[Checkins]
SVN: grok/branches/timte-json/src/grok/ftests/security/json.py
Add another some more security-related tests.
Martijn Faassen
faassen at infrae.com
Mon Apr 16 12:32:20 EDT 2007
Log message for revision 74186:
Add another some more security-related tests.
Changed:
A grok/branches/timte-json/src/grok/ftests/security/json.py
-=-
Added: grok/branches/timte-json/src/grok/ftests/security/json.py
===================================================================
--- grok/branches/timte-json/src/grok/ftests/security/json.py 2007-04-16 16:32:01 UTC (rev 74185)
+++ grok/branches/timte-json/src/grok/ftests/security/json.py 2007-04-16 16:32:19 UTC (rev 74186)
@@ -0,0 +1,44 @@
+"""
+Let's test whether require decorators work for json methods.
+
+ >>> import grok
+ >>> grok.grok('grok.ftests.security.json')
+
+ >>> from zope.testbrowser.testing import Browser
+ >>> browser = Browser()
+ >>> browser.handleErrors = False
+
+We can access the public method just fine::
+
+ >>> browser.open('http://localhost/stomp')
+ >>> print browser.contents
+ {"Manfred stomped.": ""}
+
+We cannot access the protected method however::
+
+ >>> browser.open('http://localhost/dance')
+ Traceback (most recent call last):
+ ...
+ Unauthorized: (<grok.meta.MammothJSON object at ...>, '__call__', 'zope.ManageContent')
+
+Let's log in as the manager now. We should be able to access the method now::
+
+ >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+ >>> browser.open('http://localhost/dance')
+ >>> print browser.contents
+ {"Manfred doesn't like to dance.": ""}
+
+"""
+
+import grok
+import zope.interface
+
+class MammothJSON(grok.JSON):
+ grok.context(zope.interface.Interface)
+
+ def stomp(self):
+ return {'Manfred stomped.': ''}
+
+ @grok.require('zope.ManageContent')
+ def dance(self):
+ return {'Manfred doesn\'t like to dance.': ''}
More information about the Checkins
mailing list