Logo Search packages:      
Sourcecode: zope-groupuserfolder version File versions

def zope-groupuserfolder-3.1.1::tests::GRUFTestCase::GRUFTestCase::security_context_setup (   self  )  [inherited]

Build a complex security environment

It creates:
  * 3 roles, r1, r2 and r3
  * 3 groups: g1, g2, g3
  * n users as follows (roles are between parenthesis)

      !   g1    ! g2(r1)     ! g3(r2)     ! g4(r2,r3)  !  Resulting roles !
  ------------!---------!------------!------------!------------!------------------!
  u1          !         !            !            !            !   => (no role)   !
  u2          !   X     !            !            !            !   => (no role)   !
  u3          !   X     !      X     !            !            !   => r1          !
  u4          !   X     !      X     !      X     !            !   => r1,r2       !
  u5(r1)      !         !      X     !      X     !            !   => r1,r2       !
  u6(r1)      !         !            !      X     !            !   => r1,r2       !
  u7(r1)      !         !            !            !     X      !   => r1,r2,r3    !
  ---------------------------------------------------------------------------------

It also creates a 'lr' folder in which g1 group and u3 and u6 are granted r3 role.


And then, it creates nested groups as follow (-> = belongs to group...):

     u/g   !  belongs to... ! resulting roles                     !
 ----------!----------------!-------------------------------------!
  ng1      !   g1           ! (no role)                           !
  ng2      !   g2, g3       ! r1, r2                              !
  ng3      !   g2, ng2      ! r1, r2                              !
  ng4(r3)  !   g2, ng2      ! r1, r2, r3                          !
  ng5      !   g2, ng4      ! r1, r2, r3                          !
  ng6      !   ng5, ng6     ! r1, r2, r3 (no circ. ref)           !
  u8       !   ng1          ! (no role)                           !
  u9       !   g1, ng2      ! r1, r2                              !
  u10      !   ng2, ng3     ! r1, r2                              !
  u11(r3)  !   ng2, ng3     ! r1, r2, r3                          !
  u12      !   ng5, ng6     ! r1, r2, r3                          !
 -----------------------------------------------------------------!

 Plus we have the following local roles matrix (roles inside parenthesis are implicitly
 user-defined, roles inside brackets are implicitly lr-defined).

 folder
   |
   |-- acl_users (GRUF)
   |
   |                                          r1    r2    r3
   |                             /--
   |                             | group_g1               x
   |-- lr                        | u3        (x)          x
       |                         | u6        (x)   (x)    x
       |                         \--
       |
       |                         /--
       |                         | group_g1              [x]
       |-- sublr                 | u3        (x)    x    [x]
       |                         | u6        (x)    x*   [x]
       |                         \--
       |
       |                         /--
       |                         | group_g1              [x]
       |-- sublr2                | u3        (x)    x    [x]
       |   |                     | u6        (x)    x*   [x]
       |   |                     \--
       |   |
       |   |                     /--
       |   |                     | group_g1              [x]
       |   |-- subsublr2         | u3        (x)   [x]   [x]
       |                         | u6        (x)  [(x)]  [x]
       |                         \--
       |
 (now we block local roles under this branch)
       |
       |                         /--
       |                         | group_g1              
       |-- sublr3                | u3        (x)    x    
   |                     | u6        (x)    x*   
   |                     \--
   |
   |                     /--
   |                     | group_g1              
   |-- subsublr3         | u3        (x)   [x]   
                         | u6        (x)  [(x)]  
                         \--
                         
*: u6 will have r2 as a localrole AND a userdefined role.

Definition at line 92 of file GRUFTestCase.py.

                                     :
        """
        Build a complex security environment

        It creates:
          * 3 roles, r1, r2 and r3
          * 3 groups: g1, g2, g3
          * n users as follows (roles are between parenthesis)

                      !   g1    ! g2(r1)     ! g3(r2)     ! g4(r2,r3)  !  Resulting roles !
          ------------!---------!------------!------------!------------!------------------!
          u1          !         !            !            !            !   => (no role)   !
          u2          !   X     !            !            !            !   => (no role)   !
          u3          !   X     !      X     !            !            !   => r1          !
          u4          !   X     !      X     !      X     !            !   => r1,r2       !
          u5(r1)      !         !      X     !      X     !            !   => r1,r2       !
          u6(r1)      !         !            !      X     !            !   => r1,r2       !
          u7(r1)      !         !            !            !     X      !   => r1,r2,r3    !
          ---------------------------------------------------------------------------------

        It also creates a 'lr' folder in which g1 group and u3 and u6 are granted r3 role.


