[Zope3-dev] test for security in unit tests?
Benji York
benji at zope.com
Fri Sep 29 08:40:03 EDT 2006
Roy Mathew wrote:
> I find that testing for security is hard, since the default user in
> the doctests seems to have "unrestricted" access to all methods and
> attributes. Is there a "unit-test friendly" way of faking a user
> with a more restricted role, so that I can reproduce security errors
> in unit tests?
Are you actually talking about functional tests, instead of unit tests?
If so, you are probably sending the "mgr:mgrpw" credentials at the
begining of the test, you'll need to set up another non-admin user
(probably in, or included by, ftesting.zcml or the ZCML you use for your
test layer). Once you have that user, you can use those credentials
instead.
If you're really talking about unit tests, then "security" doesn't
really apply: your domain objects don't generally "know" anything about
their security, it's all mediated by Zope.
--
Benji York
Senior Software Engineer
Zope Corporation
More information about the Zope3-dev
mailing list