From 04efef55aae1bed5ad665e3677efb6dff25ee8d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com>
Date: Fri, 23 May 2008 13:09:23 +0000
Subject: [PATCH] add unit test for security of edit

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@21098 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Type/tests/testERP5Type.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/product/ERP5Type/tests/testERP5Type.py b/product/ERP5Type/tests/testERP5Type.py
index bc293fe6a1..45817353d5 100644
--- a/product/ERP5Type/tests/testERP5Type.py
+++ b/product/ERP5Type/tests/testERP5Type.py
@@ -2223,6 +2223,26 @@ class TestPropertySheet:
       self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
       self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
 
+    def test_edit(self):
+
+      self._addProperty('Person',
+                        ''' { 'id':         'foo_bar',
+                        'write_permission' : 'Set own password',
+                        'read_permission'  : 'Manage users',
+                        'type':       'string',
+                        'mode':       'w', }''')
+      obj = self.getPersonModule().newContent(portal_type='Person')
+      obj.edit(foo_bar="v1")
+      self.assertEqual(obj.getFooBar(), "v1")
+
+      obj.manage_permission('Set own password', [], 0)
+      self.assertRaises(Unauthorized, obj.edit, foo_bar="v2")
+      self.assertEqual(obj.getFooBar(), "v1")
+
+      obj._edit(foo_bar="v3")
+      self.assertEqual(obj.getFooBar(), "v3")
+      
+
 def test_suite():
   suite = unittest.TestSuite()
   suite.addTest(unittest.makeSuite(TestERP5Type))
-- 
2.30.9