[Zope-Checkins] CVS: Zope/lib/python/AccessControl/tests - testZopeSecurityPolicy.py:1.6

Shane Hathaway shane@zope.com
Tue, 10 Jun 2003 11:39:05 -0400


Update of /cvs-repository/Zope/lib/python/AccessControl/tests
In directory cvs.zope.org:/tmp/cvs-serv31796/tests

Modified Files:
	testZopeSecurityPolicy.py 
Log Message:
Merged shane-security-policy-branch.

The Zope security policy now raises Unauthorized for all denied
access.  This is designed to make it easier to diagnose problems in
security settings, since the Unauthorized error will propagate to
something that can display or log the error.

All 2000+ of the Zope unit tests pass with this change, but I suspect
there may be code that expects the security policy to return 0 instead
of raising Unauthorized.  If any severe issues surface, we can revert
this change.



=== Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py 1.5 => 1.6 ===
--- Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py:1.5	Wed Aug 14 17:28:08 2002
+++ Zope/lib/python/AccessControl/tests/testZopeSecurityPolicy.py	Tue Jun 10 11:39:04 2003
@@ -139,7 +139,7 @@
         res = self.policy.validate(ob, ob, attrname, getattr(ob, attrname),
                                    self.context)
         if not res:
-            assert 0, 'Policy quietly denied %s' % attrname
+            self.fail('Policy quietly denied %s' % attrname)
 
     def assertPolicyDenies(self, ob, attrname):
         try:
@@ -150,10 +150,10 @@
             pass
         else:
             if res:
-                assert 0, 'Policy quietly allowed %s' % attrname
+                self.fail('Policy quietly allowed %s' % attrname)
             else:
-                assert 0, ('Policy denied %s, but did not '
-                           'throw an exception.' % attrname)
+                self.fail('Policy denied %s, but did not '
+                          'throw an exception.' % attrname)
 
     def testUserAccess(self):
         item = self.item
@@ -212,18 +212,23 @@
         r_item = self.a.r_item
         context = self.context
         v = self.policy.checkPermission('View', r_item, context)
-        assert not v, '_View_Permission should deny access to user'
+        self.assert_(not v, '_View_Permission should deny access to user')
         o_context = SecurityContext(self.uf.getUserById('theowner'))
         v = self.policy.checkPermission('View', r_item, o_context)
-        assert v, '_View_Permission should grant access to theowner'
+        self.assert_(v, '_View_Permission should grant access to theowner')
 
     def testAqNames(self):
         policy = self.policy
-        assert not policy.validate('', '', 'aq_self', '', None)
-        assert not policy.validate('', '', 'aq_base', '', None)
-        assert policy.validate('', '', 'aq_parent', '', None)
-        assert policy.validate('', '', 'aq_explicit', '', None)
-        assert policy.validate('', '', 'aq_inner', '', None)
+        names = {
+            'aq_self': 0, 'aq_base': 0,
+            'aq_parent': 1, 'aq_explicit': 1, 'aq_inner': 1
+            }
+        for name, allowed in names.items():
+            if not allowed:
+                self.assertRaises(Unauthorized, policy.validate,
+                                  '', '', name, '', None)
+            else:
+                policy.validate('', '', name, '', None)
 
     if 0:
         # This test purposely generates a log entry.
@@ -242,7 +247,7 @@
             except TypeError:
                 pass
             else:
-                assert 0, 'Policy accepted bad __roles__'
+                self.fail('Policy accepted bad __roles__')
 
 
 def test_suite():