Roy Mathew wrote:
I find that testing for security is hard, since the default user in the doctests seems to have "unrestricted" access to all methods and attributes. Is there a "unit-test friendly" way of faking a user with a more restricted role, so that I can reproduce security errors in unit tests?
Are you actually talking about functional tests, instead of unit tests? If so, you are probably sending the "mgr:mgrpw" credentials at the begining of the test, you'll need to set up another non-admin user (probably in, or included by, ftesting.zcml or the ZCML you use for your test layer). Once you have that user, you can use those credentials instead.
If you're really talking about unit tests, then "security" doesn't really apply: your domain objects don't generally "know" anything about their security, it's all mediated by Zope.
-- Benji York Senior Software Engineer Zope Corporation _______________________________________________ Zope3-dev mailing list Zope3email@example.com Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com