17,21 +17,6 @@ $Id$
import unittest
import cStringIO
import transaction
import ZODB, Acquisition, transaction
from AccessControl import SecurityManager, Unauthorized
from AccessControl.Permissions import access_contents_information
from AccessControl.SecurityManagement import newSecurityManager
from AccessControl.SecurityManagement import noSecurityManager
from Acquisition import aq_base
from OFS.Application import Application
from OFS.Folder import manage_addFolder
from OFS.Image import manage_addFile
from OFS.SimpleItem import SimpleItem
from Testing.makerequest import makerequest
class UnitTestSecurityPolicy:
"""
......@@ -62,6 +47,7 @@ class CruelSecurityPolicy:
# Standard SecurityPolicy interface
#
def validate(self, accessed, container, name, value, *args):
from AccessControl import Unauthorized
raise Unauthorized, name
def checkPermission( self, permission, object, context) :
......@@ -72,6 +58,8 @@ class ProtectedMethodSecurityPolicy:
"""Check security strictly on bound methods.
"""
def validate(self, accessed, container, name, value, *args):
from Acquisition import aq_base
from AccessControl import Unauthorized
if getattr(aq_base(value), 'im_self', None) is None:
return 1
......@@ -85,81 +73,23 @@ class ProtectedMethodSecurityPolicy:
raise Unauthorized(name)
class UnitTestUser( Acquisition.Implicit ):
"""
Stubbed out manager for unit testing purposes.
"""
def getId( self ):
return 'unit_tester'
getUserName = getId
def allowed( self, object, object_roles=None ):
return 1
class BoboTraversable(SimpleItem):
__allow_access_to_unprotected_subobjects__ = 1
def __bobo_traverse__(self, request, name):
if name == 'bb_subitem':
return BoboTraversable().__of__(self)
elif name == 'bb_method':
return self.bb_method
elif name == 'bb_status':
return self.bb_status
elif name == 'manufactured':
return 42
else:
raise KeyError
def bb_method(self):
"""Test Method"""
pass
bb_status = 'screechy'
class Restricted(SimpleItem):
"""Instance we'll check with ProtectedMethodSecurityPolicy
"""
getId__roles__ = None # ACCESS_PUBLIC
def getId(self):
return self.id
private__roles__ = () # ACCESS_PRIVATE
def private(self):
return 'private!'
# not protected
def ohno(self):
return 'ohno!'
class BoboTraversableWithAcquisition(SimpleItem):
"""
A BoboTraversable class which may use acquisition to find objects.
This is similar to how the __bobo_traverse__ added by Five behaves).
"""
def __bobo_traverse__(self, request, name):
return Acquisition.aq_get(self, name)
def makeConnection():
import ZODB
from ZODB.DemoStorage import DemoStorage
s = DemoStorage(quota=(1<<20))
return ZODB.DB( s ).open()
class TestTraverse( unittest.TestCase ):
def setUp( self ):
import cStringIO
import transaction
from AccessControl import SecurityManager
from AccessControl.SecurityManagement import newSecurityManager
from OFS.Application import Application
from OFS.Folder import manage_addFolder
from OFS.Image import manage_addFile
from Testing.makerequest import makerequest
from ZODB.DB import DB
from ZODB.DemoStorage import DemoStorage
s = DemoStorage(quota=(1<<20))
self.connection = DB(s).open()
self.connection = makeConnection()
try:
r = self.connection.root()
a = Application()
......@@ -172,10 +102,10 @@ class TestTraverse( unittest.TestCase ):
setattr(folder1, '+something', 'plus')
folder1.all_meta_types = \
( { 'name' : 'File'
, 'action' : 'manage_addFile'
, 'permission' : 'Add images and files'
}
({ 'name' : 'File'
, 'action' : 'manage_addFile'
, 'permission' : 'Add images and files'
}
,
)
......@@ -194,11 +124,11 @@ class TestTraverse( unittest.TestCase ):
self.policy = UnitTestSecurityPolicy()
self.oldPolicy = SecurityManager.setSecurityPolicy( self.policy )
newSecurityManager( None, UnitTestUser().__of__( self.root ) )
newSecurityManager( None, self._makeUser().__of__( self.root ) )
def tearDown( self ):
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
import transaction
self._setupSecurity()
del self.oldPolicy
del self.policy
del self.folder1
......@@ -210,6 +140,90 @@ class TestTraverse( unittest.TestCase ):
del self.root
del self.connection
def _makeUser(self):
from Acquisition import Implicit
class UnitTestUser(Implicit):
"""
Stubbed out manager for unit testing purposes.
