[Product-Developers] Oddities with roles in tests

cewing cewing at u.washington.edu
Tue May 12 23:55:57 UTC 2009

I've been working with a product that adds a new role, called
'NavigationManager' to plone.  The original version of the product added the
role via some python in Extensions/Install.py.  I've been working on
switching over to a GenericSetup profile, and today removed that bit from
Install.py and replaced it with a rolemap.xml GS step.

When I did so, all of a sudden a bunch of workflow tests that used a user
created with the 'NavigationManager' role to do some workflow action started
failing, claiming that no workflow had the transition 'publish' (a user has
to have the new role to perform that transition).

Some initial pdb work showed that my user did not have the
'NavigationManager' role.  More examination showed that
acl_users.portal_role_manager._roles did not show 'NavigationManager' in the
list of roles.

Oddly, though, the test verifying that the role was added continued to pass.

In my afterSetUp method, I'm adding a user with the new role thusly:

self.portal.acl_users._doAddUser('navigationmanager', 'secret', 
                                 ['Member', 'NavigationManager'], [])

It's after doing this that the new user appears with no 'NavigationManager'
role, so I decided to take a look at what roles PAS new about at that point:

(Pdb) pas_roles = self.portal.acl_users.portal_role_manager._roles
(Pdb) for id in pas_roles: print id

Hmmmm, I think to myself.  That's odd.  How is my test for the presence of
the role passing if it isn't listed in PAS?  Let's try something else:

(Pdb) self.portal.validRoles()
('Anonymous', 'Authenticated', 'Contributor', 'Editor', 'Manager', 'Member', 
'NavigationManager', 'Owner', 'Reader', 'Reviewer')

WTF!1!11!!!, I think to myself.  Let's check the portal role manager again:

(Pdb) self.portal.acl_users.portal_role_manager.listRoleIds()

Wait, that NavigationManager role wasn't there just a minute ago.  Scroll
up, notice that I'd looked in a different way last time, try that again:

(Pdb) pas_roles = self.portal.acl_users.portal_role_manager._roles
(Pdb) for id in pas_roles: print id

Okay, that's really weird.  It wasn't there, and now it is.

It appears that calling 'listRoleIds' on the portal role manager somehow
loads the role I've added via GS profile into the _roles property, where it
wasn't there before.  The interesting part about this is that when
_doAddUser tries to grant a role to a new user, it is the _roles property of
the portal role manager that it uses to do so:

(from PluggableAuthServices.plugins.ZODBRoleManager.ZODBRoleManager)

    security.declareProtected( ManageUsers, 'assignRoleToPrincipal' )
    def assignRoleToPrincipal( self, role_id, principal_id, REQUEST=None ):

        """ Assign a role to a principal (user or group).
        o Return a boolean indicating whether a new assignment was created.
        o Raise KeyError if 'role_id' is unknown.
        role_info = self._roles[ role_id ] # raise KeyError if unknown!
        . . .

Because of that way of getting the role info, my new role is not listed, a
KeyError is raised, and PAS swallows the error, giving me a new user without
the exptected role.

The upshot of this is that it appears that I need to call listRoleIds() on
the portal role manager before I attempt to create a new user in a test
using that role (if I've added the role via GenericSetup).  My question is,
is this expected or a bug?  Am I just using the wrong way of setting up a
new user in afterSetUp?  I know about self.setRoles(('Rolename')) in tests,
but I want to create the user in afterSetUp so I don't have to repeatedly
set that role and then remove it in the tests I'm writing.

Any thoughts?  Should I be reporting this as a bug or changing my testing


View this message in context: http://n2.nabble.com/Oddities-with-roles-in-tests-tp2876536p2876536.html
Sent from the Product Developers mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-product-developers/attachments/20090512/4c70da19/attachment.html>

More information about the Product-Developers mailing list