# HG changeset patch # User Laurent Peuch # Date 1550758689 -3600 # Node ID 3724ddd950d35b87f7303fdb60d3a9dc918bf7a6 # Parent e3bcfd6432bc6c4d336955e60f8b88cccc8dd407 [doc] blanks spaces to allow example to breath and be more lisible diff -r e3bcfd6432bc -r 3724ddd950d3 doc/tutorials/advanced/part02_security.rst --- a/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:16:22 2019 +0100 +++ b/doc/tutorials/advanced/part02_security.rst Thu Feb 21 15:18:09 2019 +0100 @@ -318,7 +318,9 @@ with self.admin_access.repo_cnx() as cnx: # create a user for later security checks toto = self.create_user(cnx, 'toto') + cnx.commit() + # init some data using the default manager connection folder = cnx.create_entity('Folder', name=u'restricted', @@ -327,29 +329,40 @@ data_name=u'photo1.jpg', data=Binary('xxx'), filed_under=folder) + cnx.commit() + # visibility propagation self.assertEquals(photo1.visibility, 'restricted') + # unless explicitly specified photo2 = cnx.create_entity('File', data_name=u'photo2.jpg', data=Binary('xxx'), visibility=u'public', filed_under=folder) + cnx.commit() + self.assertEquals(photo2.visibility, 'public') + with self.new_access('toto').repo_cnx() as cnx: # test security self.assertEqual(1, len(cnx.execute('File X'))) # only the public one self.assertEqual(0, len(cnx.execute('Folder X'))) # restricted... + with self.admin_access.repo_cnx() as cnx: # may_be_read_by propagation folder = cnx.entity_from_eid(folder.eid) folder.cw_set(may_be_read_by=toto) + cnx.commit() + with self.new_access('toto').repo_cnx() as cnx: photo1 = cnx.entity_from_eid(photo1.eid) + self.failUnless(photo1.may_be_read_by) + # test security with permissions self.assertEquals(2, len(cnx.execute('File X'))) # now toto has access to photo2 self.assertEquals(1, len(cnx.execute('Folder X'))) # and to restricted folder