Commit ef71fd73 authored by Vincent Pelletier's avatar Vincent Pelletier

Add a test for edit method security.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20919 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent ecfaa9d1
......@@ -34,6 +34,8 @@ from Products.CMFCore.tests.base.testcase import LogInterceptor
from Products.ERP5Type.tests.utils import createZODBPythonScript
from Products.ERP5Type.ERP5Type import ERP5TypeInformation
from Products.ERP5Type.Cache import clearCache
from AccessControl.ZopeGuards import guarded_apply, guarded_getattr
from zExceptions import Unauthorized
class TestFolder(ERP5TypeTestCase, LogInterceptor):
......@@ -170,6 +172,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor):
self.assertRaises(ValueError, self.folder.newContent,
portal_type='Category')
def test_editWithoutModifyPortalContent(self):
edit = guarded_getattr(self.folder, 'edit')
guarded_apply(edit, title='foo')
self.assertEqual(self.folder.title, 'foo')
original_permission_list = self.folder.permission_settings('Modify portal content')
assert len(original_permission_list) == 1
self.folder.manage_permission('Modify portal content', [], 0)
self.assertRaises(Unauthorized, guarded_getattr, self.folder, 'edit')
# Reset to original permissions
self.folder.manage_permission('Modify portal content', original_permission_list[0]['roles'], original_permission_list[0]['acquire'])
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestFolder))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment