[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests - testZopeSecurityPolicy.py:1.5.68.1
Shane Hathaway
shane@zope.com
Mon, 9 Jun 2003 14:42:36 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv26903/tests
Modified Files:
Tag: shane-security-policy-branch
testZopeSecurityPolicy.py
Log Message:
Changed the security policy to always raise Unauthorized for denied access.
Previously, the security policy sometimes returned 0 and sometimes
raised Unauthorized, depending on whether the value had been acquired.
If it was acquired, it returned 0. This made it so acquisition
implicitly skipped over things you can't access. I think that
implicit policy isn't needed and makes it hard to debug Zope code.
Returning 0 also makes it difficult to diagnose security denials.
Took the opportunity to stop changing AttributeErrors back into
Unauthorized errors in guarded_getattr. Also fixed the unit tests
to use self.assert instead of assert statements.
=== Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py 1.5 => 1.5.68.1 ===
--- Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py:1.5 Wed Aug 14 17:28:08 2002
+++ Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py Mon Jun 9 14:42:35 2003
@@ -139,7 +139,7 @@
res = self.policy.validate(ob, ob, attrname, getattr(ob, attrname),
self.context)
if not res:
- assert 0, 'Policy quietly denied %s' % attrname
+ self.fail('Policy quietly denied %s' % attrname)
def assertPolicyDenies(self, ob, attrname):
try:
@@ -150,10 +150,10 @@
pass
else:
if res:
- assert 0, 'Policy quietly allowed %s' % attrname
+ self.fail('Policy quietly allowed %s' % attrname)
else:
- assert 0, ('Policy denied %s, but did not '
- 'throw an exception.' % attrname)
+ self.fail('Policy denied %s, but did not '
+ 'throw an exception.' % attrname)
def testUserAccess(self):
item = self.item
@@ -212,18 +212,23 @@
r_item = self.a.r_item
context = self.context
v = self.policy.checkPermission('View', r_item, context)
- assert not v, '_View_Permission should deny access to user'
+ self.assert_(not v, '_View_Permission should deny access to user')
o_context = SecurityContext(self.uf.getUserById('theowner'))
v = self.policy.checkPermission('View', r_item, o_context)
- assert v, '_View_Permission should grant access to theowner'
+ self.assert_(v, '_View_Permission should grant access to theowner')
def testAqNames(self):
policy = self.policy
- assert not policy.validate('', '', 'aq_self', '', None)
- assert not policy.validate('', '', 'aq_base', '', None)
- assert policy.validate('', '', 'aq_parent', '', None)
- assert policy.validate('', '', 'aq_explicit', '', None)
- assert policy.validate('', '', 'aq_inner', '', None)
+ names = {
+ 'aq_self': 0, 'aq_base': 0,
+ 'aq_parent': 1, 'aq_explicit': 1, 'aq_inner': 1
+ }
+ for name, allowed in names.items():
+ if not allowed:
+ self.assertRaises(Unauthorized, policy.validate,
+ '', '', name, '', None)
+ else:
+ policy.validate('', '', name, '', None)
if 0:
# This test purposely generates a log entry.
@@ -242,7 +247,7 @@
except TypeError:
pass
else:
- assert 0, 'Policy accepted bad __roles__'
+ self.fail('Policy accepted bad __roles__')
def test_suite():