[drupal-devel] [SimpleTest] preparing to test xxxxx_access hook
Hi, After reading once more time, from Drupal.org site : Deliverables * Build a few tests which exercise Drupal's access control mechanism. In particular, the user_access() function. Assure that the right page is shown when denied access. I was thinking how to test Drupal. I've found two ways: One -> testing user_access function, by starting xxx_access (for ex. story_access) function in Drupal test unit. Second -> testing web response on specific request, in this way, I will have to simulate browser. Yesterday night I focused on story_access function. I write simple test which needs to be improved: function testStoryAccess() { global $user; $tempUser = $user; // store global variable in a templ $op = 'create'; unset($user); // or $user =""; to delete global variable; $user->uid = 2; // $user_id $node->uid = 2; // $node_id $result = story_access($op, $node ); $this->assertTrue($result, 'Bad access hook'); // przywroc usera $user = $tempUser; // restore global variable, } so I can change $user->uid, and $node->uid, and $op (create, edit etc) to test behavior of story_access(), I can also put it in the loop to test all uids existing in our installation. But it isn't necessary, I think. Maybe the solution is to test all uid which belong to different roles. I can obtain from database uid and the roles assigned to them, them check what permission they have ( in the table {permission} ) and finally build right test using assertTrue or assertFalse for example if in the role doesn't exist right perm then will be assertFalse ) Do you think, is it a good idea ? (in shortly) 1. get uid of users with different roles, 2. check perm string for each role. 3. build test ( False or True ) 4. test all cases in the loop Kuba Zygmunt
On Sat, 18 Jun 2005, Kuba Zygmunt wrote:
After reading once more time, from Drupal.org site : Deliverables
* Build a few tests which exercise Drupal's access control mechanism. In particular, the user_access() function. Assure that the right page is shown when denied access.
I was thinking how to test Drupal. I've found two ways: One -> testing user_access function, by starting xxx_access (for ex. story_access) function in Drupal test unit. Second -> testing web response on specific request, in this way, I will have to simulate browser.
Right. I think the way the proposal is worded aims for the first.
Yesterday night I focused on story_access function. I write simple test which needs to be improved: function testStoryAccess() { global $user;
$tempUser = $user; // store global variable in a templ $op = 'create'; unset($user); // or $user =""; to delete global variable; $user->uid = 2; // $user_id $node->uid = 2; // $node_id $result = story_access($op, $node );
You are confusing two functions (which probably should be named differently). 1) user_access('foo') checks for a permission that a user has (or doesn't). 2) <module>_access($op, $node) is an implementation of a hook that allows to check for permissions that relate to specific nodes
$this->assertTrue($result, 'Bad access hook');
// przywroc usera $user = $tempUser; // restore global variable, }
so I can change $user->uid, and $node->uid, and $op (create, edit etc) to test behavior of story_access(), I can also put it in the loop to test all uids existing in our installation. But it isn't necessary, I think.
Depends.
Maybe the solution is to test all uid which belong to different roles.
That would be sufficient for user_access('foo') but not for the access hook as every user can have different access permissions that can be granted through a variety of ways (node provacy by role, taxonomy access, ...). Cheers, Gerhard
participants (2)
-
Gerhard Killesreiter -
Kuba Zygmunt