Roy Mathew wrote:
I find that testing for security is hard, since the default user in
the doctests seems to have "unrestricted" access to all methods and
attributes. Is there a "unit-test friendly" way of faking a user
with a more restricted role, so that I can reproduce security errors
in unit tests?

Are you actually talking about functional tests, instead of unit tests? If so, you are probably sending the "mgr:mgrpw" credentials at the begining of the test, you'll need to set up another non-admin user (probably in, or included by, ftesting.zcml or the ZCML you use for your test layer). Once you have that user, you can use those credentials instead.

If you're really talking about unit tests, then "security" doesn't really apply: your domain objects don't generally "know" anything about their security, it's all mediated by Zope.
Benji York
Senior Software Engineer
Zope Corporation
Zope3-dev mailing list

Reply via email to