[z3-checkins] r14526 - z3/Five/trunk/browser/tests
philikon at codespeak.net
philikon at codespeak.net
Mon Jul 11 22:45:18 CEST 2005
Author: philikon
Date: Mon Jul 11 22:45:16 2005
New Revision: 14526
Removed:
z3/Five/trunk/browser/tests/test_security.py
Modified:
z3/Five/trunk/browser/tests/pages.txt
z3/Five/trunk/browser/tests/test_pages.py
Log:
integrated security test of pages into pages doctest.
that officially killed the last ZopeTestCase-based test.
why is this so important? because we can now use placelesssetup
etc. to make tests 100% atomic wrt test fixtures
Modified: z3/Five/trunk/browser/tests/pages.txt
==============================================================================
--- z3/Five/trunk/browser/tests/pages.txt (original)
+++ z3/Five/trunk/browser/tests/pages.txt Mon Jul 11 22:45:16 2005
@@ -172,11 +172,11 @@
</html>
-Security
---------
+Low-level security
+------------------
-Test security on a low level (functional pages test has high-level
-security tests). Let's manually look up a protected view:
+This tests security on a low level (functional pages test has
+high-level security tests). Let's manually look up a protected view:
>>> from Products.Five.traversable import FakeRequest
>>> from zope.app import zapi
@@ -198,6 +198,51 @@
('Manager',)
+High-level security
+-------------------
+
+ >>> protected_view_names = [
+ ... 'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
+ ... 'condor.html', 'protectededitform.html']
+ >>>
+ >>> public_view_names = [
+ ... 'public_attribute_page',
+ ... 'public_template_page',
+ ... 'public_template_class_page',
+ ... 'nodoc-method', 'nodoc-function', 'nodoc-object',
+ ... 'dirpage1', 'dirpage2']
+
+ >>> from Products.Five.testing.restricted import checkRestricted
+ >>> from Products.Five.testing.restricted import checkUnauthorized
+
+As long as we're not authenticated, we should get Unauthorized for
+protected views, but we should be able to view the public ones:
+
+ >>> self.logout()
+ >>> for view_name in protected_view_names:
+ ... checkUnauthorized(
+ ... self.folder,
+ ... 'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+ >>> for view_name in public_view_names:
+ ... checkRestricted(
+ ... self.folder,
+ ... 'context.restrictedTraverse("testoid/%s")()' % view_name)
+ >>> self.login('manager')
+
+Being logged in as a manager again, we find that the protected pages
+are not accessible to us:
+
+ >>> for view_name in protected_view_names:
+ ... checkRestricted(
+ ... self.folder,
+ ... 'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+ >>> checkRestricted(
+ ... self.folder,
+ ... 'context.restrictedTraverse("testoid/eagle.method").eagle()')
+
+
Other
-----
Modified: z3/Five/trunk/browser/tests/test_pages.py
==============================================================================
--- z3/Five/trunk/browser/tests/test_pages.py (original)
+++ z3/Five/trunk/browser/tests/test_pages.py Mon Jul 11 22:45:16 2005
@@ -24,6 +24,7 @@
from Testing.ZopeTestCase import installProduct, ZopeDocFileSuite
from Testing.ZopeTestCase import FunctionalDocFileSuite
installProduct('Five')
+ installProduct('PythonScripts') # for Five.testing.restricted
return unittest.TestSuite((
ZopeDocFileSuite('pages.txt',
package='Products.Five.browser.tests'),
Deleted: /z3/Five/trunk/browser/tests/test_security.py
==============================================================================
--- /z3/Five/trunk/browser/tests/test_security.py Mon Jul 11 22:45:16 2005
+++ (empty file)
@@ -1,84 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2004, 2005 Zope Corporation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Test browser security
-
-$Id$
-"""
-import os, sys
-if __name__ == '__main__':
- execfile(os.path.join(sys.path[0], 'framework.py'))
-
-import unittest
-from Testing.ZopeTestCase import ZopeTestCase, installProduct
-installProduct('Five')
-installProduct('PythonScripts') # for RestrictedPythonTestCase
-
-import Products.Five.browser.tests
-from Products.Five import zcml, BrowserView
-from Products.Five.testing import RestrictedPythonTestCase
-from Products.Five.testing import manage_addFiveTraversableFolder
-from Products.Five.testing.simplecontent import manage_addSimpleContent
-
-view_names = [
- 'eagle.txt',
- 'falcon.html',
- 'owl.html',
- 'flamingo.html',
- 'condor.html',
- 'protectededitform.html']
-
-public_view_names = [
- 'public_attribute_page',
- 'public_template_page',
- 'public_template_class_page']
-
-class SecurityTest(RestrictedPythonTestCase):
-
- def afterSetUp(self):
- zcml.load_config('pages.zcml', package=Products.Five.browser.tests)
- manage_addSimpleContent(self.folder, 'testoid', 'Testoid')
- uf = self.folder.acl_users
- uf._doAddUser('viewer', 'secret', [], [])
- uf._doAddUser('manager', 'r00t', ['Manager'], [])
-
- def test_no_permission(self):
- self.login('viewer')
- for view_name in view_names:
- self.checkUnauthorized(
- 'context.restrictedTraverse("testoid/%s")()' % view_name)
-
- def test_permission(self):
- self.login('manager')
- for view_name in view_names:
- self.check(
- 'context.restrictedTraverse("testoid/%s")()' % view_name)
-
- def test_public_permission(self):
- self.logout()
- for view_name in public_view_names:
- self.check(
- 'context.restrictedTraverse("testoid/%s")()' % view_name)
-
- def test_view_method_permission(self):
- self.login('manager')
- self.check(
- 'context.restrictedTraverse("testoid/eagle.method").eagle()')
-
-def test_suite():
- suite = unittest.TestSuite()
- suite.addTest(unittest.makeSuite(SecurityTest))
- return suite
-
-if __name__ == '__main__':
- framework()
More information about the z3-checkins
mailing list