[Grok-dev] Re: How do I check permissions on a view?

Philipp von Weitershausen philipp at weitershausen.de
Tue Sep 25 11:54:27 EDT 2007

Jan-Wijbrand Kolman wrote:
>> It will look up which permission is required for accessing 
>> view.__call__ and then check if the user has the permission.
> FYI, if you want to do this from (functional) tests for your 
> application, you have to initialize such an "interaction" first.
> Something like:
>   >>> from zope.security import checkPermission
>   >>> from zope.security.management import newInteraction
>   >>> from zope.security.management import endInteraction
>   >>> class Participation(object):
>   ...    interaction = None
>   >>> participation = Participation()
>   >>> participation.principal = some_principal_to_test_with
>   >>> newInteraction(participation)
>   >>> checkPermission(u'Should.Have.This.Permission', context)
>   True
>   >>> checkPermission(u'Should.Not.Have.This.Permission', context)
>   False
>   >>> endInteraction()
> But maybe there's better ways of doing this from ftests?

Depends on what you define as "ftest". To me, an ftest is a black-boxy 
test that opens (fake) HTTP connections through the zope.publisher, for 
example using the test browser. Your test is more like a beefed-up unit 
test / integration test to me.

The reason why you have to set up your own interaction above is that 
interactions only exist during the lifetime of a request. Since you're 
not launching a request (that's why I don't consider this a "real" 
ftest), you won't see an interaction. Any other code that normally runs 
during a request won't have to bother with this setup.

http://worldcookery.com -- Professional Zope documentation and training

More information about the Grok-dev mailing list