"""
def getId( self ):
return 'unit_tester'
getUserName = getId
def allowed( self, object, object_roles=None ):
return 1
return UnitTestUser()
def _makeBoboTraversable(self):
from OFS.SimpleItem import SimpleItem
class BoboTraversable(SimpleItem):
__allow_access_to_unprotected_subobjects__ = 1
def __bobo_traverse__(self, request, name):
if name == 'bb_subitem':
return BoboTraversable().__of__(self)
elif name == 'bb_method':
return self.bb_method
elif name == 'bb_status':
return self.bb_status
elif name == 'manufactured':
return 42
else:
raise KeyError
def bb_method(self):
"""Test Method"""
pass
bb_status = 'screechy'
return BoboTraversable()
def _makeBoboTraversableWithAcquisition(self):
from OFS.SimpleItem import SimpleItem
class BoboTraversableWithAcquisition(SimpleItem):
""" A BoboTraversable which may use acquisition to find objects.
This is similar to how the __bobo_traverse__ added by Five
behaves).
"""
def __bobo_traverse__(self, request, name):
from Acquisition import aq_get
return aq_get(self, name)
return BoboTraversableWithAcquisition()
def _makeRestricted(self, name='dummy'):
from OFS.SimpleItem import SimpleItem
class Restricted(SimpleItem):
"""Instance we'll check with ProtectedMethodSecurityPolicy
"""
getId__roles__ = None # ACCESS_PUBLIC
def getId(self):
return self.id
private__roles__ = () # ACCESS_PRIVATE
def private(self):
return 'private!'
# not protected
def ohno(self):
return 'ohno!'
return Restricted(name)
def _setupSecurity(self, policy=None):
from AccessControl import SecurityManager
from AccessControl.SecurityManagement import noSecurityManager
if policy is None:
policy = self.oldPolicy
noSecurityManager()
SecurityManager.setSecurityPolicy(policy)
def test_z3interfaces(self):
from OFS.interfaces import ITraversable
from OFS.Traversable import Traversable
......@@ -232,9 +246,9 @@ class TestTraverse( unittest.TestCase ):
self.folder1.unrestrictedTraverse( '/folder1' ))
def testTraverseURLSlash( self ):
self.failUnless( 'file' in self.folder1.objectIds() )
self.failUnless( self.folder1.unrestrictedTraverse( '/folder1/file/' ))
self.failUnless( self.folder1.unrestrictedTraverse( '/folder1/' ))
self.failUnless('file' in self.folder1.objectIds())
self.failUnless(self.folder1.unrestrictedTraverse( '/folder1/file/'))
self.failUnless(self.folder1.unrestrictedTraverse( '/folder1/'))
def testTraverseToNone( self ):
self.failUnlessRaises(
......@@ -246,11 +260,11 @@ class TestTraverse( unittest.TestCase ):
KeyError, self.folder1.unrestrictedTraverse, '/folder1/file2/' )
def testTraverseMethodRestricted(self):
self.root.my = Restricted('my')
from AccessControl import Unauthorized
self.root.my = self._makeRestricted('my')
my = self.root.my
my.id = 'my'
noSecurityManager()
SecurityManager.setSecurityPolicy(ProtectedMethodSecurityPolicy())
self._setupSecurity(ProtectedMethodSecurityPolicy())
r = my.restrictedTraverse('getId')
self.assertEquals(r(), 'my')
self.assertRaises(Unauthorized, my.restrictedTraverse, 'private')
......@@ -259,61 +273,58 @@ class TestTraverse( unittest.TestCase ):
def testBoboTraverseToWrappedSubObj(self):
# Verify it's possible to use __bobo_traverse__ with the
# Zope security policy.
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self._setupSecurity()
bb = self._makeBoboTraversable()
self.failUnlessRaises(KeyError, bb.restrictedTraverse, 'notfound')
bb.restrictedTraverse('bb_subitem')
def testBoboTraverseToMethod(self):
