> Traceback (most recent call last): > File "/home/ytshen/proj/tests.py", line 104, in > test_upload_forbidden > self.assertRaises(Forbidden, upload, context, request) > AssertionError: Forbidden not raised
My understanding of what is going on is that pyramid.config.testing_securitypolicy() was only meant to test authorization code that is explicitly INSIDE your view where you raise pyramid.exceptions.Forbidden YOURSELF after calling methods like - pyramid.security.has_permission() - pyramid.security.authenticated_userid() - pyramid.security.effective_principals() - pyramid.security.principals_allowed_by_permission() Looking at the source code for pyramid.config.testing_securitypolicy(), it registers a dummy policy called pyramid.testing.DummySecurityPolicy that simulates responses to the above pyramid.security methods, which means that your ACL-based permission framework will be ignored because it is not using pyramid.authorization.ACLAuthorizationPolicy. My guess is that you have to somehow initialize your self.config to use pyramid.authorization.ACLAuthorizationPolicy. However, I am still trying to figure out how to make this work. RHH -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
