Add RepozeWhoIdentityACLSecurityPolicy; add debug logging.

1 files changed, 98 insertions, 33 deletions

diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 6d85e2160..9797ebce5 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -210,10 +210,10 @@ class TestACLAuthorizer(unittest.TestCase):
         result = authorizer.permits('read', *principals)
         self.assertEqual(len(logger.messages), 1)
 
-class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
+class TestACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
     def _getTargetClass(self):
-        from repoze.bfg.security import RemoteUserACLSecurityPolicy
-        return RemoteUserACLSecurityPolicy
+        from repoze.bfg.security import ACLSecurityPolicy
+        return ACLSecurityPolicy
 
     def _makeOne(self, *arg, **kw):
         klass = self._getTargetClass()
@@ -225,40 +225,22 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
     def tearDown(self):
         PlacelessSetup.tearDown(self)
 
-    def test_instance_implements_ISecurityPolicy(self):
-        from zope.interface.verify import verifyObject
-        from repoze.bfg.interfaces import ISecurityPolicy
-        logger = DummyLogger()
-        verifyObject(ISecurityPolicy, self._makeOne(logger))
-
     def test_class_implements_ISecurityPolicy(self):
         from zope.interface.verify import verifyClass
         from repoze.bfg.interfaces import ISecurityPolicy
         verifyClass(ISecurityPolicy, self._getTargetClass())
 
-    def test_authenticated_userid(self):
-        context = DummyContext()
-        request = DummyRequest({'REMOTE_USER':'fred'})
-        logger = DummyLogger()
-        policy = self._makeOne(logger)
-        result = policy.authenticated_userid(request)
-        self.assertEqual(result, 'fred')
-
-    def test_effective_principals(self):
-        context = DummyContext()
-        request = DummyRequest({'REMOTE_USER':'fred'})
+    def test_instance_implements_ISecurityPolicy(self):
+        from zope.interface.verify import verifyObject
+        from repoze.bfg.interfaces import ISecurityPolicy
         logger = DummyLogger()
-        policy = self._makeOne(logger)
-        result = policy.effective_principals(request)
-        from repoze.bfg.security import Everyone
-        from repoze.bfg.security import Authenticated
-        self.assertEqual(result, [Everyone, Authenticated, 'fred'])
+        verifyObject(ISecurityPolicy, self._makeOne(logger, lambda *arg: None))
 
-    def test_permits_no_remote_user_no_acl_info_on_context(self):
+    def test_permits_no_principals_no_acl_info_on_context(self):
         context = DummyContext()
         request = DummyRequest({})
         logger = DummyLogger()
-        policy = self._makeOne(logger)
+        policy = self._makeOne(logger, lambda *arg: None)
         authorizer_factory = make_authorizer_factory(None)
         policy.authorizer_factory = authorizer_factory
         result = policy.permits(context, request, 'view')
@@ -268,12 +250,12 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         self.assertEqual(authorizer_factory.permission, 'view')
         self.assertEqual(authorizer_factory.context, context)
 
-    def test_permits_no_remote_user_acl_info_on_context(self):
+    def test_permits_no_principals_acl_info_on_context(self):
         context = DummyContext()
         context.__acl__ = []
         request = DummyRequest({})
         logger = DummyLogger()
-        policy = self._makeOne(logger)
+        policy = self._makeOne(logger, lambda *arg: None)
         authorizer_factory = make_authorizer_factory(None)
         policy.authorizer_factory = authorizer_factory
         result = policy.permits(context, request, 'view')
@@ -283,7 +265,7 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         self.assertEqual(authorizer_factory.permission, 'view')
         self.assertEqual(authorizer_factory.context, context)
 
-    def test_permits_no_remote_user_withparents_root_has_acl_info(self):
+    def test_permits_no_principals_withparents_root_has_acl_info(self):
         context = DummyContext()
         context.__name__ = None
         context.__parent__ = None
@@ -293,7 +275,7 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         context.__acl__ = []
         request = DummyRequest({})
         logger = DummyLogger()
-        policy = self._makeOne(logger)
+        policy = self._makeOne(logger, lambda *arg: None)
         authorizer_factory = make_authorizer_factory(None)
         policy.authorizer_factory = authorizer_factory
         result = policy.permits(context, request, 'view')
@@ -303,7 +285,7 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         self.assertEqual(authorizer_factory.permission, 'view')
         self.assertEqual(authorizer_factory.context, context)
 
