diff options
| author | Michael Merickel <michael@merickel.org> | 2019-12-24 14:57:50 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2019-12-24 15:12:28 -0600 |
| commit | 1431f7bdfa0b1325cbbb87b6cfaa2c6afc2f2dc0 (patch) | |
| tree | 4ecf9e4e218e21a3fb72f97182db2278f2e7bcac /docs/narr/testing.rst | |
| parent | 323cfbb45e6ee4b7462bbea9dcaa4e8258dd74f6 (diff) | |
| download | pyramid-1431f7bdfa0b1325cbbb87b6cfaa2c6afc2f2dc0.tar.gz pyramid-1431f7bdfa0b1325cbbb87b6cfaa2c6afc2f2dc0.tar.bz2 pyramid-1431f7bdfa0b1325cbbb87b6cfaa2c6afc2f2dc0.zip | |
security policy docs and legacy policy improvements
- Added `set_security_policy`` to more places in the docs.
- Ensure that the authn/authz policies are not used at all if the legacy
policy is not in effect to avoid edge cases where the code would skip
the security policy and use the authn/authz policy on accident.
- Change deprecation warnings in code to reference the docs by name
instead of by URL.
Diffstat (limited to 'docs/narr/testing.rst')
| -rw-r--r-- | docs/narr/testing.rst | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/narr/testing.rst b/docs/narr/testing.rst index 883bb7c7b..2182082a8 100644 --- a/docs/narr/testing.rst +++ b/docs/narr/testing.rst @@ -278,7 +278,7 @@ In the above example, we create a ``MyTest`` test case that inherits from be found when ``pytest`` is run. It has two test methods. The first test method, ``test_view_fn_forbidden`` tests the ``view_fn`` when -the authentication policy forbids the current user the ``edit`` permission. Its +the security policy forbids the current user the ``edit`` permission. Its third line registers a "dummy" "non-permissive" authorization policy using the :meth:`~pyramid.config.Configurator.testing_securitypolicy` method, which is a special helper method for unit testing. @@ -288,13 +288,13 @@ WebOb request object API. A :class:`pyramid.testing.DummyRequest` is a request object that requires less setup than a "real" :app:`Pyramid` request. We call the function being tested with the manufactured request. When the function is called, :meth:`pyramid.request.Request.has_permission` will call the "dummy" -authentication policy we've registered through +security policy we've registered through :meth:`~pyramid.config.Configurator.testing_securitypolicy`, which denies access. We check that the view function raises a :exc:`~pyramid.httpexceptions.HTTPForbidden` error. The second test method, named ``test_view_fn_allowed``, tests the alternate -case, where the authentication policy allows access. Notice that we pass +case, where the security policy allows access. Notice that we pass different values to :meth:`~pyramid.config.Configurator.testing_securitypolicy` to obtain this result. We assert at the end of this that the view function returns a value. |