launchpad-dev team mailing list archive

[Jonathan Lange <jml@xxxxxxxxxxxxx>]

On Tue, Jul 27, 2010 at 10:39 PM, Michael Hudson
<michael.hudson@xxxxxxxxxxxxx> wrote:
...
>> Do you have an example of a problem we've caught because we were using
>> security proxies in our model tests? Even a contrived example of the
>> kind of problem we catch would help.
>
> One would be a typo in the interface definition.  For example:
>
> class IThing:
>   branchs = Choice(...)
>
> The unit tests for Things, if not using proxies, could happily assign to and
> read from 'branches', but the 'real'  code (e.g. accessing it via a secured
> utility in the browser) accessing branches would blow up.
>
> Is that the sort of thing you meant?
>

It is.

I guess almost every other Python project in the world gets by without
that though.

> To me it all just seems to be an extension of the 'go in through the front
> door' test principle: you should use the SUT in the test in a way close to
> how it's actually going to be used in anger.
>

I'm not sure. Genuinely uncertain.

Yes the SUT in the test should be close to production. On the other
hand, I see much of the permission / login stuff in model tests as
meaningless and useless, and can't help but speculate on how it
affects test run time.

jml