Move all tests depending on PythonScripts into its own module

7b17b903 · Hanno Schlichting · f12f5b49 · 7b17b903 · 7b17b903 · 7b17b903
Commit 7b17b903 authored Jul 10, 2010 by Hanno Schlichting
6 changed files
--- a/src/Products/Five/browser/tests/pages.txt
+++ b/src/Products/Five/browser/tests/pages.txt
@@ -275,56 +275,6 @@ The same applies to a view registered with <browser:view /> instead of
  >>> aq_parent(aq_inner(context))
  <Folder at /test_folder_1_> 

-High-level security
-------------------
-
-  >>> protected_view_names = [
-  ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
-  ...     'condor.html', 'permission_view']
-  >>> 
-  >>> public_view_names = [
-  ...     'public_attribute_page',
-  ...     'public_template_page',
-  ...     'public_template_class_page',
-  ...     'nodoc-method', 'nodoc-function', 'nodoc-object',
-  ...     'dirpage1', 'dirpage2']
-
-  >>> from Products.Five.tests.testing.restricted import checkRestricted
-  >>> from Products.Five.tests.testing.restricted import checkUnauthorized
-
-As long as we're not authenticated, we should get Unauthorized for
-protected views, but we should be able to view the public ones:
-
-  >>> self.logout()
-  >>> for view_name in protected_view_names:
-  ...     checkUnauthorized(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-
-  >>> for view_name in public_view_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-  >>> self.login('manager')
-
-Being logged in as a manager again, we find that the protected pages
-are accessible to us:
-
-  >>> for view_name in protected_view_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
-
-  >>> checkRestricted(
-  ...     self.folder,
-  ...     'context.restrictedTraverse("testoid/eagle.method").eagle()')
-
-Even when logged in though the private methods should not be accessible:
-
-  >>> checkUnauthorized( self.folder,
-  ...             'context.restrictedTraverse("testoid/eagle.method").mouse()')
-
-

 Other
 -----

--- a/src/Products/Five/browser/tests/resource.txt
+++ b/src/Products/Five/browser/tests/resource.txt
@@ -69,53 +69,6 @@ PageTemplateResource's __call__ renders the template
  ...     if not isinstance(resource, PageTemplateResource):
  ...         self.assertEquals(resource(), base_url % r)

-Security
--------
-
-  >>> from Products.Five.tests.testing.restricted import checkRestricted
-  >>> from Products.Five.tests.testing.restricted import checkUnauthorized
-
-  >>> resource_names = ['cockatiel.html', 'style.css', 'pattern.png']
-
-We should get Unauthorized as long as we're unauthenticated:
-
-  >>> for resource in resource_names:
-  ...     checkUnauthorized(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/++resource++%s")()' % resource)
-
-  >>> base = 'testoid/++resource++fivetest_resources/%s'
-  >>> for resource in dir_resource_names:
-  ...     path = base % resource
-  ...     checkUnauthorized(self.folder, 'context.restrictedTraverse("%s")' % path)
-
-Now let's create a manager user account and log in:
-
-  >>> uf = self.folder.acl_users
-  >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
-  >>> self.login('manager')
-
-We can now view them all:
-
-  >>> for resource in resource_names:
-  ...     checkRestricted(
-  ...         self.folder,
-  ...         'context.restrictedTraverse("testoid/++resource++%s")()' % resource)
-
-  >>> base = 'testoid/++resource++fivetest_resources/%s'
-  >>> for resource in dir_resource_names:
-  ...     path = base % resource
-  ...     checkRestricted(self.folder, 'context.restrictedTraverse("%s")' % path)
-
-Let's make sure restrictedTraverse() works directly, too. It used to get
-tripped up on subdirectories due to missing security declarations.
-
-  >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource.txt') is not None
-  True
-  
-  >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource_subdir/resource.txt') is not None
-  True
-
 Clean up
 --------


--- a/src/Products/Five/browser/tests/test_pages.py
+++ b/src/Products/Five/browser/tests/test_pages.py
@@ -12,8 +12,6 @@
 #
 ##############################################################################
 """Test browser pages
-
-$Id$
 """
 import unittest

@@ -69,8 +67,6 @@ def test_suite():
    from Testing.ZopeTestCase import FunctionalDocFileSuite
    from Testing.ZopeTestCase import ZopeDocFileSuite
    from Testing.ZopeTestCase import ZopeDocTestSuite
-    from Testing.ZopeTestCase import installProduct
-    installProduct('PythonScripts')
    return unittest.TestSuite((
        ZopeDocTestSuite(),
        ZopeDocFileSuite('pages.txt', package='Products.Five.browser.tests'),

