Mercurial > p > roundup > code
diff test/test_cgi.py @ 5168:9e41254430fe
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests
Correct tests so they now expect NotFound exception rather than
SeriousError.
Renamed:
test/test_cgi.py::FormTestCase::testCSVExportFailPermission
to
test/test_cgi.py::FormTestCase::testCSVExportFailPermissionBadColumn
I think this test should return Unauthorised rather than
NotFound. Discussion is on the issue.
Also added a new test case to verify that exceptions.Unauthorised is
raised if all columns are valid and the user is not allowed to access
the class.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 01 Sep 2016 21:26:59 -0400 |
| parents | 232c74973a56 |
| children | 349bef975367 |
line wrap: on
line diff
--- a/test/test_cgi.py Tue Aug 23 11:08:28 2016 +0200 +++ b/test/test_cgi.py Thu Sep 01 21:26:59 2016 -0400 @@ -1151,10 +1151,10 @@ output = StringIO.StringIO() cl.request = MockNull() cl.request.wfile = output - self.assertRaises(exceptions.SeriousError, + self.assertRaises(exceptions.NotFound, actions.ExportCSVAction(cl).handle) - def testCSVExportFailPermission(self): + def testCSVExportFailPermissionBadColumn(self): cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None, userid='2') cl.classname = 'user' @@ -1163,7 +1163,22 @@ cl.request.wfile = output # used to be self.assertRaises(exceptions.Unauthorised, # but not acting like the column name is not found - self.assertRaises(exceptions.SeriousError, + # see issue2550755 - should this return Unauthorised? + # The unauthorised user should never get to the point where + # they can determine if the column name is valid or not. + self.assertRaises(exceptions.NotFound, + actions.ExportCSVAction(cl).handle) + + def testCSVExportFailPermissionValidColumn(self): + cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None, + userid='2') + cl.classname = 'user' + output = StringIO.StringIO() + cl.request = MockNull() + cl.request.wfile = output + # used to be self.assertRaises(exceptions.Unauthorised, + # but not acting like the column name is not found + self.assertRaises(exceptions.Unauthorised, actions.ExportCSVAction(cl).handle) class TemplateHtmlRendering(unittest.TestCase):