[PATCH 2 of 4 saem] [security/test] Add tests to ensure standard users can't handle organization

Sylvain Thenault sylvain.thenault at logilab.fr
Thu Apr 13 11:00:00 CEST 2017


# HG changeset patch
# User Sylvain Thénault <sylvain.thenault at logilab.fr>
# Date 1492069898 -7200
#      Thu Apr 13 09:51:38 2017 +0200
# Node ID 0d812bee0c0db0dad0d1433db1042d63a2e5d52b
# Parent  5c0cbe8138b54b1a2eb599c0b52def7b425049e0
[security/test] Add tests to ensure standard users can't handle organization

Fortunatly permissions were already correct ;)

diff --git a/test/test_security.py b/test/test_security.py
--- a/test/test_security.py
+++ b/test/test_security.py
@@ -178,10 +178,22 @@ class NonManagerUserTC(CubicWebTC):
 
             test_naa = testutils.naa(cnx)
             with self.assertUnauthorized(cnx):
                 test_naa.cw_set(who=u'1')
 
+    def test_cannot_create_update_organization(self):
+        with self.new_access(self.login).cnx() as cnx:
+            with self.assertUnauthorized(cnx):
+                testutils.authority_with_naa(cnx, u'new')
+
+            org = testutils.authority_with_naa(cnx)
+            with self.assertUnauthorized(cnx):
+                org.cw_set(name=u'uh')
+            with self.assertUnauthorized(cnx):
+                arecord = testutils.authority_record(cnx, name=u'a', kind=u'authority')
+                org.cw_set(authority_record=arecord)
+
     def test_can_create_authorityrecord_activities(self):
         with self.new_access(self.login).cnx() as cnx:
             arecord = testutils.authority_record(cnx, name=u'a')
             cnx.commit()
             # EAC import expect user may create activity


More information about the saem-devel mailing list