Features

- The ``BFG_DEBUG_AUTHORIZATION`` envvar and the ``debug_authorization`` config file value now only imply debugging of view-invoked security checks. Previously, information was printed for every call to ``has_permission`` as well, which made output confusing. To debug ``has_permission`` checks and other manual permission checks, use the debugger and print statements in your own code. - Authorization debugging info is now only present in the HTTP response body oif ``debug_authorization`` is true. - The format of authorization debug messages was improved. - A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric ``debug_notfound`` config file value was added. When either is true, and a NotFound response is returned by the BFG router (because a view could not be found), debugging information is printed to stderr. When this value is set true, the body of HTTPNotFound responses will also contain the same debugging information. - ``Allowed`` and ``Denied`` responses from the security machinery are now specialized into two types: ACL types, and non-ACL types. The ACL-related responses are instances of ``repoze.bfg.security.ACLAllowed`` and ``repoze.bfg.security.ACLDenied``. The non-ACL-related responses are ``repoze.bfg.security.Allowed`` and ``repoze.bfg.security.Denied``. The allowed-type responses continue to evaluate equal to things that themselves evaluate equal to the ``True`` boolean, while the denied-type responses continue to evaluate equal to things that themselves evaluate equal to the ``False`` boolean. The only difference between the two types is the information attached to them for debugging purposes. - Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all`` config file value. When either is true, all other debug-related flags are set true unconditionally (e.g. ``debug_notfound`` and ``debug_authorization``). Documentation - Added info about debug flag changes. - Added a section to the security chapter named "Debugging Imperative Authorization Failures" (for e.g. ``has_permssion``).
author: Chris McDonough <chrism@agendaless.com> 2008-11-02 17:27:33 +0000
committer: Chris McDonough <chrism@agendaless.com> 2008-11-02 17:27:33 +0000
commit: 17ce5747ea36df10ec78e0af7140b55f691f5016 (patch)
tree: 10c3a5ca6b460c59ecd72d29a4e2db587ce550e8 /repoze/bfg/tests/test_view.py
parent: 2fc5d11826931435cfb42e2f334391c783f31f1d (diff)
download: pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.tar.gz
pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.tar.bz2
pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.zip
1 files changed, 64 insertions, 0 deletions
diff --git a/repoze/bfg/tests/test_view.py b/repoze/bfg/tests/test_view.py
index 3636692a8..46687e904 100644
--- a/repoze/bfg/tests/test_view.py
+++ b/repoze/bfg/tests/test_view.py
@@ -372,9 +372,73 @@ class TestIsResponse(unittest.TestCase):
         f = self._getFUT()
         self.assertEqual(f(response), False)
 
+class TestViewExecutionPermitted(unittest.TestCase, PlacelessSetup):
+    def setUp(self):
+        PlacelessSetup.setUp(self)
+
+    def tearDown(self):
+        PlacelessSetup.tearDown(self)
+
+    def _callFUT(self, *arg, **kw):
+        from repoze.bfg.view import view_execution_permitted
+        return view_execution_permitted(*arg, **kw)
+
+    def _registerSecurityPolicy(self, secpol):
+        import zope.component
+        gsm = zope.component.getGlobalSiteManager()
+        from repoze.bfg.interfaces import ISecurityPolicy
+        gsm.registerUtility(secpol, ISecurityPolicy)
+
+    def _registerPermission(self, permission, name, *for_):
+        import zope.component
+        gsm = zope.component.getGlobalSiteManager()
+        from repoze.bfg.interfaces import IViewPermission
+        gsm.registerAdapter(permission, for_, IViewPermission, name)
+
+    def test_no_secpol(self):
+        context = DummyContext()
+        request = DummyRequest()
+        result = self._callFUT(context, request, '')
+        msg = result.msg
+        self.failUnless("Allowed: view name '' in context" in msg)
+        self.failUnless('(no security policy in use)' in msg)
+        self.assertEqual(result, True)
+
+    def test_secpol_no_permission(self):
+        secpol = DummySecurityPolicy()
+        self._registerSecurityPolicy(secpol)
+        context = DummyContext()
+        request = DummyRequest()
+        result = self._callFUT(context, request, '')
+        msg = result.msg
+        self.failUnless("Allowed: view name '' in context" in msg)
+        self.failUnless("(no permission registered for name '')" in msg)
+        self.assertEqual(result, True)
+
+    def test_secpol_and_permission(self):
+        from zope.interface import Interface
+        from zope.interface import directlyProvides
+        from repoze.bfg.interfaces import IRequest
+        class IContext(Interface):
+            pass
+        context = DummyContext()
+        directlyProvides(context, IContext)
+        permissionfactory = make_permission_factory(True)
+        self._registerPermission(permissionfactory, '', IContext,
+                                 IRequest)
+        secpol = DummySecurityPolicy()
+        self._registerSecurityPolicy(secpol)
+        request = DummyRequest()
+        directlyProvides(request, IRequest)
+        result = self._callFUT(context, request, '')
+        self.failUnless(result is True)
+
 class DummyContext:
     pass
 
+class DummyRequest:
+    pass
+
 def make_view(response):
     def view(context, request):
         return response
author	Chris McDonough <chrism@agendaless.com>	2008-11-02 17:27:33 +0000
committer	Chris McDonough <chrism@agendaless.com>	2008-11-02 17:27:33 +0000
commit	17ce5747ea36df10ec78e0af7140b55f691f5016 (patch)
tree	10c3a5ca6b460c59ecd72d29a4e2db587ce550e8 /repoze/bfg/tests/test_view.py
parent	2fc5d11826931435cfb42e2f334391c783f31f1d (diff)
download	pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.tar.gz pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.tar.bz2 pyramid-17ce5747ea36df10ec78e0af7140b55f691f5016.zip