Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
changeset 5557 1a534c596bff
parent 5556 9ab2b4c74baf
child 5890 141b935a38fc
equal deleted inserted replaced
5556:9ab2b4c74baf 5557:1a534c596bff 
   190         # to actually get Unauthorized exception, try to insert a relation were we can read both entities
 
   190         # to actually get Unauthorized exception, try to insert a relation were we can read both entities
 
   191         rset = cu.execute('Personne P')
 
   191         rset = cu.execute('Personne P')
 
   192         self.assertEquals(len(rset), 1)
 
   192         self.assertEquals(len(rset), 1)
 
   193         ent = rset.get_entity(0, 0)
 
   193         ent = rset.get_entity(0, 0)
 
   194         session.set_pool() # necessary
 
   194         session.set_pool() # necessary
 
   195         self.assertRaises(Unauthorized,
 
   195         self.assertRaises(Unauthorized, ent.cw_check_perm, 'update')
 
   196                           ent.e_schema.check_perm, session, 'update', eid=ent.eid)
 
       
   197         self.assertRaises(Unauthorized,
 
   196         self.assertRaises(Unauthorized,
 
   198                           cu.execute, "SET P travaille S WHERE P is Personne, S is Societe")
 
   197                           cu.execute, "SET P travaille S WHERE P is Personne, S is Societe")
 
   199         # test nothing has actually been inserted:
 
   198         # test nothing has actually been inserted:
 
   200         self.assertEquals(cu.execute('Any P,S WHERE P travaille S,P is Personne, S is Societe').rowcount, 0)
 
   199         self.assertEquals(cu.execute('Any P,S WHERE P travaille S,P is Personne, S is Societe').rowcount, 0)
 
   201         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   200         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   559         self.commit()
 
   558         self.commit()
 
   560         # can change tr info comment
 
   559         # can change tr info comment
 
   561         self.execute('SET TI comment %(c)s WHERE TI wf_info_for X, X ref "ARCT01"',
 
   560         self.execute('SET TI comment %(c)s WHERE TI wf_info_for X, X ref "ARCT01"',
 
   562                      {'c': u'bouh!'})
 
   561                      {'c': u'bouh!'})
 
   563         self.commit()
 
   562         self.commit()
 
   564         aff.clear_related_cache('wf_info_for', 'object')
 
   563         aff.cw_clear_relation_cache('wf_info_for', 'object')
 
   565         trinfo = iworkflowable.latest_trinfo()
 
   564         trinfo = iworkflowable.latest_trinfo()
 
   566         self.assertEquals(trinfo.comment, 'bouh!')
 
   565         self.assertEquals(trinfo.comment, 'bouh!')
 
   567         # but not from_state/to_state
 
   566         # but not from_state/to_state
 
   568         aff.clear_related_cache('wf_info_for', role='object')
 
   567         aff.cw_clear_relation_cache('wf_info_for', role='object')
 
   569         self.assertRaises(Unauthorized,
 
   568         self.assertRaises(Unauthorized,
 
   570                           self.execute, 'SET TI from_state S WHERE TI eid %(ti)s, S name "ben non"',
 
   569                           self.execute, 'SET TI from_state S WHERE TI eid %(ti)s, S name "ben non"',
 
   571                           {'ti': trinfo.eid})
 
   570                           {'ti': trinfo.eid})
 
   572         self.assertRaises(Unauthorized,
 
   571         self.assertRaises(Unauthorized,
 
   573                           self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"',
 
   572                           self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"',
cubicweb