Mercurial > p > roundup > code

comparison test/test_cgi.py @ 3930:1b84355e346a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add tests for through-the-web permission checking
author Richard Jones <richard@users.sourceforge.net>
date Fri, 05 Oct 2007 03:07:14 +0000
parents 91008ec8f9a0
children 905faf52a51f
comparison
equal deleted inserted replaced
3929:a472391156ae 3930:1b84355e346a
6 # 6 #
7 # This module is distributed in the hope that it will be useful, 7 # This module is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 # 10 #
11 # $Id: test_cgi.py,v 1.32 2007-09-16 02:45:11 jpend Exp $ 11 # $Id: test_cgi.py,v 1.33 2007-10-05 03:07:14 richard Exp $
12 12
13 import unittest, os, shutil, errno, sys, difflib, cgi, re 13 import unittest, os, shutil, errno, sys, difflib, cgi, re
14 14
15 from roundup.cgi import client 15 from roundup.cgi import client, actions, exceptions
16 from roundup.cgi.exceptions import FormError 16 from roundup.cgi.exceptions import FormError
17 from roundup.cgi.templating import HTMLItem 17 from roundup.cgi.templating import HTMLItem
18 from roundup.cgi.form_parser import FormParser 18 from roundup.cgi.form_parser import FormParser
19 from roundup import init, instance, password, hyperdb, date 19 from roundup import init, instance, password, hyperdb, date
20 20
593 self.assertEqual(self.parseForm({':file': file}, 'issue'), 593 self.assertEqual(self.parseForm({':file': file}, 'issue'),
594 ({('issue', None): {}, ('file', '-1'): {'content': 'foo', 594 ({('issue', None): {}, ('file', '-1'): {'content': 'foo',
595 'name': 'foo.txt', 'type': 'text/plain'}}, 595 'name': 'foo.txt', 'type': 'text/plain'}},
596 [('issue', None, 'files', [('file', '-1')])])) 596 [('issue', None, 'files', [('file', '-1')])]))
597 597
598 #
599 # SECURITY
600 #
601 # XXX test all default permissions
602 def _make_client(self, form, classname='user', nodeid='2', userid='2'):
603 cl = client.Client(self.instance, None, {'PATH_INFO':'/'},
604 makeForm(form))
605 cl.classname = 'user'
606 cl.nodeid = '1'
607 cl.db = self.db
608 cl.userid = '2'
609 return cl
610
611 def testClassPermission(self):
612 cl = self._make_client(dict(username='bob'))
613 self.failUnlessRaises(exceptions.Unauthorised,
614 actions.EditItemAction(cl).handle)
615 cl.nodeid = '1'
616 self.assertRaises(exceptions.Unauthorised,
617 actions.EditItemAction(cl).handle)
618
619 def testCheckAndPropertyPermission(self):
620 self.db.security.permissions = {}
621 def own_record(db, userid, itemid): return userid == itemid
622 p = self.db.security.addPermission(name='Edit', klass='user',
623 check=own_record, properties=("password", ))
624 self.db.security.addPermissionToRole('User', p)
625
626 cl = self._make_client(dict(username='bob'))
627 self.assertRaises(exceptions.Unauthorised,
628 actions.EditItemAction(cl).handle)
629 cl = self._make_client({'password':'bob', '@confirm@password':'bob'})
630 self.failUnlessRaises(exceptions.Unauthorised,
631 actions.EditItemAction(cl).handle)
632
598 def test_suite(): 633 def test_suite():
599 suite = unittest.TestSuite() 634 suite = unittest.TestSuite()
600 suite.addTest(unittest.makeSuite(FormTestCase)) 635 suite.addTest(unittest.makeSuite(FormTestCase))
601 suite.addTest(unittest.makeSuite(MessageTestCase)) 636 suite.addTest(unittest.makeSuite(MessageTestCase))
602 return suite 637 return suite
Roundup Issue Tracker: http://roundup-tracker.org/