        And then, it creates nested groups as follow (-> = belongs to group...):

             u/g   !  belongs to... ! resulting roles                     !
         ----------!----------------!-------------------------------------!
          ng1      !   g1           ! (no role)                           !
          ng2      !   g2, g3       ! r1, r2                              !
          ng3      !   g2, ng2      ! r1, r2                              !
          ng4(r3)  !   g2, ng2      ! r1, r2, r3                          !
          ng5      !   g2, ng4      ! r1, r2, r3                          !
          ng6      !   ng5, ng6     ! r1, r2, r3 (no circ. ref)           !
          u8       !   ng1          ! (no role)                           !
          u9       !   g1, ng2      ! r1, r2                              !
          u10      !   ng2, ng3     ! r1, r2                              !
          u11(r3)  !   ng2, ng3     ! r1, r2, r3                          !
          u12      !   ng5, ng6     ! r1, r2, r3                          !
         -----------------------------------------------------------------!

         Plus we have the following local roles matrix (roles inside parenthesis are implicitly
         user-defined, roles inside brackets are implicitly lr-defined).

         folder
           |
           |-- acl_users (GRUF)
           |
           |                                          r1    r2    r3
           |                             /--
           |                             | group_g1               x
           |-- lr                        | u3        (x)          x
               |                         | u6        (x)   (x)    x
               |                         \--
               |
               |                         /--
               |                         | group_g1              [x]
               |-- sublr                 | u3        (x)    x    [x]
               |                         | u6        (x)    x*   [x]
               |                         \--
               |
               |                         /--
               |                         | group_g1              [x]
               |-- sublr2                | u3        (x)    x    [x]
               |   |                     | u6        (x)    x*   [x]
               |   |                     \--
               |   |
               |   |                     /--
               |   |                     | group_g1              [x]
               |   |-- subsublr2         | u3        (x)   [x]   [x]
               |                         | u6        (x)  [(x)]  [x]
               |                         \--
               |
         (now we block local roles under this branch)
               |
               |                         /--
               |                         | group_g1              
               |-- sublr3                | u3        (x)    x    
                   |                     | u6        (x)    x*   
                   |                     \--
                   |
                   |                     /--
                   |                     | group_g1              
                   |-- subsublr3         | u3        (x)   [x]   
                                         | u6        (x)  [(x)]  
                                         \--
                                         
        *: u6 will have r2 as a localrole AND a userdefined role.
        """
        # Create a few roles
        self.gruf.userFolderAddRole("r1")
        self.gruf.userFolderAddRole("r2")
        self.gruf.userFolderAddRole("r3")

        # Set View permission on those roles
        permissions = self.gruf_folder.ac_inherited_permissions(1)
        for ip in range(len(permissions)):
            name, value = permissions[ip][:2]
            if name == "View":
                break
        p=Permission.Permission(name,value, self.gruf_folder)
        p.setRoles(("r1", "r2", "r3", ))

        # Setup users and groups
        self.security_context_setup_groups()
        self.security_context_setup_users()
        
        # Create a few folders to play with
        self.gruf_folder.manage_addProduct['OFSP'].manage_addFolder('lr')
        lr = self.gruf_folder.lr
        lr.manage_addProduct['OFSP'].manage_addFolder("sublr")
        sublr = self.gruf_folder.lr.sublr
        lr.manage_addProduct['OFSP'].manage_addFolder("sublr2")
        sublr2 = self.gruf_folder.lr.sublr2
        sublr2.manage_addProduct['OFSP'].manage_addFolder("subsublr2")
        subsublr2 = self.gruf_folder.lr.sublr2.subsublr2
        lr.manage_addProduct['OFSP'].manage_addFolder("sublr3")
        sublr3 = self.gruf_folder.lr.sublr3
        sublr3.manage_addProduct['OFSP'].manage_addFolder("subsublr3")
        subsublr3 = self.gruf_folder.lr.sublr3.subsublr3
        self.gruf._acquireLocalRoles(sublr3, 0)
        lr.manage_addLocalRoles("group_g1", ("r3", ))
        lr.manage_addLocalRoles("u3", ("r3", ))
        lr.manage_addLocalRoles("u6", ("r3", ))
        sublr.manage_addLocalRoles("u3", ("r2", ))
        sublr.manage_addLocalRoles("u6", ("r2", ))
        sublr2.manage_addLocalRoles("u3", ("r2", ))
        sublr2.manage_addLocalRoles("u6", ("r2", ))
        sublr3.manage_addLocalRoles("u3", ("r2", ))
        sublr3.manage_addLocalRoles("u6", ("r2", ))
        self.lr = lr
        self.sublr = sublr
        self.sublr2 = sublr2
        self.sublr3 = sublr3
        self.subsublr2 = subsublr2
        self.subsublr3 = subsublr3


    def security_context_setup_users(self,):


Generated by  Doxygen 1.6.0   Back to index