launchpad-dev team mailing list archive

Thread
Date

Re: Reusable way to test Zope security adapters?

To: Gavin Panella <gavin.panella@xxxxxxxxxxxxx>
From: Gary Poster <gary.poster@xxxxxxxxxxxxx>
Date: Tue, 23 Aug 2011 21:08:29 -0400
Cc: Launchpad Development <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CALL7chmLFP9qO84qJL8bwpw62YGY4m-X-Jqm-XHL8xkXTEcE8A@mail.gmail.com>

On Aug 22, 2011, at 6:10 AM, Gavin Panella wrote:

> Is there a reusable way to test security proxies?
> 
> I've partially done it by hand in some WIP code* but it's the kind of
> thing for which I suspect someone else has already come up with a
> better solution.
> 
> * http://goo.gl/AAmfn, line 532

There are tests for whether the security proxy machinery works.  I guess you want to make sure that the proxy that has been registered has the values you specify.  The value of this might be an interesting philosophical question, given that you are verifying configuration, but it is an integration test, perhaps.  I don't know of an existing helper for that myself.

That said, if I wanted to do this myself, I would go for a simpler approach that just looked at the checker, and assumed that it used the standard implementation that everything else uses.  This is simple enough that it does not need a helper, I think.

First, I'd look up the security checker for the instance, using one of these two approaches.

1)
from zope.security.checker import selectChecker
checker = selectChecker(job)

2)
from zope.security.checker import (
    getChecker,
    ProxyFactory,
    )
checker = getChecker(ProxyFactory(job)) # More paranoid approach.

Then I would assert that the checker's set_permissions and get_permissions attributes are what I expect.  They are mappings of name to permission needed.  Therefore, to do what you did, I could do this.

expected_get_permissions = set(
    name for name in IJob
    if isinstance(IJob[name], Attribute)
    and not isinstance(IJob[name], Method))
self.assertEqual(
    expected_get_permissions,
    set(checker.get_permissions))
self.assertEqual(set(), set(checker.set_permissions))

If you wanted to actually look at the exact permissions in that dict, you could do that too/instead.

That's the color of my bikeshed.  Your bikeshed is pretty too though: it would work in the abstract if we had a differently-implemented checker.  I don't expect that to happen, but I've been wrong before.

Gary

Follow ups

Re: Reusable way to test Zope security adapters?
From: Gavin Panella, 2011-08-24

References

Reusable way to test Zope security adapters?
From: Gavin Panella, 2011-08-22