--- a/src/Products/Five/browser/tests/test_resource.py
+++ b/src/Products/Five/browser/tests/test_resource.py
@@ -12,16 +12,12 @@
 #
 ##############################################################################
 """Test browser resources
-
-$Id$
 """
 import unittest

 def test_suite():
    from Testing.ZopeTestCase import FunctionalDocFileSuite
    from Testing.ZopeTestCase import ZopeDocFileSuite
-    from Testing.ZopeTestCase import installProduct
-    installProduct('PythonScripts')
    return unittest.TestSuite((
            ZopeDocFileSuite('resource.txt',
                             package='Products.Five.browser.tests'),

--- a/src/Products/Five/browser/tests/test_scriptsecurity.py
+++ b/src/Products/Five/browser/tests/test_scriptsecurity.py
+import unittest
+
+from AccessControl import Unauthorized
+from Products.PythonScripts.PythonScript import manage_addPythonScript
+
+
+def addPythonScript(folder, id, params='', body=''):
+    """Add a PythonScript to folder."""
+    # clean up any 'ps' that's already here..
+    if id in folder:
+        del folder[id]
+    manage_addPythonScript(folder, id)
+    folder[id].ZPythonScript_edit(params, body)
+
+
+def checkRestricted(folder, psbody):
+    """Perform a check by running restricted Python code."""
+    addPythonScript(folder, 'ps', body=psbody)
+    try:
+        folder.ps()
+    except Unauthorized, e:
+        raise AssertionError(e)
+
+
+def checkUnauthorized(folder, psbody):
+    """Perform a check by running restricted Python code.  Expect to
+    encounter an Unauthorized exception."""
+    addPythonScript(folder, 'ps', body=psbody)
+    try:
+        folder.ps()
+    except Unauthorized:
+        pass
+    else:
+        raise AssertionError("Authorized but shouldn't be")
+
+
+def test_resource_restricted_code():
+    """
+    Set up the test fixtures:
+
+      >>> import Products.Five.browser.tests
+      >>> from Zope2.App import zcml
+      >>> zcml.load_config("configure.zcml", Products.Five)
+      >>> zcml.load_config('resource.zcml', package=Products.Five.browser.tests)
+
+      >>> from Products.Five.tests.testing import manage_addFiveTraversableFolder
+      >>> manage_addFiveTraversableFolder(self.folder, 'testoid', 'Testoid')
+
+      >>> import os, glob
+      >>> _prefix = os.path.dirname(Products.Five.browser.tests.__file__)
+      >>> dir_resource_names = [os.path.basename(r) for r in (
+      ...     glob.glob('%s/*.png' % _prefix) +
+      ...     glob.glob('%s/*.pt' % _prefix) +
+      ...     glob.glob('%s/[a-z]*.py' % _prefix) +
+      ...     glob.glob('%s/*.css' % _prefix))]
+
+      >>> from Products.Five.browser.tests.test_scriptsecurity import checkRestricted
+      >>> from Products.Five.browser.tests.test_scriptsecurity import checkUnauthorized
+
+      >>> resource_names = ['cockatiel.html', 'style.css', 'pattern.png']
+
+    We should get Unauthorized as long as we're unauthenticated:
+
+      >>> for resource in resource_names:
+      ...     checkUnauthorized(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/++resource++%s")()' % resource)
+
+      >>> base = 'testoid/++resource++fivetest_resources/%s'
+      >>> for resource in dir_resource_names:
+      ...     path = base % resource
+      ...     checkUnauthorized(self.folder, 'context.restrictedTraverse("%s")' % path)
+
+    Now let's create a manager user account and log in:
+
+      >>> uf = self.folder.acl_users
+      >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
+      >>> self.login('manager')
+
+    We can now view them all:
+
+      >>> for resource in resource_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/++resource++%s")()' % resource)
+
+      >>> base = 'testoid/++resource++fivetest_resources/%s'
+      >>> for resource in dir_resource_names:
+      ...     path = base % resource
+      ...     checkRestricted(self.folder, 'context.restrictedTraverse("%s")' % path)
+
+    Let's make sure restrictedTraverse() works directly, too. It used to get
+    tripped up on subdirectories due to missing security declarations.
+
+      >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource.txt') is not None
+      True
+  
+      >>> self.folder.restrictedTraverse('++resource++fivetest_resources/resource_subdir/resource.txt') is not None
+      True
+
+    Clean up
+
+      >>> from zope.component.testing import tearDown
+      >>> tearDown()
+    """
+
+def test_view_restricted_code():
+    """
