--- a/server/test/unittest_security.py Wed Feb 24 11:53:36 2010 +0100
+++ b/server/test/unittest_security.py Wed Feb 24 12:57:30 2010 +0100
@@ -494,12 +494,13 @@
# needed to avoid check_perm error
session.set_pool()
# needed to remove rql expr granting update perm to the user
+ affaire_perms = self.schema['Affaire'].permissions.copy()
self.schema['Affaire'].set_action_permissions('update', self.schema['Affaire'].get_groups('update'))
- self.assertRaises(Unauthorized,
- self.schema['Affaire'].check_perm, session, 'update', eid=eid)
- cu = cnx.cursor()
- self.schema['Affaire'].set_action_permissions('read', ('users',))
try:
+ self.assertRaises(Unauthorized,
+ self.schema['Affaire'].check_perm, session, 'update', eid=eid)
+ cu = cnx.cursor()
+ self.schema['Affaire'].set_action_permissions('read', ('users',))
aff = cu.execute('Any X WHERE X ref "ARCT01"').get_entity(0, 0)
aff.fire_transition('abort')
cnx.commit()
@@ -510,7 +511,9 @@
# from the current state but Unauthorized if it exists but user can't pass it
self.assertRaises(ValidationError, user.fire_transition, 'deactivate')
finally:
- self.schema['Affaire'].set_action_permissions('read', ('managers',))
+ # restore orig perms
+ for action, perms in affaire_perms.iteritems():
+ self.schema['Affaire'].set_action_permissions(action, perms)
def test_trinfo_security(self):
aff = self.execute('INSERT Affaire X: X ref "ARCT01"').get_entity(0, 0)