115 cnx.execute("INSERT Personne X: X nom 'bidule'") |
115 cnx.execute("INSERT Personne X: X nom 'bidule'") |
116 self.assertRaises(Unauthorized, cnx.commit) |
116 self.assertRaises(Unauthorized, cnx.commit) |
117 self.assertEqual(cnx.execute('Personne X').rowcount, 1) |
117 self.assertEqual(cnx.execute('Personne X').rowcount, 1) |
118 |
118 |
119 def test_insert_security_2(self): |
119 def test_insert_security_2(self): |
120 with self.login('anon') as cu: |
120 with self.new_access('anon').repo_cnx() as cnx: |
121 cu.execute("INSERT Affaire X") |
121 cnx.execute("INSERT Affaire X") |
122 self.assertRaises(Unauthorized, self.commit) |
122 self.assertRaises(Unauthorized, cnx.commit) |
123 # anon has no read permission on Affaire entities, so |
123 # anon has no read permission on Affaire entities, so |
124 # rowcount == 0 |
124 # rowcount == 0 |
125 self.assertEqual(cu.execute('Affaire X').rowcount, 0) |
125 self.assertEqual(cnx.execute('Affaire X').rowcount, 0) |
126 |
126 |
127 def test_insert_rql_permission(self): |
127 def test_insert_rql_permission(self): |
128 # test user can only add une affaire related to a societe he owns |
128 # test user can only add une affaire related to a societe he owns |
129 with self.new_access('iaminusersgrouponly').repo_cnx() as cnx: |
129 with self.new_access('iaminusersgrouponly').repo_cnx() as cnx: |
130 cnx.execute("INSERT Affaire X: X sujet 'cool'") |
130 cnx.execute("INSERT Affaire X: X sujet 'cool'") |