Roy Mathew wrote:
I find that testing for security is hard, since the default user in
the doctests seems to have "unrestricted" access to all methods and
attributes. Is there a "unit-test friendly" way of faking a user
with a more restricted role, so that I can reproduce security errors
in unit tests?
Are you actually talking about functional tests, instead of unit tests?
If so, you are probably sending the "mgr:mgrpw" credentials at the
begining of the test, you'll need to set up another non-admin user
(probably in, or included by, ftesting.zcml or the ZCML you use for your
test layer). Once you have that user, you can use those credentials
If you're really talking about unit tests, then "security" doesn't
really apply: your domain objects don't generally "know" anything about
their security, it's all mediated by Zope.
Senior Software Engineer
Zope3-dev mailing list