1 # copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
388 self.assertRaises(Unauthorized, self.commit) |
388 self.assertRaises(Unauthorized, self.commit) |
389 cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid}) |
389 cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid}) |
390 self.assertRaises(Unauthorized, self.commit) |
390 self.assertRaises(Unauthorized, self.commit) |
391 cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid}) |
391 cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid}) |
392 self.commit() |
392 self.commit() |
|
393 with self.login('iaminusersgrouponly') as cu: |
|
394 eid = cu.execute('INSERT Frozable F: F name "Foo"') |
|
395 self.commit() |
|
396 cu.execute('SET F name "Bar" WHERE F is Frozable') |
|
397 self.commit() |
|
398 cu.execute('SET F name "BaBar" WHERE F is Frozable') |
|
399 cu.execute('SET F frozen True WHERE F is Frozable') |
|
400 with self.assertRaises(Unauthorized): |
|
401 self.commit() |
|
402 self.rollback() |
|
403 cu.execute('SET F frozen True WHERE F is Frozable') |
|
404 self.commit() |
|
405 cu.execute('SET F name "Bar" WHERE F is Frozable') |
|
406 with self.assertRaises(Unauthorized): |
|
407 self.commit() |
|
408 self.rollback() |
393 |
409 |
394 def test_attribute_security_rqlexpr(self): |
410 def test_attribute_security_rqlexpr(self): |
395 # Note.para attribute editable by managers or if the note is in "todo" state |
411 # Note.para attribute editable by managers or if the note is in "todo" state |
396 note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
412 note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
397 self.commit() |
413 self.commit() |