|
1 # copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
3 # |
|
4 # This file is part of CubicWeb. |
|
5 # |
|
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
|
7 # terms of the GNU Lesser General Public License as published by the Free |
|
8 # Software Foundation, either version 2.1 of the License, or (at your option) |
|
9 # any later version. |
|
10 # |
|
11 # logilab-common is distributed in the hope that it will be useful, but WITHOUT |
|
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
13 # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
14 # details. |
|
15 # |
|
16 # You should have received a copy of the GNU Lesser General Public License along |
|
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
1 """functional tests for server'security |
18 """functional tests for server'security |
2 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
|
3 """ |
19 """ |
4 import sys |
20 import sys |
5 |
21 |
6 from logilab.common.testlib import unittest_main, TestCase |
22 from logilab.common.testlib import unittest_main, TestCase |
7 from cubicweb.devtools.testlib import CubicWebTC |
23 from cubicweb.devtools.testlib import CubicWebTC |
30 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
46 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
31 origgroups = self.schema['Personne'].get_groups('read') |
47 origgroups = self.schema['Personne'].get_groups('read') |
32 self.schema['Personne'].set_action_permissions('read', ('users', 'managers')) |
48 self.schema['Personne'].set_action_permissions('read', ('users', 'managers')) |
33 self.repo.vreg.solutions(self.session, rqlst, None) |
49 self.repo.vreg.solutions(self.session, rqlst, None) |
34 solution = rqlst.solutions[0] |
50 solution = rqlst.solutions[0] |
35 check_read_access(self.schema, self.session.user, rqlst, solution) |
51 check_read_access(self.session, rqlst, solution, {}) |
36 cnx = self.login('anon') |
52 cnx = self.login('anon') |
37 cu = cnx.cursor() |
53 cu = cnx.cursor() |
38 self.assertRaises(Unauthorized, |
54 self.assertRaises(Unauthorized, |
39 check_read_access, |
55 check_read_access, |
40 self.schema, cnx.user(self.session), rqlst, solution) |
56 self.session, rqlst, solution, {}) |
41 self.assertRaises(Unauthorized, cu.execute, rql) |
57 self.assertRaises(Unauthorized, cu.execute, rql) |
42 |
58 |
43 def test_upassword_not_selectable(self): |
59 def test_upassword_not_selectable(self): |
44 self.assertRaises(Unauthorized, |
60 self.assertRaises(Unauthorized, |
45 self.execute, 'Any X,P WHERE X is CWUser, X upassword P') |
61 self.execute, 'Any X,P WHERE X is CWUser, X upassword P') |