Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
changeset 10161 138464fc1c33
parent 10136 c33dcd18e0bb
parent 10158 efc8645ece43
child 10248 131275d6c268 
--- a/server/test/unittest_security.py	Thu Jan 22 17:32:49 2015 +0100
+++ b/server/test/unittest_security.py	Thu Jan 22 17:45:06 2015 +0100
@@ -131,6 +131,14 @@
             self.assertRaises(Unauthorized, cnx.commit)
             self.assertEqual(cnx.execute('Personne X').rowcount, 1)
 
+    def test_insert_security_2(self):
+        with self.new_access('anon').repo_cnx() as cnx:
+            cnx.execute("INSERT Affaire X")
+            self.assertRaises(Unauthorized, cnx.commit)
+            # anon has no read permission on Affaire entities, so
+            # rowcount == 0
+            self.assertEqual(cnx.execute('Affaire X').rowcount, 0)
+
     def test_insert_rql_permission(self):
         # test user can only add une affaire related to a societe he owns
         with self.new_access('iaminusersgrouponly').repo_cnx() as cnx:
cubicweb