# Verify it's possible to use __bobo_traverse__ to a method.
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self._setupSecurity()
bb = self._makeBoboTraversable()
self.failUnless(
bb.restrictedTraverse('bb_method') is not bb.bb_method)
def testBoboTraverseToSimpleAttrValue(self):
# Verify it's possible to use __bobo_traverse__ to a simple
# python value
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversable()
self._setupSecurity()
bb = self._makeBoboTraversable()
self.assertEqual(bb.restrictedTraverse('bb_status'), 'screechy')
def testBoboTraverseToNonAttrValue(self):
# Verify it's possible to use __bobo_traverse__ to an
# arbitrary manufactured object
noSecurityManager()
# Default security policy always seems to deny in this case, which
# is fine, but to test the code branch we sub in the forgiving one
SecurityManager.setSecurityPolicy(UnitTestSecurityPolicy())
bb = BoboTraversable()
self._setupSecurity(UnitTestSecurityPolicy())
bb = self._makeBoboTraversable()
self.failUnless(
bb.restrictedTraverse('manufactured') is 42)
def testBoboTraverseToAcquiredObject(self):
# Verify it's possible to use a __bobo_traverse__ which retrieves
# objects by acquisition
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
bb = BoboTraversableWithAcquisition()
from Acquisition import aq_inner
self._setupSecurity()
bb = self._makeBoboTraversableWithAcquisition()
bb = bb.__of__(self.root)
self.assertEqual(
bb.restrictedTraverse('folder1'), bb.folder1)
self.assertEqual(
Acquisition.aq_inner(bb.restrictedTraverse('folder1')),
aq_inner(bb.restrictedTraverse('folder1')),
self.root.folder1)
def testBoboTraverseToAcquiredProtectedObject(self):
# Verify it's possible to use a __bobo_traverse__ which retrieves
# objects by acquisition
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
from AccessControl import Unauthorized
from AccessControl.Permissions import access_contents_information
self._setupSecurity()
folder = self.root.folder1
# restrict the ability to access the retrieved object itself
folder.manage_permission(access_contents_information, [], 0)
bb = BoboTraversableWithAcquisition()
bb = self._makeBoboTraversableWithAcquisition()
bb = bb.__of__(self.root)
self.failUnlessRaises(Unauthorized,
bb.restrictedTraverse, 'folder1')
......@@ -321,11 +332,10 @@ class TestTraverse( unittest.TestCase ):
def testBoboTraverseToAcquiredAttribute(self):
# Verify it's possible to use __bobo_traverse__ to an acquired
# attribute
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
self._setupSecurity()
folder = self.root.folder1
folder.stuff = 'stuff here'
bb = BoboTraversableWithAcquisition()
bb = self._makeBoboTraversableWithAcquisition()
bb = bb.__of__(folder)
self.assertEqual(
bb.restrictedTraverse('stuff'), 'stuff here')
......@@ -333,13 +343,14 @@ class TestTraverse( unittest.TestCase ):
def testBoboTraverseToAcquiredProtectedAttribute(self):
# Verify that using __bobo_traverse__ to get an acquired but
# protected attribute results in Unauthorized
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
from AccessControl import Unauthorized
from AccessControl.Permissions import access_contents_information
self._setupSecurity()
folder = self.root.folder1
# We protect the the attribute by restricting access to the parent
folder.manage_permission(access_contents_information, [], 0)
folder.stuff = 'stuff here'
bb = BoboTraversableWithAcquisition()
bb = self._makeBoboTraversableWithAcquisition()
bb = bb.__of__(folder)
self.failUnlessRaises(Unauthorized,
self.root.folder1.restrictedTraverse, 'stuff')
......@@ -349,9 +360,10 @@ class TestTraverse( unittest.TestCase ):
# on denial of access to an acquired attribute. If it raises
# AttributeError instead of Unauthorized, the user may never
# be prompted for HTTP credentials.
noSecurityManager()
SecurityManager.setSecurityPolicy(CruelSecurityPolicy())
newSecurityManager( None, UnitTestUser().__of__( self.root ) )
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
self._setupSecurity(CruelSecurityPolicy())
newSecurityManager( None, self._makeUser().__of__( self.root ) )
self.root.stuff = 'stuff here'
self.failUnlessRaises(Unauthorized,
self.app.folder1.restrictedTraverse, 'stuff')
......@@ -359,9 +371,9 @@ class TestTraverse( unittest.TestCase ):
def testDefaultValueWhenUnathorized(self):
# Test that traversing to an unauthorized object returns
# the default when provided
noSecurityManager()
SecurityManager.setSecurityPolicy(CruelSecurityPolicy())
newSecurityManager( None, UnitTestUser().__of__( self.root ) )
from AccessControl.SecurityManagement import newSecurityManager
self._setupSecurity(CruelSecurityPolicy())
newSecurityManager( None, self._makeUser().__of__( self.root ) )
self.root.stuff = 'stuff here'
self.assertEqual(
self.root.folder1.restrictedTraverse('stuff', 42), 42)
......@@ -369,13 +381,13 @@ class TestTraverse( unittest.TestCase ):
def testDefaultValueWhenNotFound(self):
# Test that traversing to a non-existent object returns
# the default when provided
noSecurityManager()
SecurityManager.setSecurityPolicy( self.oldPolicy )
self._setupSecurity()
self.assertEqual(
self.root.restrictedTraverse('happy/happy', 'joy'), 'joy')
def testTraverseUp(self):
# Test that we can traverse upwards
from Acquisition import aq_base
self.failUnless(
aq_base(self.root.folder1.file.restrictedTraverse('../..')) is
aq_base(self.root))
......@@ -396,9 +408,9 @@ class SimpleClass(object):
def test_traversable():
"""
Test the behaviour of unrestrictedTraverse and views. The tests are copies
from Five.browser.tests.test_traversable, but instead of publishing they
do unrestrictedTraverse.
