If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org
to view this page for some minimal testing.
for docu changes for 1.2 and 2.0.
Item5764: Unit tests for access rights needed to ensure stable performance in future
With reference to Item5118
it is obvious that the current set of unit tests related to access control and user mapping is not adequate.
Several severe bugs do not cause failures in the tests and while I tried to fix the code I found huge bugs in my own code that still did not make any unit tests fail.
So some work is required.
I would love to spend a significant time on it but I need a little kick start help
Please refer to Item5118
From this bug item 5118 I wrote
I also looked at making a unit test case but I still cannot grasp the framework. To build unit tests you need to know ALL the internals of both the unit test frame work and the TWiki code. You need to be able to create topics, populate them, create users etc etc using function calls. It is a lot more complicated.
If someone can write just ONE unit test that setup
* A group
* A user who is registered
* A user who is authenticated but not registered.
* AllowLoginname? = 1
* A topic with ALLOWTOPICREAD
where one can vary who is in the group, who you are, and change the to list of names of the ALLOWTOPICREAD, then I could multiply this case with the different combinations afterwards. I simply do not understand how to do that. It takes too much knowledge about parts of the twiki code I never studied.
If this is not enough info just ask questions or catch me on IRC. I may just need one flexible new unit test - probably similar to the ones in
and I should be able to then setup a table of combinations and implement them as unit tests.
This is not a release blocker for 4.2.1 which is why I put 5118 in Waiting for Release and opened this new report.
- 10 Jul 2008
I checked over and extended http://twiki.org/cgi-bin/view/Codev/TestCasesTutorial
, but I just don't know what else I can add.
is about as simple as it can be, yet still test the access controls. That would be the logical place to add checking for login name access control.
- 11 Jul 2008