Ticket #1330 (closed enhancement: invalid)

Opened 3 years ago

Last modified 2 years ago

Deprecate / Remove test_authz.py

Reported by: rgrp Owned by:
Priority: awaiting triage Milestone: ckan-backlog
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description

test_authz.py appears to test in great detail some very specific additional authz (related to total site lock-down it seems -- introduced I think for hri project).

I think there are simpler ways to get total site lockdown (use external auth!) and this test is slow and delicate (e.g. depends on specific words in templates). Suggest removing. If we don't remove we should at least refactor tests for access to certain pages to use a proper method of testing (e.g. agreed html comments in each page) rather than being depending on the presence of absence of specific wording.

Change History

comment:1 Changed 2 years ago by dread

  • Status changed from new to closed
  • Resolution set to invalid

This is simply incorrect. test_authz.py (I assume you mean the one in ckan/tests/functional?) tests that authz works all across the Web UI and API in enough detail.

The 'total site lockdown' test - perhaps you mean the TestLockedDownViaRoles? class which makes up a small part of test_authz? It was a test added due to an untested use case implemented in IATI, DataGM etc. These are currently active so still need testing.

Regarding refactoring the tests to be "proper" then please open a new ticket, providing references to why it is not "proper" to test by searching for text in a web response.

Note: See TracTickets for help on using tickets.