+    Let's register a quite large amount of test pages:
+
+      >>> import Products.Five.browser.tests
+      >>> from Zope2.App import zcml
+      >>> zcml.load_config("configure.zcml", Products.Five)
+      >>> zcml.load_config('pages.zcml', package=Products.Five.browser.tests)
+
+    Let's add a test object that we view most of the pages off of:
+
+      >>> from Products.Five.tests.testing.simplecontent import manage_addSimpleContent
+      >>> manage_addSimpleContent(self.folder, 'testoid', 'Testoid')
+
+    We also need to create a stub user account and login; otherwise we
+    wouldn't have all the rights to do traversal etc.:
+
+      >>> uf = self.folder.acl_users
+      >>> uf._doAddUser('manager', 'r00t', ['Manager'], [])
+      >>> self.login('manager')
+
+      >>> protected_view_names = [
+      ...     'eagle.txt', 'falcon.html', 'owl.html', 'flamingo.html',
+      ...     'condor.html', 'permission_view']
+      >>> 
+      >>> public_view_names = [
+      ...     'public_attribute_page',
+      ...     'public_template_page',
+      ...     'public_template_class_page',
+      ...     'nodoc-method', 'nodoc-function', 'nodoc-object',
+      ...     'dirpage1', 'dirpage2']
+
+      >>> from Products.Five.browser.tests.test_scriptsecurity import checkRestricted
+      >>> from Products.Five.browser.tests.test_scriptsecurity import checkUnauthorized
+
+    As long as we're not authenticated, we should get Unauthorized for
+    protected views, but we should be able to view the public ones:
+
+      >>> self.logout()
+      >>> for view_name in protected_view_names:
+      ...     checkUnauthorized(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+      >>> for view_name in public_view_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+      >>> self.login('manager')
+
+    Being logged in as a manager again, we find that the protected pages
+    are accessible to us:
+
+      >>> for view_name in protected_view_names:
+      ...     checkRestricted(
+      ...         self.folder,
+      ...         'context.restrictedTraverse("testoid/%s")()' % view_name)
+
+      >>> checkRestricted(
+      ...     self.folder,
+      ...     'context.restrictedTraverse("testoid/eagle.method").eagle()')
+
+    Even when logged in though the private methods should not be accessible:
+
+      >>> checkUnauthorized( self.folder,
+      ...             'context.restrictedTraverse("testoid/eagle.method").mouse()')
+
+    Cleanup:
+
+      >>> from zope.component.testing import tearDown
+      >>> tearDown()
+    """
+
+
+def test_suite():
+    from Testing.ZopeTestCase import ZopeDocTestSuite
+    from Testing.ZopeTestCase import installProduct
+    installProduct('PythonScripts')
+    return unittest.TestSuite((
+        ZopeDocTestSuite(),
+        ))
--- a/src/Products/Five/tests/testing/restricted.py
+++ b/src/Products/Five/tests/testing/restricted.py
-##############################################################################
-#
-# Copyright (c) 2004, 2005 Zope Foundation and Contributors.
-# All Rights Reserved.
-#
-# This software is subject to the provisions of the Zope Public License,
-# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
-# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
-# FOR A PARTICULAR PURPOSE.
-#
-##############################################################################
-"""Restricted python test helpers
-
-Based on Plone's RestrictedPythonTestCase, with kind permission by the
-Plone developers.
-"""
-
-from AccessControl import Unauthorized
-from Products.PythonScripts.PythonScript import manage_addPythonScript
-
-
-def addPythonScript(folder, id, params='', body=''):
-    """Add a PythonScript to folder."""
-    # clean up any 'ps' that's already here..
-    if id in folder:
-        del folder[id]
-    manage_addPythonScript(folder, id)
-    folder[id].ZPythonScript_edit(params, body)
-
-
-def checkRestricted(folder, psbody):
-    """Perform a check by running restricted Python code."""
-    addPythonScript(folder, 'ps', body=psbody)
-    try:
-        folder.ps()
-    except Unauthorized, e:
-        raise AssertionError(e)
-
-
-def checkUnauthorized(folder, psbody):
-    """Perform a check by running restricted Python code.  Expect to
-    encounter an Unauthorized exception."""
-    addPythonScript(folder, 'ps', body=psbody)
-    try:
-        folder.ps()
-    except Unauthorized:
-        pass
-    else:
-        raise AssertionError("Authorized but shouldn't be")