diff -r 2dee7a944b3a -r b2e0b6a8f76c doc/tutorials/advanced/part02_security.rst --- a/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:16:22 2019 +0100 +++ b/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:18:09 2019 +0100 @@ -318,7 +318,9 @@ with self.admin_access.repo_cnx() as cnx: # create a user for later security checks toto = self.create_user(cnx, 'toto') + cnx.commit() + # init some data using the default manager connection folder = cnx.create_entity('Folder', name=u'restricted', @@ -327,29 +329,40 @@ data_name=u'photo1.jpg', data=Binary('xxx'), filed_under=folder) + cnx.commit() + # visibility propagation self.assertEquals(photo1.visibility, 'restricted') + # unless explicitly specified photo2 = cnx.create_entity('File', data_name=u'photo2.jpg', data=Binary('xxx'), visibility=u'public', filed_under=folder) + cnx.commit() + self.assertEquals(photo2.visibility, 'public') + with self.new_access('toto').repo_cnx() as cnx: # test security self.assertEqual(1, len(cnx.execute('File X'))) # only the public one self.assertEqual(0, len(cnx.execute('Folder X'))) # restricted... + with self.admin_access.repo_cnx() as cnx: # may_be_read_by propagation folder = cnx.entity_from_eid(folder.eid) folder.cw_set(may_be_read_by=toto) + cnx.commit() + with self.new_access('toto').repo_cnx() as cnx: photo1 = cnx.entity_from_eid(photo1.eid) + self.failUnless(photo1.may_be_read_by) + # test security with permissions self.assertEquals(2, len(cnx.execute('File X'))) # now toto has access to photo2 self.assertEquals(1, len(cnx.execute('Folder X'))) # and to restricted folder