- updated tests

- better debug messages

- updated tests
- better debug messages
0b5f2600 · Andreas Jung · 6c1d1cbb · 0b5f2600 · 0b5f2600 · 0b5f2600
Commit 0b5f2600 authored Oct 09, 2001 by Andreas Jung
3 changed files
--- a/lib/python/AccessControl/securitySuite/ResultObject.py
+++ b/lib/python/AccessControl/securitySuite/ResultObject.py
@@ -88,17 +88,18 @@ class ResultObject:
    """ result object used for keeping results from the 
        ZPublisher.Zope() calls 
-        $Id: ResultObject.py,v 1.1 2001/10/08 14:49:45 andreasjung Exp $
+        $Id: ResultObject.py,v 1.2 2001/10/09 14:40:53 andreasjung Exp $
    """
-    def __str__(self,expected=-1):
+    def __str__(self,expected=-1,with_output=1):
        s  = '\n'
        s+= '-'*78
        s+= "\nRequest: %s" % self.request
        s+= "\nUser: %s" % self.user
        s+= "\nExpected: %s" % expected + "  got: %s %s" % (self.code,self.return_text)
-        s+= "\nOutput:"
+        if with_output:
-        s+= self.output
+            s+= "\nOutput:"
+            s+= self.output
        s+= "\n"
        return s

--- a/lib/python/AccessControl/securitySuite/SecurityBase.py
+++ b/lib/python/AccessControl/securitySuite/SecurityBase.py
@@ -90,7 +90,7 @@ import ZPublisher, ResultObject
 class SecurityBase(unittest.TestCase) :
    """ Base class for all security tests 
-    $Id: SecurityBase.py,v 1.2 2001/10/09 14:16:34 andreasjung Exp $
+    $Id: SecurityBase.py,v 1.3 2001/10/09 14:40:53 andreasjung Exp $
    """
    status_regex = re.compile("Status: ([0-9]{1,4}) (.*)",re.I)\
@@ -180,7 +180,7 @@ class SecurityBase(unittest.TestCase) :
        if expected_code != res.code:
           raise AssertionError, \
-              self._request_debug(args,kw) 
+              self._request_debug(res,expected_code,args,kw) 
    ################################################################
@@ -205,9 +205,11 @@ class SecurityBase(unittest.TestCase) :
        return s
-    def _request_debug(self,*args,**kw):
+    def _request_debug(self,res,expected,args,kw):
        s = 'Args: %s' % str(args)        
        s+= ', KW: %s' % str(kw)
+        s+= '\n%s\n' % res.__str__(with_output=0,expected=expected)
        return s

--- a/lib/python/AccessControl/securitySuite/testSecurity.py
+++ b/lib/python/AccessControl/securitySuite/testSecurity.py
@@ -85,7 +85,7 @@
 # 
 ##############################################################################
-# $Id: testSecurity.py,v 1.8 2001/10/08 14:57:43 andreasjung Exp $
+# $Id: testSecurity.py,v 1.9 2001/10/09 14:40:53 andreasjung Exp $
 import os, sys
 execfile(os.path.join(sys.path[0],'framework.py'))
@@ -203,6 +203,14 @@ USERS = (
    User('manager','123',('Manager',))
 )
+def getAuth(username):
+    for user in USERS:
+        if user.username==username:
+            return "%s:%s" % (user.username,user.password)
+    raise KeyError,"no such username: %" % username
 class AVeryBasicSecurityTest(SecurityBase.SecurityBase):
@@ -297,8 +305,31 @@ class AVeryBasicSecurityTest(SecurityBase.SecurityBase):
    def testZPublisherAccess(self):
        """ test access through ZPublisher """
-        _r = [ ('/test/f1/',None,200),
+        _r = [
-               ('/test/f1/anonobj','manager:123',200),
+               ('/test/f1/',                        None,    200),
+               ('/test/f2',                         None,    200),
+               ('/test/f2/f3',                      None,    200),
+               ('/test/f2/f3/obj3/public_func',     None,    200),
+               ('/test/f2/f3/obj3/protected_func',  None,    401),
+               ('/test/f2/f3/obj3/manage_func',     None,    401),
+               ('/test/f2/f3/obj3/private_func',    None,    401),
+               ('/test/f1/',                        getAuth('manager'),    200),
+               ('/test/f2',                         getAuth('manager'),    200),
+               ('/test/f2/f3',                      getAuth('manager'),    200),
+               ('/test/f2/f3/obj3/public_func',     getAuth('manager'),    200),
+               ('/test/f2/f3/obj3/protected_func',  getAuth('manager'),    200),
+               ('/test/f2/f3/obj3/manage_func',     getAuth('manager'),    200),
+               ('/test/f2/f3/obj3/private_func',    getAuth('manager'),    401),
+               ('/test/f1/',                        getAuth('owner'),    200),
+               ('/test/f2',                         getAuth('owner'),    200),
+               ('/test/f2/f3',                      getAuth('owner'),    200),
+               ('/test/f2/f3/obj3/public_func',     getAuth('owner'),    200),
+               ('/test/f2/f3/obj3/protected_func',  getAuth('owner'),    200),
+               ('/test/f2/f3/obj3/manage_func',     getAuth('owner'),    401),
+               ('/test/f2/f3/obj3/private_func',    getAuth('owner'),    401),
              ]
        for path,auth,expected in _r: