Log message for revision 114507:
  Move all tests depending on PythonScripts into its own module
  

Changed:
  U   Zope/trunk/src/Products/Five/browser/tests/pages.txt
  U   Zope/trunk/src/Products/Five/browser/tests/resource.txt
  U   Zope/trunk/src/Products/Five/browser/tests/test_pages.py
  U   Zope/trunk/src/Products/Five/browser/tests/test_resource.py
  A   Zope/trunk/src/Products/Five/browser/tests/test_scriptsecurity.py
  D   Zope/trunk/src/Products/Five/tests/testing/restricted.py

-=-
Modified: Zope/trunk/src/Products/Five/browser/tests/pages.txt
===================================================================
--- Zope/trunk/src/Products/Five/browser/tests/pages.txt        2010-07-10 
13:02:14 UTC (rev 114506)
+++ Zope/trunk/src/Products/Five/browser/tests/pages.txt        2010-07-10 
13:05:35 UTC (rev 114507)
@@ -275,57 +275,7 @@
   >>> aq_parent(aq_inner(context))
   <Folder at /test_folder_1_> 
 
-High-level security
--------------------
 
-  >>> protected_view_names = [
-  ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
-  ...     'condor.html', 'permission_view']
-  >>> 
-  >>> public_view_names = [
-  ...     'public_attribute_page',
-  ...     'public_template_page',
-  ...     'public_template_class_page',
-  ...     'nodoc-method', 'nodoc-function', 'nodoc-object',
-  ...     'dirpage1', 'dirpage2']
-
-  >>> from Products.Five.tests.testing.restricted import checkRestricted
-  >>> from Products.Five.tests.testing.restricted import checkUnauthorized
-
-As long as we're not authenticated, we should get Unauthorized for
-protected views, but we should be able to view the public ones:
-
-  >>> self.logout()
-  >>> for view_name in protected_view_names:
-  ...     checkUnauthorized(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-
-  >>> for view_name in public_view_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-  >>> self.login('manager')
-
-Being logged in as a manager again, we find that the protected pages
-are accessible to us:
-
-  >>> for view_name in protected_view_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-
-  >>> checkRestricted(
-  ...     self.folder,
-  ...     'context.restrictedTraverse("testoid/eagle.method").eagle()')
-
-Even when logged in though the private methods should not be accessible:
-
-  >>> checkUnauthorized( self.folder,
-  ...             'context.restrictedTraverse("testoid/eagle.method").mouse()')
-
-
-
 Other
 -----
 

Modified: Zope/trunk/src/Products/Five/browser/tests/resource.txt
===================================================================
--- Zope/trunk/src/Products/Five/browser/tests/resource.txt     2010-07-10 
13:02:14 UTC (rev 114506)
+++ Zope/trunk/src/Products/Five/browser/tests/resource.txt     2010-07-10 
13:05:35 UTC (rev 114507)
@@ -69,53 +69,6 @@
   ...     if not isinstance(resource, PageTemplateResource):
   ...         self.assertEquals(resource(), base_url % r)
 
-Security
---------
-
-  >>> from Products.Five.tests.testing.restricted import checkRestricted
-  >>> from Products.Five.tests.testing.restricted import checkUnauthorized
-
-  >>> resource_names = ['cockatiel.html', 'style.css', 'pattern.png']
-
-We should get Unauthorized as long as we're unauthenticated:
-
-  >>> for resource in resource_names:
-  ...     checkUnauthorized(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/++resource++%s")()' % 
resource)
-
-  >>> base = 'testoid/++resource++fivetest_resources/%s'
-  >>> for resource in dir_resource_names:
-  ...     path = base % resource
-  ...     checkUnauthorized(self.folder, 'context.restrictedTraverse("%s")' % 
path)
-
-Now let's create a manager user account and log in:
-
-  >>> uf = self.folder.acl_users
-  >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
-  >>> self.login('manager')
-
-We can now view them all:
-
-  >>> for resource in resource_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/++resource++%s")()' % 
resource)
-
-  >>> base = 'testoid/++resource++fivetest_resources/%s'
-  >>> for resource in dir_resource_names:
-  ...     path = base % resource
-  ...     checkRestricted(self.folder, 'context.restrictedTraverse("%s")' % 
path)
-
-Let's make sure restrictedTraverse() works directly, too. It used to get
-tripped up on subdirectories due to missing security declarations.
-
-  >>> 
self.folder.restrictedTraverse('++resource++fivetest_resources/resource.txt') 
is not None
-  True
-  
-  >>> 
self.folder.restrictedTraverse('++resource++fivetest_resources/resource_subdir/resource.txt')
 is not None
-  True
-
 Clean up
 --------
 

Modified: Zope/trunk/src/Products/Five/browser/tests/test_pages.py
===================================================================
--- Zope/trunk/src/Products/Five/browser/tests/test_pages.py    2010-07-10 
13:02:14 UTC (rev 114506)
+++ Zope/trunk/src/Products/Five/browser/tests/test_pages.py    2010-07-10 
13:05:35 UTC (rev 114507)
@@ -12,8 +12,6 @@
 #
 ##############################################################################
 """Test browser pages
-
-$Id$
 """
 import unittest
 
