Mercurial > p > roundup > code
diff test/rest_common.py @ 6317:ea0becc9fdb9
Test delete of class and use of @protected.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 01 Jan 2021 23:37:38 -0500 |
| parents | 323661f7c89c |
| children | ec853cef2f09 |
line wrap: on
line diff
--- a/test/rest_common.py Fri Jan 01 23:21:00 2021 -0500 +++ b/test/rest_common.py Fri Jan 01 23:37:38 2021 -0500 @@ -1331,6 +1331,33 @@ ['assignedto']['link'], "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/user/2") + + def testDispatchDelete(self): + """ + run Delete through rest dispatch(). + """ + + # TEST #0 + # Delete class raises unauthorized error + # simulate: /rest/data/issue + env = { "REQUEST_METHOD": "DELETE" + } + headers={"accept": "application/json; version=1", + } + self.headers=headers + self.server.client.request.headers.get=self.get_header + results = self.server.dispatch(env["REQUEST_METHOD"], + "/rest/data/issue", + self.empty_form) + + print(results) + self.assertEqual(self.server.client.response_code, 403) + json_dict = json.loads(b2s(results)) + + self.assertEqual(json_dict['error']['msg'], + "Deletion of a whole class disabled") + + def testDispatchBadContent(self): """ runthrough rest dispatch() with bad content_type patterns. @@ -2743,12 +2770,15 @@ # File content is only shown with verbose=3 form = cgi.FieldStorage() form.list = [ - cgi.MiniFieldStorage('@verbose', '3') + cgi.MiniFieldStorage('@verbose', '3'), + cgi.MiniFieldStorage('@protected', 'true') ] results = self.server.get_element('file', fileid, form) results = results['data'] self.assertEqual(self.dummy_client.response_code, 200) self.assertEqual(results['attributes']['content'], 'hello\r\nthere') + self.assertIn('creator', results['attributes']) # added by @protected + self.assertEqual(results['attributes']['creator']['username'], "joe") def testAuthDeniedPut(self): """