-    def test_permits_no_remote_user_withparents_root_allows_everyone(self):
+    def test_permits_no_principals_withparents_root_allows_everyone(self):
         context = DummyContext()
         context.__name__ = None
         context.__parent__ = None
@@ -312,7 +294,7 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         context2.__parent__ = context
         request = DummyRequest({})
         logger = DummyLogger()
-        policy = self._makeOne(logger)
+        policy = self._makeOne(logger, lambda *arg: None)
         authorizer_factory = make_authorizer_factory(context)
         policy.authorizer_factory = authorizer_factory
         result = policy.permits(context, request, 'view')
@@ -321,6 +303,89 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         self.assertEqual(authorizer_factory.principals, (Everyone,))
         self.assertEqual(authorizer_factory.permission, 'view')
         self.assertEqual(authorizer_factory.context, context)
+    
+
+class TestRemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
+    def _getTargetClass(self):
+        from repoze.bfg.security import RemoteUserACLSecurityPolicy
+        return RemoteUserACLSecurityPolicy
+
+    def _makeOne(self, *arg, **kw):
+        klass = self._getTargetClass()
+        return klass(*arg, **kw)
+
+    def setUp(self):
+        PlacelessSetup.setUp(self)
+
+    def tearDown(self):
+        PlacelessSetup.tearDown(self)
+
+    def test_instance_implements_ISecurityPolicy(self):
+        from zope.interface.verify import verifyObject
+        from repoze.bfg.interfaces import ISecurityPolicy
+        logger = DummyLogger()
+        verifyObject(ISecurityPolicy, self._makeOne(logger))
+
+    def test_authenticated_userid(self):
+        context = DummyContext()
+        request = DummyRequest({'REMOTE_USER':'fred'})
+        logger = DummyLogger()
+        policy = self._makeOne(logger)
+        result = policy.authenticated_userid(request)
+        self.assertEqual(result, 'fred')
+
+    def test_effective_principals(self):
+        context = DummyContext()
+        request = DummyRequest({'REMOTE_USER':'fred'})
+        logger = DummyLogger()
+        policy = self._makeOne(logger)
+        result = policy.effective_principals(request)
+        from repoze.bfg.security import Everyone
+        from repoze.bfg.security import Authenticated
+        self.assertEqual(result, [Everyone, Authenticated, 'fred'])
+
+
+class TestRepozeWhoIdentityACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
+    def _getTargetClass(self):
+        from repoze.bfg.security import RepozeWhoIdentityACLSecurityPolicy
+        return RepozeWhoIdentityACLSecurityPolicy
+
+    def _makeOne(self, *arg, **kw):
+        klass = self._getTargetClass()
+        return klass(*arg, **kw)
+
+    def setUp(self):
+        PlacelessSetup.setUp(self)
+
+    def tearDown(self):
+        PlacelessSetup.tearDown(self)
+
+    def test_instance_implements_ISecurityPolicy(self):
+        from zope.interface.verify import verifyObject
+        from repoze.bfg.interfaces import ISecurityPolicy
+        logger = DummyLogger()
+        verifyObject(ISecurityPolicy, self._makeOne(logger))
+
+    def test_authenticated_userid(self):
+        context = DummyContext()
+        identity = {'repoze.who.identity':{'repoze.who.userid':'fred'}}
+        request = DummyRequest(identity)
+        logger = DummyLogger()
+        policy = self._makeOne(logger)
+        result = policy.authenticated_userid(request)
+        self.assertEqual(result, 'fred')
+
+    def test_effective_principals(self):
+        context = DummyContext()
+        identity = {'repoze.who.identity':{'repoze.who.userid':'fred'}}
+        request = DummyRequest(identity)
+        logger = DummyLogger()
+        policy = self._makeOne(logger)
+        result = policy.effective_principals(request)
+        from repoze.bfg.security import Everyone
+        from repoze.bfg.security import Authenticated
+        self.assertEqual(result, [Everyone, Authenticated, 'fred'])
+
 
 class TestAPIFunctions(unittest.TestCase, PlacelessSetup):
     def setUp(self):