[Grok-dev] Re: How do I check permissions on a view?
Philipp von Weitershausen
philipp at weitershausen.de
Tue Sep 25 11:54:27 EDT 2007
Jan-Wijbrand Kolman wrote:
>> It will look up which permission is required for accessing
>> view.__call__ and then check if the user has the permission.
>
> FYI, if you want to do this from (functional) tests for your
> application, you have to initialize such an "interaction" first.
>
> Something like:
>
> >>> from zope.security import checkPermission
> >>> from zope.security.management import newInteraction
> >>> from zope.security.management import endInteraction
> >>> class Participation(object):
> ... interaction = None
> >>> participation = Participation()
> >>> participation.principal = some_principal_to_test_with
> >>> newInteraction(participation)
> >>> checkPermission(u'Should.Have.This.Permission', context)
> True
> >>> checkPermission(u'Should.Not.Have.This.Permission', context)
> False
> >>> endInteraction()
>
> But maybe there's better ways of doing this from ftests?
Depends on what you define as "ftest". To me, an ftest is a black-boxy
test that opens (fake) HTTP connections through the zope.publisher, for
example using the test browser. Your test is more like a beefed-up unit
test / integration test to me.
The reason why you have to set up your own interaction above is that
interactions only exist during the lifetime of a request. Since you're
not launching a request (that's why I don't consider this a "real"
ftest), you won't see an interaction. Any other code that normally runs
during a request won't have to bother with this setup.
--
http://worldcookery.com -- Professional Zope documentation and training
More information about the Grok-dev
mailing list