source: main/waeup.sirp/trunk/src/waeup/sirp/authentication.txt @ 6202

Last change on this file since 6202 was 6202, checked in by uli, 13 years ago

#37
File size: 4.9 KB
Line 
1WAeUP portal authentication
2***************************
3
4:Test-Layer: functional
5
6We need to protect most pieces of our portals from unauthenticated
7access.
8
9Therefore users have to login to access main functionality and they
10are able to log out afterwards.
11
12Before we can check access we have to create an app:
13
14  >>> from zope.component.hooks import setSite # only needed in tests
15  >>> from waeup.sirp.app import University
16  >>> root = getRootFolder()
17  >>> u = University()
18  >>> root['app'] = u
19  >>> setSite(root['app'])                     # only needed in tests
20
21To make sure, we can 'watch' pages, we first have to initialize our
22test browser:
23
24  >>> from zope.testbrowser.testing import Browser
25  >>> browser = Browser()
26  >>> browser.handleErrors = False
27
28Creating users (principals)
29===========================
30
31Before we can login, we have to provide a user (``principal`` in Zope
32terms) with a password (and optional a title or description):
33
34  >>> root['app']['users'].addUser('bob', 'bobsecret',
35  ...                           title='Bob', description='A sample user')
36
37We can also add complete `Account` objects. An `Account` stores the
38user credentials and some metadata persistently:
39
40  >>> from waeup.sirp.authentication import Account
41  >>> alice = Account('alice', 'alicesecret')
42  >>> root['app']['users'].addAccount(alice)
43
44See ``users.txt`` for details about the UserContainer we use here.
45
46Users and local roles
47=====================
48
49Accounts also hold infos about local roles assigned to a user. In the
50beginning, users have no local roles at all:
51
52  >>> alice.getLocalRoles()
53  {}
54
55But we can tell an account, that Alice got some role for a certain
56object:
57
58  >>> chalet = object()
59  >>> root['app']['chalet'] = chalet
60  >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=True)
61
62Now Alice is the Big Boss:
63
64  >>> alice.getLocalRoles()
65  {'BigBoss': [<object object at 0x...>]}
66
67When we do not want Alice to be the Big Boss we can tell that too:
68
69  >>> alice.notifyLocalRoleChanged(chalet, 'BigBoss', granted=False)
70  >>> alice.getLocalRoles()
71  {}
72
73We can also use events to trigger such actions. This is recommended
74because we do not neccessarily know where Alice lives:
75
76  >>> from waeup.sirp.users import LocalRoleSetEvent
77  >>> from zope.event import notify
78  >>> notify(LocalRoleSetEvent(chalet, 'BigBoss', 'alice',
79  ...                          granted=True))
80  >>> alice.getLocalRoles()
81  {'BigBoss': [<object object at 0x...>]}
82
83When objects are deleted, local roles are also deleted
84semi-magically. This happens through event subscribers listening to
85IObjectRemovedEvents. The latters are naturally only fired when ZODB
86stored objects are removed. Furthermore this subscriber reads the
87internal local roles table.
88
89We create a faculty and grant Bob a local role:
90
91   >>> from zope.securitypolicy.interfaces import IPrincipalRoleManager
92   >>> from waeup.sirp.university.faculty import Faculty
93   >>> faculty = Faculty()
94   >>> root['app']['bobs_fac'] = faculty
95   >>> role_manager = IPrincipalRoleManager(faculty)
96   >>> role_manager.assignRoleToPrincipal(
97   ...    'waeup.PortalManager', 'bob')
98
99We notify the machinery about that fact:
100
101   >>> notify(LocalRoleSetEvent(faculty, 'waeup.PortalManager', 'bob',
102   ...                          granted=True))
103   >>> bob = root['app']['users']['bob']
104   >>> bob.getLocalRoles()
105   {'waeup.PortalManager': [<waeup.sirp...Faculty object at 0x...>]}
106
107When we delete the faculty from ZODB, also Bobs roles are modified:
108
109   >>> del root['app']['bobs_fac']
110   >>> bob.getLocalRoles()
111   {}
112
113If one notifies the machinery of a local role removal for an object
114that cannot have local roles, this will cause no trouble:
115
116   >>> mycontext = None #object()
117   >>> notify(LocalRoleSetEvent(
118   ...   mycontext, 'waeup.PortalManager', 'bob', granted=False
119   ... )) is None
120   True
121
122Logging in via side bar
123=======================
124
125We can access the front page without restrictions:
126
127  >>> browser.open('http://localhost/app')
128  >>> print browser.headers['Status']
129  200 Ok
130
131We have to go to one of the login pages first:
132
133  >>> browser.open('http://localhost/app/@@loginstaff')
134  >>> print browser.headers['Status']
135  200 Ok
136
137There is a login form on tis page:
138
139  >>> 'form.login' in browser.contents
140  True
141
142  >>> 'form.logout' in browser.contents
143  False
144
145We use this form:
146
147  >>> browser.getControl(name='form.login').value = 'bob'
148  >>> browser.getControl(name='form.password').value = 'bobsecret'
149  >>> browser.getControl('Login').click()
150
151Now the login form is gone. Instead we have the opportunity to logout:
152
153  >>> 'form.login' in browser.contents
154  False
155
156  >>> logout = browser.getLink('Logout')
157  >>> logout
158  <Link text='Logout' url='http://localhost/app/@@logout'>
159
160The user title is also displayed in the sidebar:
161
162  >>> 'Bob' in browser.contents
163  True
164
165We can also log out afterwards:
166
167  >>> logout.click()
168  >>> print browser.contents
169  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
170  ...Staff Login
171  ...
172
Note: See TracBrowser for help on using the repository browser.