Commit 7d64b85e authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

Backport some more security test from saem

parent 0a8f060a5ce6
......@@ -181,13 +181,14 @@ class SecurityTC(CubicWebTC):
cnx.commit()
cnx.rollback()
def test_base(self):
def test_profile(self):
with self.admin_access.repo_cnx() as cnx:
self.create_user(cnx, login='alice')
self.create_user(cnx, login='bob')
cnx.commit()
with self.new_access('alice').repo_cnx() as cnx:
transfer = cnx.create_entity('SEDAArchiveTransfer', title=u'Alice Profile')
create_archive_unit(transfer)
cnx.create_entity('Agent', name=u'Archival inc.',
reverse_seda_archival_agency=transfer)
cnx.create_entity('SEDAComment', comment=u'Whooot.',
......@@ -217,6 +218,52 @@ class SecurityTC(CubicWebTC):
with self.assertUnauthorized(cnx):
scheme = cnx.create_entity('ConceptScheme', title=u'Some nasty vocabulary')
mtclv.cw_set(seda_mime_type_code_list_version_to=scheme)
# deletion of a contained entity
with self.assertUnauthorized(cnx):
comment.cw_delete()
# deletion of a outer relation
with self.assertUnauthorized(cnx):
transfer.reverse_seda_mime_type_code_list_version_from[0].cw_set(
seda_mime_type_code_list_version_to=None)
# deletion of an archive unit
with self.assertUnauthorized(cnx):
transfer.archive_units[0].cw_delete()
# deletion of the container
with self.assertUnauthorized(cnx):
transfer.cw_delete()
def test_archive_unit(self):
with self.admin_access.repo_cnx() as cnx:
unit, unit_alt, unit_alt_seq = create_archive_unit(None, cnx=cnx)
content = cnx.create_entity('SEDAContent', seda_content=unit_alt_seq)
title = cnx.create_entity('SEDATitle', seda_title=content)
cnx.commit()
# unit has no parent, modifications are allowed.
unit.cw_set(user_annotation=u'argh')
title.cw_set(title=u'gloup')
cnx.commit()
with self.new_access('anon').client_cnx() as cnx:
title = cnx.entity_from_eid(title.eid)
unit = cnx.entity_from_eid(unit.eid)
with self.assertUnauthorized(cnx):
title.cw_set(title=u'zorglub')
with self.assertUnauthorized(cnx):
unit.cw_set(user_annotation=u'zorglub')
with self.assertUnauthorized(cnx):
cnx.create_entity(
'SEDATitle', seda_title=cnx.create_entity(
'SEDAContent', seda_content=unit_alt_seq))
with self.assertUnauthorized(cnx):
title.cw_delete()
with self.assertUnauthorized(cnx):
unit.cw_delete()
with self.admin_access.repo_cnx() as cnx:
unit = cnx.entity_from_eid(unit.eid)
unit.cw_delete()
cnx.commit()
if __name__ == '__main__':
import unittest
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment