Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
branchstable
changeset 9981 7099bbd685aa
parent 9586 121c88b360d0
child 9984 793377697c81
child 10153 85cbf16fbb57
equal deleted inserted replaced
9980:91fbd3111828 9981:7099bbd685aa 
     1 # copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 
     1 # copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 
     2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 
     2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 
     3 #
 
     3 #
 
     4 # This file is part of CubicWeb.
 
     4 # This file is part of CubicWeb.
 
     5 #
 
     5 #
 
     6 # CubicWeb is free software: you can redistribute it and/or modify it under the
 
     6 # CubicWeb is free software: you can redistribute it and/or modify it under the
 
   388             self.assertRaises(Unauthorized, self.commit)
 
   388             self.assertRaises(Unauthorized, self.commit)
 
   389             cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid})
 
   389             cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid})
 
   390             self.assertRaises(Unauthorized, self.commit)
 
   390             self.assertRaises(Unauthorized, self.commit)
 
   391             cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid})
 
   391             cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid})
 
   392             self.commit()
 
   392             self.commit()
 
       
   393         with self.login('iaminusersgrouponly') as cu:
 
       
   394             eid = cu.execute('INSERT Frozable F: F name "Foo"')
 
       
   395             self.commit()
 
       
   396             cu.execute('SET F name "Bar" WHERE F is Frozable')
 
       
   397             self.commit()
 
       
   398             cu.execute('SET F name "BaBar" WHERE F is Frozable')
 
       
   399             cu.execute('SET F frozen True WHERE F is Frozable')
 
       
   400             with self.assertRaises(Unauthorized):
 
       
   401                 self.commit()
 
       
   402             self.rollback()
 
       
   403             cu.execute('SET F frozen True WHERE F is Frozable')
 
       
   404             self.commit()
 
       
   405             cu.execute('SET F name "Bar" WHERE F is Frozable')
 
       
   406             with self.assertRaises(Unauthorized):
 
       
   407                 self.commit()
 
       
   408             self.rollback()
 
   393 
   409 
   394     def test_attribute_security_rqlexpr(self):
 
   410     def test_attribute_security_rqlexpr(self):
 
   395         # Note.para attribute editable by managers or if the note is in "todo" state
 
   411         # Note.para attribute editable by managers or if the note is in "todo" state
 
   396         note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0)
 
   412         note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0)
 
   397         self.commit()
 
   413         self.commit()
cubicweb