server/test/unittest_security.py
branchstable
changeset 10153 85cbf16fbb57
parent 9981 7099bbd685aa
child 10156 57b68193413c
--- a/server/test/unittest_security.py	Wed Nov 26 17:39:59 2014 +0100
+++ b/server/test/unittest_security.py	Wed Jan 21 15:58:33 2015 +0100
@@ -112,6 +112,14 @@
             self.assertRaises(Unauthorized, self.commit)
             self.assertEqual(cu.execute('Personne X').rowcount, 1)
 
+    def test_insert_security_2(self):
+        with self.login('anon') as cu:
+            cu.execute("INSERT Affaire X")
+            self.assertRaises(Unauthorized, self.commit)
+            # anon has no read permission on Affaire entities, so
+            # rowcount == 0
+            self.assertEqual(cu.execute('Affaire X').rowcount, 0)
+
     def test_insert_rql_permission(self):
         # test user can only add une affaire related to a societe he owns
         with self.login('iaminusersgrouponly') as cu: