Coverage for z.s.checker.CombinedChecker.

author: Tres Seaver <tseaver@palladion.com> 2013-02-11 15:40:07 -0500
committer: Tres Seaver <tseaver@palladion.com> 2013-02-11 15:40:07 -0500
commit: df724d3fe32bcbf3e8f9334d5980eb83049f04e7 (patch)
tree: 9aeeb9ef3fc54ccee7930b254457927eabf753a9 /src
parent: 6e36b7821e48ea406e7336bfd156caa9c7dbb9f3 (diff)
download: zope-security-df724d3fe32bcbf3e8f9334d5980eb83049f04e7.tar.gz
2 files changed, 226 insertions, 1 deletions
diff --git a/src/zope/security/checker.py b/src/zope/security/checker.py
index 70753e6..b556e79 100644
--- a/src/zope/security/checker.py
+++ b/src/zope/security/checker.py
@@ -429,7 +429,7 @@ _available_by_default = []
 # Get optimized versions
 try:
     import zope.security._zope_security_checker
-except ImportError:
+except ImportError: #pragma NO COVER
     pass
 else:
     from zope.security._zope_security_checker import _checkers, selectChecker
diff --git a/src/zope/security/tests/test_checker.py b/src/zope/security/tests/test_checker.py
index 366d2eb..f15181e 100644
--- a/src/zope/security/tests/test_checker.py
+++ b/src/zope/security/tests/test_checker.py
@@ -881,6 +881,230 @@ class Test_undefineChecker(unittest.TestCase):
         self.failIf(Foo in _checkers)
 
