Check that acquisition is not possible.

This test will allow to track progress on "securing" API -- that it will disallow to access objects outside of its scope.

Check that acquisition is not possible.
This test will allow to track progress on "securing" API -- that it will disallow to access objects outside of its scope.
4582a47c · Łukasz Nowak · ef96c19c · 4582a47c · 4582a47c
Commit 4582a47c authored May 16, 2012 by Łukasz Nowak
2 changed files
--- a/master/bt5/vifib_slapos_rest_api_v1_test/TestTemplateItem/testVifibSlaposRestAPIV1.py
+++ b/master/bt5/vifib_slapos_rest_api_v1_test/TestTemplateItem/testVifibSlaposRestAPIV1.py
@@ -1185,6 +1185,21 @@ class TestGET_discovery(VifibSlaposRestAPIV1Mixin):
        'discovery',
      ])
+  def test_noAcquisition(self):
+    # check the test
+    portal_id = self.portal.getId()
+    self.logout()
+    self.assertEqual(portal_id, self.portal.getId())
+    self.login()
+    # prove that even if anyone has access to portal root it is impossible
+    # to fetch it via API
+    self.connection.request(method='GET',
+      url='/'.join([self.api_path, self.portal.getId(), 'getId'])
+    )
+    self.prepareResponse()
+    self.assertResponseCode(404)
+    self.assertBasicResponse()
  def test(self):
    self.connection.request(method='GET',
      url=self.api_path)

--- a/master/bt5/vifib_slapos_rest_api_v1_test/bt/revision
+++ b/master/bt5/vifib_slapos_rest_api_v1_test/bt/revision
-52
+53
\ No newline at end of file