From 04efef55aae1bed5ad665e3677efb6dff25ee8d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Calonne?= <aurel@nexedi.com> Date: Fri, 23 May 2008 13:09:23 +0000 Subject: [PATCH] add unit test for security of edit git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@21098 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Type/tests/testERP5Type.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/product/ERP5Type/tests/testERP5Type.py b/product/ERP5Type/tests/testERP5Type.py index bc293fe6a1..45817353d5 100644 --- a/product/ERP5Type/tests/testERP5Type.py +++ b/product/ERP5Type/tests/testERP5Type.py @@ -2223,6 +2223,26 @@ class TestPropertySheet: self.assertTrue(guarded_hasattr(obj, 'setFooBar')) self.assertFalse(guarded_hasattr(obj, 'getFooBar')) + def test_edit(self): + + self._addProperty('Person', + ''' { 'id': 'foo_bar', + 'write_permission' : 'Set own password', + 'read_permission' : 'Manage users', + 'type': 'string', + 'mode': 'w', }''') + obj = self.getPersonModule().newContent(portal_type='Person') + obj.edit(foo_bar="v1") + self.assertEqual(obj.getFooBar(), "v1") + + obj.manage_permission('Set own password', [], 0) + self.assertRaises(Unauthorized, obj.edit, foo_bar="v2") + self.assertEqual(obj.getFooBar(), "v1") + + obj._edit(foo_bar="v3") + self.assertEqual(obj.getFooBar(), "v3") + + def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(TestERP5Type)) -- 2.30.9