I'm trying to write a patch that adds a permission to access update.php. Several people including myself have tried the patch and all the tests pass locally, but the test bot chokes. I tried simplifying the test to just:

+  /**
+   * Tests access to the update script.
+   */
+  function testUpdateAccess() {
+    // Try accessing update.php without the proper permission.
+    $regular_user = $this->drupalCreateUser();
+    $this->drupalLogin($regular_user);
+    $this->drupalGet('update.php');
+    $this->assertResponse(403);
+
+    // Try accessing update.php as an anonymous user.
+    $this->drupalLogout();
+    $this->drupalGet('update.php');
+    $this->assertResponse(403);
+
+    // Try accessing update.php with the proper permission.
+    $update_user = $this->drupalCreateUser(array('administer site updates', 'access administration pages'));
+    $this->drupalLogin($update_user);
+    $this->drupalGet('update.php');
+    $this->assertResponse(200);
+  }

And the test bot came back with three fails (the three assertResponse tests). Is there a reason that these tests are failing? Is there some special access protection on tests slave's update.php?

Core issue/patch: #67234: Update script access rights
Testbot results: http://testing.drupal.org/pifr/node/1/67234

Comments

boombatower’s picture

boombatower commented
Status: Active » Postponed (maintainer needs more info)

I believe it is a SimpleTest limitation that I have run up against before.

The testing slaves run a checkout of Drupal 7 in a folder called checkout/. My guess is that the $this->drupalGet() doesn't generate the url properly given the sub folder.

There was another issue related to this somewhere....please attempt to run test in a subfolder like that on your local dev environment if you haven't already.

boombatower’s picture

boombatower commented
Status: Postponed (maintainer needs more info) » Closed (works as designed)