--- a/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:16:22 2019 +0100
+++ b/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:18:09 2019 +0100
@@ -318,7 +318,9 @@
with self.admin_access.repo_cnx() as cnx:
# create a user for later security checks
toto = self.create_user(cnx, 'toto')
+
cnx.commit()
+
# init some data using the default manager connection
folder = cnx.create_entity('Folder',
name=u'restricted',
@@ -327,29 +329,40 @@
data_name=u'photo1.jpg',
data=Binary('xxx'),
filed_under=folder)
+
cnx.commit()
+
# visibility propagation
self.assertEquals(photo1.visibility, 'restricted')
+
# unless explicitly specified
photo2 = cnx.create_entity('File',
data_name=u'photo2.jpg',
data=Binary('xxx'),
visibility=u'public',
filed_under=folder)
+
cnx.commit()
+
self.assertEquals(photo2.visibility, 'public')
+
with self.new_access('toto').repo_cnx() as cnx:
# test security
self.assertEqual(1, len(cnx.execute('File X'))) # only the public one
self.assertEqual(0, len(cnx.execute('Folder X'))) # restricted...
+
with self.admin_access.repo_cnx() as cnx:
# may_be_read_by propagation
folder = cnx.entity_from_eid(folder.eid)
folder.cw_set(may_be_read_by=toto)
+
cnx.commit()
+
with self.new_access('toto').repo_cnx() as cnx:
photo1 = cnx.entity_from_eid(photo1.eid)
+
self.failUnless(photo1.may_be_read_by)
+
# test security with permissions
self.assertEquals(2, len(cnx.execute('File X'))) # now toto has access to photo2
self.assertEquals(1, len(cnx.execute('Folder X'))) # and to restricted folder