From e25a70a7d1c2016eaeff9c630df9109e715bba3b Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Thu, 9 Sep 2010 17:46:49 +0000
Subject: Features --------

- In support of making it easier to configure applications which are
  "secure by default", a default permission feature was added.  If
  supplied, the default permission is used as the permission string to
  all view registrations which don't otherwise name a permission.
  These APIs are in support of that:

  - A new constructor argument was added to the Configurator:
    ``default_permission``.

  - A new method was added to the Configurator:
    ``set_default_permission``.

  - A new ZCML directive was added: ``default_permission``.

Documentation
-------------

- Added documentation for the ``default_permission`` ZCML directive.

- Added documentation for the ``default_permission`` constructor value
  and the ``set_default_permission`` method in the Configurator API
  documentation.

- Added a new section to the "security" chapter named "Setting a
  Default Permission".

- Document ``renderer_globals_factory`` and ``request_factory``
  arguments to Configurator constructor.
---
 repoze/bfg/tests/test_configuration.py | 72 ++++++++++++++++++++++++++++++++++
 repoze/bfg/tests/test_zcml.py          | 24 ++++++++++++
 2 files changed, 96 insertions(+)

(limited to 'repoze/bfg/tests')

diff --git a/repoze/bfg/tests/test_configuration.py b/repoze/bfg/tests/test_configuration.py
index 2724b3381..943e6b832 100644
--- a/repoze/bfg/tests/test_configuration.py
+++ b/repoze/bfg/tests/test_configuration.py
@@ -179,6 +179,11 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(config.registry.getUtility(IRendererFactory, 'yeah'),
                          renderer)
 
+    def test_ctor_default_permission(self):
+        from repoze.bfg.interfaces import IDefaultPermission
+        config = self._makeOne(default_permission='view')
+        self.assertEqual(config.registry.getUtility(IDefaultPermission), 'view')
+
     def test_with_package_module(self):
         from repoze.bfg.tests import test_configuration
         import repoze.bfg.tests
@@ -445,6 +450,14 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(reg.getUtility(IRendererFactory, 'yeah'),
                          renderer)
 
+    def test_setup_registry_default_permission(self):
+        from repoze.bfg.registry import Registry
+        from repoze.bfg.interfaces import IDefaultPermission
+        reg = Registry()
+        config = self._makeOne(reg)
+        config.setup_registry(default_permission='view')
+        self.assertEqual(reg.getUtility(IDefaultPermission), 'view')
+
     def test_get_settings_nosettings(self):
         from repoze.bfg.registry import Registry
         reg = Registry()
@@ -1704,6 +1717,58 @@ class ConfiguratorTests(unittest.TestCase):
         request = self._makeRequest(config)
         self.assertEqual(view(None, request), 'second')
 
+    def test_add_view_with_permission(self):
+        view1 = lambda *arg: 'OK'
+        outerself = self
+        class DummyPolicy(object):
+            def effective_principals(self, r):
+                outerself.assertEqual(r, request)
+                return ['abc']
+            def permits(self, context, principals, permission):
+                outerself.assertEqual(context, None)
+                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(permission, 'view')
+                return True
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy)
+        config.add_view(view=view1, permission='view')
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
+    def test_add_view_with_default_permission_no_explicit_permission(self):
+        view1 = lambda *arg: 'OK'
+        outerself = self
+        class DummyPolicy(object):
+            def effective_principals(self, r):
+                outerself.assertEqual(r, request)
+                return ['abc']
+            def permits(self, context, principals, permission):
+                outerself.assertEqual(context, None)
+                outerself.assertEqual(principals, ['abc'])
+                outerself.assertEqual(permission, 'view')
+                return True
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy,
+                               default_permission='view')
+        config.add_view(view=view1)
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
+    def test_add_view_with_no_default_permission_no_explicit_permission(self):
+        view1 = lambda *arg: 'OK'
+        class DummyPolicy(object): pass # wont be called
+        policy = DummyPolicy()
+        config = self._makeOne(authorization_policy=policy,
+                               authentication_policy=policy)
+        config.add_view(view=view1)
+        view = self._getViewCallable(config)
+        request = self._makeRequest(config)
+        self.assertEqual(view(None, request), 'OK')
+
     def _assertRoute(self, config, name, path, num_predicates=0):
         from repoze.bfg.interfaces import IRoutesMapper
         mapper = config.registry.getUtility(IRoutesMapper)
@@ -2149,6 +2214,13 @@ class ConfiguratorTests(unittest.TestCase):
         self.assertEqual(config.registry.getUtility(IRendererGlobalsFactory),
                          dummyfactory)
 
+    def test_set_default_permission(self):
+        from repoze.bfg.interfaces import IDefaultPermission
+        config = self._makeOne()
+        config.set_default_permission('view')
+        self.assertEqual(config.registry.getUtility(IDefaultPermission),
+                         'view')
+
     def test_add_translation_dirs_missing_dir(self):
         from repoze.bfg.exceptions import ConfigurationError
         config = self._makeOne()
diff --git a/repoze/bfg/tests/test_zcml.py b/repoze/bfg/tests/test_zcml.py
index 4cd7f88d3..131122d7b 100644
--- a/repoze/bfg/tests/test_zcml.py
+++ b/repoze/bfg/tests/test_zcml.py
@@ -1123,6 +1123,30 @@ class TestLocaleNegotiatorDirective(unittest.TestCase):
         self.assertEqual(action['args'], (dummy_negotiator,))
         action['callable'](*action['args']) # doesn't blow up
 
+class TestDefaultPermissionDirective(unittest.TestCase):
+    def setUp(self):
+        testing.setUp()
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def _callFUT(self, context, name):
+        from repoze.bfg.zcml import default_permission
+        return default_permission(context, name)
+    
+    def test_it(self):
+        from repoze.bfg.threadlocal import get_current_registry
+        from repoze.bfg.interfaces import IDefaultPermission
+        reg = get_current_registry()
+        context = DummyContext()
+        self._callFUT(context, 'view')
+        actions = context.actions
+        self.assertEqual(len(actions), 1)
+        regadapt = actions[0]
+        self.assertEqual(regadapt['discriminator'], IDefaultPermission)
+        perm = reg.getUtility(IDefaultPermission)
+        self.assertEqual(perm, 'view')
+
 class TestLoadZCML(unittest.TestCase):
     def setUp(self):
         testing.setUp()
-- 
cgit v1.2.3