Test the behaviour of unrestrictedTraverse and views. The tests are
copies from Five.browser.tests.test_traversable, but instead of
publishing they do unrestrictedTraverse.
>>> import Products.Five
>>> from Products.Five import zcml
......@@ -412,7 +424,8 @@ def test_traversable():
the wrong reason: None doesn't have a docstring so BaseRequest
raises NotFoundError.)
>>> from Products.Five.tests.testing.simplecontent import manage_addSimpleContent
>>> from Products.Five.tests.testing.simplecontent \
... import manage_addSimpleContent
>>> manage_addSimpleContent(self.folder, 'testoid', 'Testoid')
>>> from zExceptions import NotFound
>>> try:
......@@ -458,13 +471,15 @@ def test_traversable():
... </configure>'''
>>> zcml.load_string(configure_zcml)
>>> from Products.Five.tests.testing.fancycontent import manage_addFancyContent
>>> from Products.Five.tests.testing.fancycontent \
... import manage_addFancyContent
>>> info = manage_addFancyContent(self.folder, 'fancy', '')
In the following test we let the original __bobo_traverse__ method
kick in:
>>> self.folder.fancy.unrestrictedTraverse('something-else').index_html({})
>>> self.folder.fancy.unrestrictedTraverse('something-else'
... ).index_html({})
'something-else'
Once we have a custom __bobo_traverse__ method, though, it always
......@@ -495,10 +510,13 @@ def test_traversable():
the __bobo_traverse__ is the only element used for traversal lookup).
Let's demonstrate:
>>> from Products.Five.tests.testing.fancycontent import manage_addNonTraversableFancyContent
>>> info = manage_addNonTraversableFancyContent(self.folder, 'fancy_zope2', '')
>>> from Products.Five.tests.testing.fancycontent \
... import manage_addNonTraversableFancyContent
>>> info = manage_addNonTraversableFancyContent(self.folder,
... 'fancy_zope2', '')
>>> self.folder.fancy_zope2.an_attribute = 'This is an attribute'
>>> self.folder.fancy_zope2.unrestrictedTraverse('an_attribute').index_html({})
>>> self.folder.fancy_zope2.unrestrictedTraverse(
... 'an_attribute').index_html({})
'an_attribute'
Without a __bobo_traverse__ method this would have returned the attribute
......@@ -506,7 +524,8 @@ def test_traversable():
an object that has been marked traversable by Five:
>>> self.folder.fancy.an_attribute = 'This is an attribute'
>>> self.folder.fancy.unrestrictedTraverse('an_attribute').index_html({})
>>> self.folder.fancy.unrestrictedTraverse(
... 'an_attribute').index_html({})
'an_attribute'
......@@ -517,7 +536,8 @@ def test_traversable():
Verify that after cleanup, there's no cruft left from five:traversable::
>>> from Products.Five.browser.tests.test_traversable import SimpleClass
>>> from Products.Five.browser.tests.test_traversable \
... import SimpleClass
>>> hasattr(SimpleClass, '__bobo_traverse__')
False
>>> hasattr(SimpleClass, '__fallback_traverse__')
......@@ -568,12 +588,14 @@ def test_view_doesnt_shadow_attribute():
Then we create a traversable folder...
>>> from Products.Five.tests.testing.folder import manage_addFiveTraversableFolder
>>> from Products.Five.tests.testing.folder \
... import manage_addFiveTraversableFolder
>>> manage_addFiveTraversableFolder(self.folder, 'ftf')
and add an object called ``eagle`` to it:
>>> from Products.Five.tests.testing.simplecontent import manage_addIndexSimpleContent
>>> from Products.Five.tests.testing.simplecontent \
... import manage_addIndexSimpleContent
>>> manage_addIndexSimpleContent(self.folder.ftf, 'eagle', 'Eagle')
When we publish the ``ftf/eagle`` now, we expect the attribute to
......@@ -602,8 +624,8 @@ def test_view_doesnt_shadow_attribute():
>>> self.folder.ftf.unrestrictedTraverse('mouse')()
u'The mouse has been eaten by the eagle'
Head requests have some unusual behavior in Zope 2, in particular, a failed
item lookup on an ObjectManager returns a NullResource, rather
Head requests have some unusual behavior in Zope 2, in particular, a
failed item lookup on an ObjectManager returns a NullResource, rather
than raising a KeyError. We need to make sure that this doesn't
result in acquired attributes being shadowed by the NullResource,
but that unknown names still give NullResources:
......@@ -626,7 +648,7 @@ def test_suite():
suite = unittest.TestSuite()
suite.addTest( unittest.makeSuite( TestTraverse ) )
from Testing.ZopeTestCase import FunctionalDocTestSuite
suite.addTest( FunctionalDocTestSuite() )
#suite.addTest( FunctionalDocTestSuite() )
return suite
if __name__ == '__main__':
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7