--- a/server/test/unittest_security.py Thu Oct 07 19:02:00 2010 +0200
+++ b/server/test/unittest_security.py Fri Oct 08 07:43:38 2010 +0200
@@ -22,7 +22,7 @@
from logilab.common.testlib import unittest_main, TestCase
from cubicweb.devtools.testlib import CubicWebTC
-from cubicweb import Unauthorized, ValidationError
+from cubicweb import Unauthorized, ValidationError, QueryError
from cubicweb.server.querier import check_read_access
class BaseSecurityTC(CubicWebTC):
@@ -189,6 +189,8 @@
cnx.commit()
# to actually get Unauthorized exception, try to delete an entity we can read
self.assertRaises(Unauthorized, cu.execute, "DELETE Societe S")
+ self.assertRaises(QueryError, cnx.commit) # can't commit anymore
+ cnx.rollback() # required after Unauthorized
cu.execute("INSERT Affaire X: X sujet 'pascool'")
cu.execute("INSERT Societe X: X nom 'chouette'")
cu.execute("SET A concerne S WHERE A sujet 'pascool', S nom 'chouette'")
@@ -216,6 +218,8 @@
self.assertRaises(Unauthorized, ent.cw_check_perm, 'update')
self.assertRaises(Unauthorized,
cu.execute, "SET P travaille S WHERE P is Personne, S is Societe")
+ self.assertRaises(QueryError, cnx.commit) # can't commit anymore
+ cnx.rollback()
# test nothing has actually been inserted:
self.assertEqual(cu.execute('Any P,S WHERE P travaille S,P is Personne, S is Societe').rowcount, 0)
cu.execute("INSERT Societe X: X nom 'chouette'")
@@ -239,6 +243,8 @@
cnx = self.login('iaminusersgrouponly')
cu = cnx.cursor()
self.assertRaises(Unauthorized, cu.execute, "DELETE A concerne S")
+ self.assertRaises(QueryError, cnx.commit) # can't commit anymore
+ cnx.rollback() # required after Unauthorized
cu.execute("INSERT Societe X: X nom 'chouette'")
cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
cnx.commit()