109 def test_insert_security(self): |
109 def test_insert_security(self): |
110 with self.login('anon') as cu: |
110 with self.login('anon') as cu: |
111 cu.execute("INSERT Personne X: X nom 'bidule'") |
111 cu.execute("INSERT Personne X: X nom 'bidule'") |
112 self.assertRaises(Unauthorized, self.commit) |
112 self.assertRaises(Unauthorized, self.commit) |
113 self.assertEqual(cu.execute('Personne X').rowcount, 1) |
113 self.assertEqual(cu.execute('Personne X').rowcount, 1) |
|
114 |
|
115 def test_insert_security_2(self): |
|
116 with self.login('anon') as cu: |
|
117 cu.execute("INSERT Affaire X") |
|
118 self.assertRaises(Unauthorized, self.commit) |
|
119 # anon has no read permission on Affaire entities, so |
|
120 # rowcount == 0 |
|
121 self.assertEqual(cu.execute('Affaire X').rowcount, 0) |
114 |
122 |
115 def test_insert_rql_permission(self): |
123 def test_insert_rql_permission(self): |
116 # test user can only add une affaire related to a societe he owns |
124 # test user can only add une affaire related to a societe he owns |
117 with self.login('iaminusersgrouponly') as cu: |
125 with self.login('iaminusersgrouponly') as cu: |
118 cu.execute("INSERT Affaire X: X sujet 'cool'") |
126 cu.execute("INSERT Affaire X: X sujet 'cool'") |