[z3-checkins] r5659 - z3/Five/branch/dc-experiments/tests

[dreamcatcher at codespeak.net]

Author: dreamcatcher
Date: Sat Jul 24 22:36:40 2004
New Revision: 5659

Modified:
   z3/Five/branch/dc-experiments/tests/test_security2.py
Log:

- Add tests for browser:resource security.



Modified: z3/Five/branch/dc-experiments/tests/test_security2.py
==============================================================================
--- z3/Five/branch/dc-experiments/tests/test_security2.py	(original)
+++ z3/Five/branch/dc-experiments/tests/test_security2.py	Sat Jul 24 22:36:40 2004
@@ -20,7 +20,7 @@
 class RestrictedPythonTest(ZopeTestCase.ZopeTestCase):
     """
     Test whether code is really restricted
-    
+
     Kind permission from Plone to use this.
     """
 
@@ -37,7 +37,7 @@
 
     def check(self, psbody):
         self.addPS('ps', body=psbody)
-        try: 
+        try:
             self.folder.ps()
         except (ImportError, Unauthorized), e:
             self.fail(e)
@@ -50,7 +50,7 @@
             pass
         else:
             self.fail("Authorized but shouldn't be")
-            
+
 view_names = [
     'eagle.txt',
     'falcon.html',
@@ -64,8 +64,14 @@
     'public_template_page',
     'public_template_class_page']
 
+resource_names = [
+    'cockatiel.html',
+    'style.css',
+    'pattern.png'
+    ]
+
 class SecurityTestCase(RestrictedPythonTest):
-    
+
     def afterSetUp(self):
         self.folder.manage_addProduct['FiveTest'].manage_addSimpleContent(
             'testoid', 'Testoid')
@@ -79,17 +85,31 @@
             self.checkUnauthorized(
                 'context.restrictedTraverse("testoid/%s")()' % view_name)
 
+    def test_resource_no_permission(self):
+        self.login('viewer')
+        for resource in resource_names:
+            self.checkUnauthorized(
+                'context.restrictedTraverse("testoid/++resource++%s")()' %
+                resource)
+
     def test_permission(self):
         self.login('manager')
         for view_name in view_names:
             self.check(
                 'context.restrictedTraverse("testoid/%s")()' % view_name)
 
+    def test_resource_permission(self):
+        self.login('manager')
+        for resource in resource_names:
+            self.check(
+                'context.restrictedTraverse("testoid/++resource++%s")()' %
+                resource)
+
     def test_public_permission(self):
         for view_name in public_view_names:
             self.check(
                 'context.restrictedTraverse("testoid/%s")()' % view_name)
-            
+
 class PublishTestCase(Functional, ZopeTestCase.ZopeTestCase):
     """A functional test for security actually involving the publisher.
     """
@@ -107,7 +127,7 @@
             # we expect that we get a 401 Unauthorized
             self.assertEqual(response.getStatus(), 401)
 
-            
+
     def test_permission(self):
         for view_name in view_names:
             response = self.publish('/test_folder_1_/testoid/%s' % view_name,
@@ -119,7 +139,7 @@
         for view_name in public_view_names:
             response = self.publish('/test_folder_1_/testoid/%s' % view_name)
             self.assertEqual(response.getStatus(), 200)
-            
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(SecurityTestCase))