[Cubicweb] CubicWebTC / assertRaises / Unauthorized

Carlos Balderas carlos.balderas at gmail.com
Tue Aug 17 06:50:34 CEST 2010


Thank you Sylvain,

I made it work, but I still have some questions.

For some tests, I need to use commit method to make them work, while in
other ones it is not necessary.

This code just works if I use commit method.

(Line 172 of pastebin link)
 # user1 cannot change others calendar events
rql = 'SET C description "description test" WHERE C is CalendarEvent'\
       ', C title "Calendar Event 1 Admin"'
rset = req.execute(rql)
self.assertRaises(Unauthorized, self.commit)

and this one works without the commit method ....

(Line 184 of pastebin link)
 # user1 can add calendar event type ONLY to his own calendar events
 rql = 'SET C event_type T WHERE C is CalendarEvent'\
         ', C title "Calendar Event 1 Admin"'\
         ', T is CalendarEventType, T type "Phone Call"'
self.assertRaises(Unauthorized, req.execute, rql)

Both try to make changes to database, one to an attribute, the other one to
make a new relation, but I don't understand the behaivor.

the test file
http://pastebin.com/HZg3GL32

the schema file
http://pastebin.com/ESgNvPxz

Just for additional information...

This code is for a calendar cube + jquery fullcalendar plugin.

We'll put this cube at crealibre hg repository as soon as possible (I think
by the end of this week) , so you can make a hg clone if you want to.

Thank you
Carlos Balderas


On Mon, Aug 16, 2010 at 2:29 PM, Sylvain Thénault <
sylvain.thenault at logilab.fr> wrote:

> On 16 août 11:24, Carlos Balderas wrote:
> > Hi List!
>
> Hi Carlos,
>
> > I am working on unnitest for a cube, especially testing users permissions
> .
> >
> > I want to test an 'Unauthorized' error using this:
> >
> > # rql update sentence, this query must fail
> > rql = 'SET C description "description test" WHERE ....'
> >
> > if I execute the rql as this:
> > rset = req.execute(rql)
> >
> > When I run the test this is what I get:
> > Unauthorized: You are not allowed to perform update operation on ...
> >
> > (so, the error shows as it should)
> >
> > but exception does no raise if I use assertRaises method:
> >
> > rql = 'SET C description "description test" WHERE ....'
> > self.assertRaises(Unauthorized, req.execute, rql)
> >
> > this is what i get:
> > AssertionError: Unauthorized not raised
>
> huum, I suspect there is something different in the two queries... There is
> no reason
> explaining that
>
>   req.execute(rql) # raise Unauthorized
>   self.assertRaises(Unauthorized, req.execute, rql) # assertion error
>
> > My first question
> >
> > 1.- what am I missing to make this exception raise and let it be caught
> by
> > assertRaises method?
>
> As I said, I suspect something not in this mail :) Copy and paste the
> whole test code if you want more eyes to check it.
>
> > 2.- would this be a good method to test cubicweb users permissions or do
> you
> > recommend me another one for this purpose?
>
> Yup
>
> --
> Sylvain Thénault                               LOGILAB, Paris (France)
> Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
> Développement logiciel sur mesure:       http://www.logilab.fr/services
> CubicWeb, the semantic web framework:    http://www.cubicweb.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100816/86108480/attachment-0127.html>


More information about the Cubicweb mailing list