Item7824: Unit tests: StoreTests.pm dies with AccessControlException

Recently, running the test suite fails in StoreTests.pm:
AccessControlException: Access to CHANGE TestStoreWeb.WebPreferences for BaseUserMapping_666 is denied. access not allowed on topic

Apart from stopping the test suite at this point, this leaves the TestStoreWeb alive. This web is not reaped when unit tests are invoked with -clean.

The problem arises when in the unit tests a web is created with _default as its template web (and might affect other unit tests as well). Here's why:

  • Unless otherwise specified, unit tests run under the default user.
  • In several tests in StoreTests.pm, TWiki::Store::createWeb is called without providing an $opts parameter. This should be just just fine.
  • In TWiki::Store::createWeb, $opts->{EXCLUDETOPIC} and $opts->{EXCLUDETOPIC} are evaluated. This initializes $opts as a reference to an empty hash (Perl's infamous "autovivification").
  • Later on, there's a if ($opts) branch which is always executed since due to the autovivification $opts will always evaluate to a true value
    • In that branch, WebPreferences is about to be written, which is not allowed for the default user due to access control in _default.WebPreferences

The autovivification is an unintentional consequence of the implementation of TWiki:Codev/CreateWebExcludeTopic. Perhaps running unit tests as default user is somewhat strange if webs are to be created, nevertheless I suggest to fix TWiki/Store.pm: Since Rev. 30354, the test if ($opts) is always true which is a flaw. Replacing it with if (scalar keys %$opts) establishes the correct semantics of "run the branch if there are keys in =%$opts=".

-- TWiki:Main/HaraldJoerg - 2017-10-14

Summary Unit tests: StoreTests.pm dies with AccessControlException
ReportedBy TWiki:Main.HaraldJoerg

SVN Range TWiki-6.0.2-trunk, Thu, 17 Aug 2017, build 30353 - ...
AppliesTo Engine

Priority Low
CurrentState Waiting for Release
WaitingFor TWiki:Main.HaraldJoerg
Checkins TWikirev:30396 TWikirev:30397
TargetRelease minor

Topic revision: r3 - 2017-10-15 - HaraldJoerg