@@ -69,8 +67,6 @@
     from Testing.ZopeTestCase import FunctionalDocFileSuite
     from Testing.ZopeTestCase import ZopeDocFileSuite
     from Testing.ZopeTestCase import ZopeDocTestSuite
-    from Testing.ZopeTestCase import installProduct
-    installProduct('PythonScripts')
     return unittest.TestSuite((
         ZopeDocTestSuite(),
         ZopeDocFileSuite('pages.txt', package='Products.Five.browser.tests'),

Modified: Zope/trunk/src/Products/Five/browser/tests/test_resource.py
===================================================================
--- Zope/trunk/src/Products/Five/browser/tests/test_resource.py 2010-07-10 
13:02:14 UTC (rev 114506)
+++ Zope/trunk/src/Products/Five/browser/tests/test_resource.py 2010-07-10 
13:05:35 UTC (rev 114507)
@@ -12,16 +12,12 @@
 #
 ##############################################################################
 """Test browser resources
-
-$Id$
 """
 import unittest
 
 def test_suite():
     from Testing.ZopeTestCase import FunctionalDocFileSuite
     from Testing.ZopeTestCase import ZopeDocFileSuite
-    from Testing.ZopeTestCase import installProduct
-    installProduct('PythonScripts')
     return unittest.TestSuite((
             ZopeDocFileSuite('resource.txt',
                              package='Products.Five.browser.tests'),

Added: Zope/trunk/src/Products/Five/browser/tests/test_scriptsecurity.py
===================================================================
--- Zope/trunk/src/Products/Five/browser/tests/test_scriptsecurity.py           
                (rev 0)
+++ Zope/trunk/src/Products/Five/browser/tests/test_scriptsecurity.py   
2010-07-10 13:05:35 UTC (rev 114507)
@@ -0,0 +1,187 @@
+import unittest
+
+from AccessControl import Unauthorized
+from Products.PythonScripts.PythonScript import manage_addPythonScript
+
+
+def addPythonScript(folder, id, params='', body=''):
+    """Add a PythonScript to folder."""
+    # clean up any 'ps' that's already here..
+    if id in folder:
+        del folder[id]
+    manage_addPythonScript(folder, id)
+    folder[id].ZPythonScript_edit(params, body)
+
+
+def checkRestricted(folder, psbody):
+    """Perform a check by running restricted Python code."""
+    addPythonScript(folder, 'ps', body=psbody)
+    try:
+        folder.ps()
+    except Unauthorized, e:
+        raise AssertionError(e)
+
+
+def checkUnauthorized(folder, psbody):
+    """Perform a check by running restricted Python code.  Expect to
+    encounter an Unauthorized exception."""
+    addPythonScript(folder, 'ps', body=psbody)
+    try:
+        folder.ps()
+    except Unauthorized:
+        pass
+    else:
+        raise AssertionError("Authorized but shouldn't be")
+
+
+def test_resource_restricted_code():
+    """
+    Set up the test fixtures:
+
+      >>> import Products.Five.browser.tests
+      >>> from Zope2.App import zcml
+      >>> zcml.load_config("configure.zcml", Products.Five)
+      >>> zcml.load_config('resource.zcml', 
package=Products.Five.browser.tests)
+
+      >>> from Products.Five.tests.testing import 
manage_addFiveTraversableFolder
+      >>> manage_addFiveTraversableFolder(self.folder, 'testoid', 'Testoid')
+
+      >>> import os, glob
+      >>> _prefix = os.path.dirname(Products.Five.browser.tests.__file__)
+      >>> dir_resource_names = [os.path.basename(r) for r in (
+      ...     glob.glob('%s/*.png' % _prefix) +
+      ...     glob.glob('%s/*.pt' % _prefix) +
+      ...     glob.glob('%s/[a-z]*.py' % _prefix) +
+      ...     glob.glob('%s/*.css' % _prefix))]
+
+      >>> from Products.Five.browser.tests.test_scriptsecurity import 
checkRestricted
+      >>> from Products.Five.browser.tests.test_scriptsecurity import 
checkUnauthorized
+
+      >>> resource_names = ['cockatiel.html', 'style.css', 'pattern.png']
+
+    We should get Unauthorized as long as we're unauthenticated:
+
+      >>> for resource in resource_names:
+      ...     checkUnauthorized(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/++resource++%s")()' % 
resource)
+
+      >>> base = 'testoid/++resource++fivetest_resources/%s'
+      >>> for resource in dir_resource_names:
+      ...     path = base % resource
+      ...     checkUnauthorized(self.folder, 
'context.restrictedTraverse("%s")' % path)
+
+    Now let's create a manager user account and log in:
+
+      >>> uf = self.folder.acl_users
+      >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
+      >>> self.login('manager')
+
+    We can now view them all:
+
+      >>> for resource in resource_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/++resource++%s")()' % 
resource)
+
+      >>> base = 'testoid/++resource++fivetest_resources/%s'
+      >>> for resource in dir_resource_names:
+      ...     path = base % resource
+      ...     checkRestricted(self.folder, 'context.restrictedTraverse("%s")' 
% path)
+
+    Let's make sure restrictedTraverse() works directly, too. It used to get
+    tripped up on subdirectories due to missing security declarations.
+
+      >>> 
self.folder.restrictedTraverse('++resource++fivetest_resources/resource.txt') 
is not None
+      True
+  
+      >>> 
self.folder.restrictedTraverse('++resource++fivetest_resources/resource_subdir/resource.txt')
 is not None
+      True
+
+    Clean up
+
+      >>> from zope.component.testing import tearDown
+      >>> tearDown()
+    """
+
+def test_view_restricted_code():
+    """
+    Let's register a quite large amount of test pages:
+
+      >>> import Products.Five.browser.tests
+      >>> from Zope2.App import zcml
+      >>> zcml.load_config("configure.zcml", Products.Five)
+      >>> zcml.load_config('pages.zcml', package=Products.Five.browser.tests)
+
+    Let's add a test object that we view most of the pages off of:
+
+      >>> from Products.Five.tests.testing.simplecontent import 
manage_addSimpleContent
+      >>> manage_addSimpleContent(self.folder, 'testoid', 'Testoid')
+
+    We also need to create a stub user account and login; otherwise we
+    wouldn't have all the rights to do traversal etc.:
+
+      >>> uf = self.folder.acl_users
+      >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
+      >>> self.login('manager')
+
+      >>> protected_view_names = [
+      ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
+      ...     'condor.html', 'permission_view']
+      >>> 
+      >>> public_view_names = [
+      ...     'public_attribute_page',
+      ...     'public_template_page',
+      ...     'public_template_class_page',
+      ...     'nodoc-method', 'nodoc-function', 'nodoc-object',
+      ...     'dirpage1', 'dirpage2']
+
+      >>> from Products.Five.browser.tests.test_scriptsecurity import 
checkRestricted
+      >>> from Products.Five.browser.tests.test_scriptsecurity import 
checkUnauthorized
+
+    As long as we're not authenticated, we should get Unauthorized for
+    protected views, but we should be able to view the public ones:
+
+      >>> self.logout()
+      >>> for view_name in protected_view_names:
+      ...     checkUnauthorized(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+      >>> for view_name in public_view_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+      >>> self.login('manager')
+
+    Being logged in as a manager again, we find that the protected pages
+    are accessible to us:
+
+      >>> for view_name in protected_view_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+      >>> checkRestricted(
+      ...     self.folder,
+      ...     'context.restrictedTraverse("testoid/eagle.method").eagle()')
+
+    Even when logged in though the private methods should not be accessible:
+
+      >>> checkUnauthorized( self.folder,
+      ...             
'context.restrictedTraverse("testoid/eagle.method").mouse()')
+
+    Cleanup:
+
+      >>> from zope.component.testing import tearDown
+      >>> tearDown()
+    """
+
+
+def test_suite():
+    from Testing.ZopeTestCase import ZopeDocTestSuite
+    from Testing.ZopeTestCase import installProduct
+    installProduct('PythonScripts')
+    return unittest.TestSuite((
+        ZopeDocTestSuite(),
+        ))


