launchpad-dev team mailing list archive

Thread
Date

Re: Reusable way to test Zope security adapters?

To: Gary Poster <gary.poster@xxxxxxxxxxxxx>
From: Gavin Panella <gavin.panella@xxxxxxxxxxxxx>
Date: Wed, 24 Aug 2011 14:57:57 +0100
Cc: Launchpad Development <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <961D2E41-1B82-4A79-8304-42977D1EC69A@canonical.com>
Sender: gavinpanella@xxxxxxxxx

On 24 August 2011 02:08, Gary Poster <gary.poster@xxxxxxxxxxxxx> wrote:
>
> On Aug 22, 2011, at 6:10 AM, Gavin Panella wrote:
>
>> Is there a reusable way to test security proxies?
>>
>> I've partially done it by hand in some WIP code* but it's the kind of
>> thing for which I suspect someone else has already come up with a
>> better solution.
>>
>> * http://goo.gl/AAmfn, line 532
>
> There are tests for whether the security proxy machinery works.  I
> guess you want to make sure that the proxy that has been registered
> has the values you specify.  The value of this might be an
> interesting philosophical question, given that you are verifying
> configuration, but it is an integration test, perhaps.  I don't know
> of an existing helper for that myself.

ZCML has a special place I feel... it is configuration, but we only
ever change it at the same time as code. There is sufficient
indirection between main program logic and the security machinery that
it's important to verify that things are meshing as expected.

>
> That said, if I wanted to do this myself, I would go for a simpler
> approach that just looked at the checker, and assumed that it used
> the standard implementation that everything else uses.  This is
> simple enough that it does not need a helper, I think.
>
> First, I'd look up the security checker for the instance, using one
> of these two approaches.
>
> 1)
> from zope.security.checker import selectChecker
> checker = selectChecker(job)
>
> 2)
> from zope.security.checker import (
>    getChecker,
>    ProxyFactory,
>    )
> checker = getChecker(ProxyFactory(job)) # More paranoid approach.
>
> Then I would assert that the checker's set_permissions and
> get_permissions attributes are what I expect.  They are mappings of
> name to permission needed.  Therefore, to do what you did, I could
> do this.
>
> expected_get_permissions = set(
>    name for name in IJob
>    if isinstance(IJob[name], Attribute)
>    and not isinstance(IJob[name], Method))
> self.assertEqual(
>    expected_get_permissions,
>    set(checker.get_permissions))
> self.assertEqual(set(), set(checker.set_permissions))
>
> If you wanted to actually look at the exact permissions in that
> dict, you could do that too/instead.

I really like that approach. It would certainly satisfy my
requirements. It doesn't link through to the selection of security
adapter (e.g. that the adapter for IModelInterface is being selected
rather than the one for, say, IHasOwner), but that can be tested in a
separate step (and treated more as an expected policy, which my code
might come in handy for).

>
> That's the color of my bikeshed.  Your bikeshed is pretty too
> though: it would work in the abstract if we had a
> differently-implemented checker.  I don't expect that to happen, but
> I've been wrong before.

Thank you for the thoughtful reply.

Gavin.

References

Reusable way to test Zope security adapters?
From: Gavin Panella, 2011-08-22
Re: Reusable way to test Zope security adapters?
From: Gary Poster, 2011-08-24