 
+class CombinedCheckerTests(unittest.TestCase):
+
+    def _getTargetClass(self):
+        from zope.security.checker import CombinedChecker
+        return CombinedChecker
+
+    def _makeOne(self, checker1=None, checker2=None):
+        if checker1 is None:
+            checker1 = self._makeOther()
+        if checker2 is None:
+            checker1 = self._makeOther()
+        return self._getTargetClass()(checker1, checker2)
+
+    def _makeOther(self, get_permissions=None, set_permissions=None):
+        from zope.security.checker import Checker
+        if get_permissions is None:
+            get_permissions = {}
+        if set_permissions is None:
+            set_permissions = {}
+        return Checker(get_permissions, set_permissions)
+
+    def test_class_conforms_to_IChecker(self):
+        from zope.interface.verify import verifyClass
+        from zope.security.interfaces import IChecker
+        verifyClass(IChecker, self._getTargetClass())
+
+    def test_instance_conforms_to_IChecker(self):
+        from zope.interface.verify import verifyObject
+        from zope.security.interfaces import IChecker
+        verifyObject(IChecker, self._makeOne())
+
+    def test_check_lhs_ok_rhs_not_called(self):
+        from zope.security.checker import CheckerPublic
+        from zope.security.checker import Checker
+        class _NeverCalled(Checker):
+            def check(self, *args, **kw):
+                raise AssertionError
+        obj = object()
+        lhs = self._makeOther({'name': CheckerPublic})
+        rhs = _NeverCalled({})
+        combined = self._makeOne(lhs, rhs)
+        combined.check(object(), 'name') # no raise
+
+    def test_check_lhs_unauth_rhs_ok(self):
+        from zope.security.checker import CheckerPublic
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther({'name': 'view'}) # unauth
+        rhs = self._makeOther({'name': CheckerPublic})
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            combined.check(object(), 'name') #no raise
+        finally:
+            del thread_local.interaction
+
+    def test_check_lhs_unauth_rhs_forbidden(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther({'name': 'view'}) # unauth
+        rhs = self._makeOther() # forbidden
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+    def test_check_lhs_unauth_rhs_unauth(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther({'name': 'view'}) # unauth
+        rhs = self._makeOther({'name': 'inspect'})
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+    def test_check_lhs_forbidden_rhs_ok(self):
+        from zope.security.checker import CheckerPublic
+        obj = object()
+        lhs = self._makeOther() # forbidden
+        rhs = self._makeOther({'name': CheckerPublic})
+        combined = self._makeOne(lhs, rhs)
+        combined.check(object(), 'name') # no raise
+
+    def test_check_lhs_forbidden_rhs_forbidden(self):
+        from zope.security.interfaces import Forbidden
+        obj = object()
+        lhs = self._makeOther() # forbidden
+        rhs = self._makeOther() # forbidden
+        combined = self._makeOne(lhs, rhs)
+        self.assertRaises(Forbidden,
+                          combined.check, object(), 'name')
+
+    def test_check_lhs_forbidden_rhs_unauth(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther() # Forbidden
+        rhs = self._makeOther({'name': 'inspect'})
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+    def test_check_setattr_lhs_ok_rhs_not_called(self):
+        from zope.security.checker import CheckerPublic
+        from zope.security.checker import Checker
+        class _NeverCalled(Checker):
+            def check_setattr(self, *args, **kw):
+                raise AssertionError
+        obj = object()
+        lhs = self._makeOther(set_permissions={'name': CheckerPublic})
+        rhs = _NeverCalled({})
+        combined = self._makeOne(lhs, rhs)
+        combined.check_setattr(object(), 'name') # no raise
+
+    def test_check_setattr_lhs_unauth_rhs_ok(self):
+        from zope.security.checker import CheckerPublic
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther(set_permissions={'name': 'update'}) # unauth
+        rhs = self._makeOther(set_permissions={'name': CheckerPublic})
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            combined.check_setattr(object(), 'name') # no raise
+        finally:
+            del thread_local.interaction
+
+    def test_check_setattr_lhs_unauth_rhs_forbidden(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther(set_permissions={'name': 'view'}) # unauth
+        rhs = self._makeOther() # forbidden
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check_setattr, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+    def test_check_setattr_lhs_unauth_rhs_unauth(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther(set_permissions={'name': 'view'}) # unauth
+        rhs = self._makeOther(set_permissions={'name': 'inspect'}) # unauth
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check_setattr, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+    def test_check_setattr_lhs_forbidden_rhs_ok(self):
+        from zope.security.checker import CheckerPublic
+        obj = object()
+        lhs = self._makeOther() # forbidden
+        rhs = self._makeOther(set_permissions={'name': CheckerPublic})
+        combined = self._makeOne(lhs, rhs)
+        combined.check_setattr(object(), 'name') # no raise
+
+    def test_check_setattr_lhs_forbidden_rhs_forbidden(self):
+        from zope.security.interfaces import Forbidden
+        obj = object()
+        lhs = self._makeOther() # forbidden
+        rhs = self._makeOther() # forbidden
+        combined = self._makeOne(lhs, rhs)
+        self.assertRaises(Forbidden,
+                          combined.check_setattr, object(), 'name')
+
+    def test_check_setattr_lhs_forbidden_rhs_unauth(self):
+        from zope.security.interfaces import Unauthorized
+        from zope.security._definitions import thread_local
+        class _Interaction(object):
+            def checkPermission(self, obj, perm):
+                return False
+        obj = object()
+        lhs = self._makeOther() # forbidden
+        rhs = self._makeOther(set_permissions={'name': 'inspect'}) # unauth
+        combined = self._makeOne(lhs, rhs)
+        thread_local.interaction = _Interaction()
+        try:
+            self.assertRaises(Unauthorized,
+                              combined.check_setattr, object(), 'name')
+        finally:
+            del thread_local.interaction
+
+
 # Pre-geddon tests start here
 
 class Test(unittest.TestCase):
@@ -1557,6 +1781,7 @@ def test_suite():
         unittest.makeSuite(Test_getCheckerForInstancesOf),
         unittest.makeSuite(Test_defineChecker),
         unittest.makeSuite(Test_undefineChecker),
+        unittest.makeSuite(CombinedCheckerTests),
         # pre-geddon fossils
         unittest.makeSuite(Test),
         unittest.makeSuite(TestCheckerPublic),
author	Tres Seaver <tseaver@palladion.com>	2013-02-11 15:40:07 -0500
committer	Tres Seaver <tseaver@palladion.com>	2013-02-11 15:40:07 -0500
commit	df724d3fe32bcbf3e8f9334d5980eb83049f04e7 (patch)
tree	9aeeb9ef3fc54ccee7930b254457927eabf753a9 /src
parent	6e36b7821e48ea406e7336bfd156caa9c7dbb9f3 (diff)
download	zope-security-df724d3fe32bcbf3e8f9334d5980eb83049f04e7.tar.gz