On Mon, 2011-04-18 at 17:13 -0700, Roy H. Han wrote: > On Apr 18, 7:48 pm, Wayne Witzel III <[email protected]> wrote: > > On Wednesday, March 16, 2011 8:36:32 PM UTC-4, Shen, Yu-Teh wrote: > > > > > ---------------------------------------------------------------------- > > > Traceback (most recent call last): > > > File "/home/ytshen/proj/tests.py", line 104, in > > > test_upload_forbidden > > > self.assertRaises(Forbidden, upload, context, request) > > > AssertionError: Forbidden not raised > > > > You application is handling the exception before it ever makes its way back > > to the assertion. I check the response for an my unauthorized message to > > ensure that I've been properly denied access. > > Thanks, Wayne. Maybe functional testing is the only way to test ACL > permissions for now.
Execution via the "router" (the WSGI application which represents the Pyramid application) is the easiest way to test ACLs. Testing the way you've been doing it does not invoke any security wrappers (by design). - C -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