Property changes on: 
Zope/trunk/src/Products/Five/browser/tests/test_scriptsecurity.py
___________________________________________________________________
Added: svn:eol-style
   + native

Deleted: Zope/trunk/src/Products/Five/tests/testing/restricted.py
===================================================================
--- Zope/trunk/src/Products/Five/tests/testing/restricted.py    2010-07-10 
13:02:14 UTC (rev 114506)
+++ Zope/trunk/src/Products/Five/tests/testing/restricted.py    2010-07-10 
13:05:35 UTC (rev 114507)
@@ -1,51 +0,0 @@
-##############################################################################
-#
-# Copyright (c) 2004, 2005 Zope Foundation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Restricted python test helpers
-
-Based on Plone's RestrictedPythonTestCase, with kind permission by the
-Plone developers.
-"""
-
-from AccessControl import Unauthorized
-from Products.PythonScripts.PythonScript import manage_addPythonScript
-
-
-def addPythonScript(folder, id, params='', body=''):
-    """Add a PythonScript to folder."""
-    # clean up any 'ps' that's already here..
-    if id in folder:
-        del folder[id]
-    manage_addPythonScript(folder, id)
-    folder[id].ZPythonScript_edit(params, body)
-
-
-def checkRestricted(folder, psbody):
-    """Perform a check by running restricted Python code."""
-    addPythonScript(folder, 'ps', body=psbody)
-    try:
-        folder.ps()
-    except Unauthorized, e:
-        raise AssertionError(e)
-
-
-def checkUnauthorized(folder, psbody):
-    """Perform a check by running restricted Python code.  Expect to
-    encounter an Unauthorized exception."""
-    addPythonScript(folder, 'ps', body=psbody)
-    try:
-        folder.ps()
-    except Unauthorized:
-        pass
-    else:
-        raise AssertionError("Authorized but shouldn't be")

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to