[ZCM] [ZC] 1210/ 3 Resolve "ZopeSecurityPolicy implementations (C/Python) differ"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Fri Jan 30 12:06:23 EST 2004 

Issue #1210 Update (Resolve) "ZopeSecurityPolicy implementations (C/Python) differ"
 Status Resolved, Zope/bug medium
To followup, visit:
  http://zope.org/Collectors/Zope/1210

==============================================================
= Resolve - Entry #3 by Brian on Jan 30, 2004 12:06 pm

 Status: Pending => Resolved

Ok, here's the scoop on this one: there was an evil bug 
in the way that the marker _noroles could be passed to 
the security policy by UserFolder.authorize(). That bug 
accounted for the difference in behavior when using the 
C vs. the Python security policy (though there was no 
logical difference in the policies, just different 
expectations of what the marker would be). I've fixed 
that on all 3 branches & checked it in. This quirk has 
been around for a long time, and is not due to the 
recent security changes.

Now: after doing that, the test that failed for one policy 
before *failed for both policies*. In looking into this, I 
assert that the test is wrong. It was assuming that calling 
UserFolder.validate(...) without explicitly passing a roles
argument is semantically the same as passing an empty list 
of roles - that is not the case. When you don't pass roles 
explicitly, the roles are looked up in the object (or the 
container) that you are trying to validate access to (which 
in the case of this test, *does* allow the user access).

I've fixed the test to reflect the correct expectation and 
checked it in on all 3 branches. I think this finally wraps 
up everything for rc2. :)


-BL
________________________________________
= Comment - Entry #2 by shh on Jan 28, 2004 3:03 pm

Checked in the user folder tests to Zope-2_7-branch as well. 

See http://zope.org/Collectors/Zope/1211 for a related issue.
________________________________________
= Request - Entry #1 by shh on Jan 28, 2004 2:21 pm

I have added some tests to AccessControl/tests/testUserFolder.py of Zope-2_6-branch. Curiously, one of these tests fails when I set ZOPE_SECURITY_POLICY=PYTHON. This indicates a difference in the C/Python implementations of ZopeSecurityPolicy. Note that I am in fact not sure whether this test is supposed to pass or fail with the new version of AccessControl (it passed until recently). I just noticed that it fails in the Python version but not the C version.

$ python2.1 utilities/testrunner.py -qa
...
----------------------------------------------------------------------
Ran 1865 tests in 109.871s

$ export ZOPE_SECURITY_POLICY=PYTHON
$ python2.1 utilities/testrunner.py -qa
...
======================================================================
FAIL: testNotValidateWithoutRoles (testUserFolder.UserFolderTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "testUserFolder.py", line 143, in testNotValidateWithoutRoles
  File "/var/tmp/python21-root/usr/local/python2.1/lib/python2.1/unittest.py", line 273, in failUnlessEqual
    raise self.failureException, (msg or '%s != %s' % (first, second))
AssertionError: user1 != None
----------------------------------------------------------------------
Ran 1865 tests in 113.321s

FAILED (failures=1)

======================================================================
OVERALL FAILED (total failures=1)


==============================================================

More information about the Zope-Collector-Monitor mailing list