diff options
-rw-r--r-- | src/zope/security/simplepolicies.py | 11 | ||||
-rw-r--r-- | src/zope/security/tests/test_simplepolicies.py | 28 |
2 files changed, 24 insertions, 15 deletions
diff --git a/src/zope/security/simplepolicies.py b/src/zope/security/simplepolicies.py index 4825e70..b2e8980 100644 --- a/src/zope/security/simplepolicies.py +++ b/src/zope/security/simplepolicies.py @@ -24,7 +24,12 @@ from zope.security._definitions import system_user @zope.interface.implementer(IInteraction) @zope.interface.provider(ISecurityPolicy) class ParanoidSecurityPolicy(object): - """Prohibit all access exctp to public items, or by explicit principals""" + """ + Prohibit all access by any non-system principal, unless the item is public. + + This means that if there are no participations (and hence no + principals), then access is allowed. + """ def __init__(self, *participations): self.participations = [] @@ -58,7 +63,9 @@ class ParanoidSecurityPolicy(object): @zope.interface.provider(ISecurityPolicy) class PermissiveSecurityPolicy(ParanoidSecurityPolicy): - """Allow all access.""" + """ + Allow all access. + """ def checkPermission(self, permission, object): return True diff --git a/src/zope/security/tests/test_simplepolicies.py b/src/zope/security/tests/test_simplepolicies.py index 8be980d..ce5c483 100644 --- a/src/zope/security/tests/test_simplepolicies.py +++ b/src/zope/security/tests/test_simplepolicies.py @@ -16,6 +16,12 @@ import unittest class ConformsToIInteraction(object): + def _getTargetClass(self): + raise NotImplementedError("Subclass responsibility") + + def _makeOne(self, *participations): + return self._getTargetClass()(*participations) + def test_class_conforms_to_IInteraction(self): from zope.interface.verify import verifyClass from zope.security.interfaces import IInteraction @@ -35,9 +41,6 @@ class ParanoidSecurityPolicyTests(unittest.TestCase, from zope.security.simplepolicies import ParanoidSecurityPolicy return ParanoidSecurityPolicy - def _makeOne(self, *participations): - return self._getTargetClass()(*participations) - def test_ctor_no_participations(self): policy = self._makeOne() self.assertEqual(policy.participations, []) @@ -70,7 +73,7 @@ class ParanoidSecurityPolicyTests(unittest.TestCase, p1, p2, p3 = Participation(), Participation(), Participation() policy = self._makeOne(p1, p2, p3) policy.remove(p2) - target = object() + self.assertEqual(policy.participations, [p1, p3]) self.assertTrue(p1.interaction is policy) self.assertTrue(p2.interaction is None) @@ -101,18 +104,20 @@ class ParanoidSecurityPolicyTests(unittest.TestCase, target = object() self.assertFalse(policy.checkPermission(permission, target)) + def test_checkPermission_w_no_participations(self): + # The permission and object don't matter: if there are no + # participations, access is allowed. + policy = self._makeOne() + self.assertTrue(policy.checkPermission(None, None)) + self.assertTrue(policy.checkPermission(self, self)) class PermissiveSecurityPolicyTests(unittest.TestCase, - ConformsToIInteraction, - ): + ConformsToIInteraction): def _getTargetClass(self): from zope.security.simplepolicies import PermissiveSecurityPolicy return PermissiveSecurityPolicy - def _makeOne(self, *participations): - return self._getTargetClass()(*participations) - def test_checkPermission_w_public(self): policy = self._makeOne() permission = object() @@ -121,7 +126,4 @@ class PermissiveSecurityPolicyTests(unittest.TestCase, def test_suite(): - return unittest.TestSuite(( - unittest.makeSuite(ParanoidSecurityPolicyTests), - unittest.makeSuite(PermissiveSecurityPolicyTests), - )) + return unittest.defaultTestLoader.loadTestsFromName(__name__) |