[z3-checkins] r5240 - z3/Five/trunk/tests
faassen at codespeak.net
faassen at codespeak.net
Tue Jun 22 16:47:56 MEST 2004
Author: faassen
Date: Tue Jun 22 16:47:56 2004
New Revision: 5240
Modified:
z3/Five/trunk/tests/test_security2.py
Log:
Improve the way we do security checks using a testing strategy from
Plone.
Modified: z3/Five/trunk/tests/test_security2.py
==============================================================================
--- z3/Five/trunk/tests/test_security2.py (original)
+++ z3/Five/trunk/tests/test_security2.py Tue Jun 22 16:47:56 2004
@@ -6,13 +6,47 @@
import unittest
from AccessControl import getSecurityManager
from Testing import ZopeTestCase
+from AccessControl import Unauthorized
ZopeTestCase.installProduct('Five')
ZopeTestCase.installProduct('FiveTest')
+ZopeTestCase.installProduct('PythonScripts')
ViewManagementScreens = 'View management screens'
-class SecurityTestCase(ZopeTestCase.ZopeTestCase):
+class RestrictedPythonTest(ZopeTestCase.ZopeTestCase):
+ """
+ Test whether code is really restricted
+
+ Kind permission from Plone to use this.
+ """
+
+ def addPS(self, id, params='', body=''):
+ # clean up any 'ps' that's already here..
+ try:
+ self.folder._getOb('ps')
+ self.folder.manage_delObjects(['ps'])
+ except AttributeError:
+ pass # it's okay, no 'ps' exists yet
+ factory = self.folder.manage_addProduct['PythonScripts']
+ factory.manage_addPythonScript(id)
+ self.folder[id].ZPythonScript_edit(params, body)
+
+ def check(self, psbody):
+ self.addPS('ps', body=psbody)
+ try:
+ self.folder.ps()
+ except (ImportError, Unauthorized), e:
+ self.fail(e)
+
+ def checkUnauthorized(self, psbody):
+ self.addPS('ps', body=psbody)
+ try:
+ self.folder.ps()
+ except (AttributeError, Unauthorized):
+ pass
+
+class SecurityTestCase(RestrictedPythonTest):
def afterSetUp(self):
self.folder.manage_addProduct['FiveTest'].manage_addSimpleContent(
@@ -21,32 +55,25 @@
uf._doAddUser('viewer', 'secret', [], [])
uf._doAddUser('manager', 'r00t', ['Manager'], [])
- def assertPermission(self, permission, object):
- user = getSecurityManager().getUser()
- self.assert_(user.has_permission(permission, object))
-
- def assertNoPermission(self, permission, object):
- user = getSecurityManager().getUser()
- self.assert_(not user.has_permission(permission, object))
-
- paths = [
- 'testoid/eagle.txt',
- 'testoid/falcon.html',
- 'testoid/owl.html',
- 'testoid/flamingo.html',
- 'testoid/flamingo2.html',
- 'testoid/condor.html']
+ view_names = [
+ 'eagle.txt',
+ 'falcon.html',
+ 'owl.html',
+ 'flamingo.html',
+ 'flamingo2.html',
+ 'condor.html']
def test_no_permission(self):
- for path in self.paths:
- view = self.folder.unrestrictedTraverse(path)
- self.assertNoPermission(ViewManagementScreens, view)
+ self.login('viewer')
+ for view_name in self.view_names:
+ self.checkUnauthorized(
+ 'context.restrictedTraverse("testoid/%s")()' % view_name)
def test_permission(self):
self.login('manager')
- for path in self.paths:
- view = self.folder.unrestrictedTraverse(path)
- self.assertPermission(ViewManagementScreens, view)
+ for view_name in self.view_names:
+ self.check(
+ 'context.restrictedTraverse("testoid/%s")()' % view_name)
def test_suite():
suite = unittest.TestSuite()
More information about the z3-checkins
mailing list