Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
changeset 10156 57b68193413c
parent 10114 6f4b4567b77d
parent 10153 85cbf16fbb57
child 10158 efc8645ece43 
--- a/server/test/unittest_security.py	Wed Jan 07 14:56:33 2015 +0100
+++ b/server/test/unittest_security.py	Thu Jan 22 17:18:20 2015 +0100
@@ -116,6 +116,14 @@
             self.assertRaises(Unauthorized, cnx.commit)
             self.assertEqual(cnx.execute('Personne X').rowcount, 1)
 
+    def test_insert_security_2(self):
+        with self.login('anon') as cu:
+            cu.execute("INSERT Affaire X")
+            self.assertRaises(Unauthorized, self.commit)
+            # anon has no read permission on Affaire entities, so
+            # rowcount == 0
+            self.assertEqual(cu.execute('Affaire X').rowcount, 0)
+
     def test_insert_rql_permission(self):
         # test user can only add une affaire related to a societe he owns
         with self.new_access('iaminusersgrouponly').repo_cnx() as cnx:
cubicweb