Add a test for edit method security.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20919 20353a03-c40f-0410-a6d1-a30d3c3de9de

Add a test for edit method security.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20919 20353a03-c40f-0410-a6d1-a30d3c3de9de
ef71fd73 · Vincent Pelletier · ecfaa9d1 · ef71fd73
Commit ef71fd73 authored May 13, 2008 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

product/ERP5Type/tests/testFolder.py product/ERP5Type/tests/testFolder.py +13 -0

No files found.
--- a/product/ERP5Type/tests/testFolder.py
+++ b/product/ERP5Type/tests/testFolder.py
@@ -34,6 +34,8 @@ from Products.CMFCore.tests.base.testcase import LogInterceptor
 from Products.ERP5Type.tests.utils import createZODBPythonScript
 from Products.ERP5Type.ERP5Type import ERP5TypeInformation
 from Products.ERP5Type.Cache import clearCache
+from AccessControl.ZopeGuards import guarded_apply, guarded_getattr
+from zExceptions import Unauthorized

 class TestFolder(ERP5TypeTestCase, LogInterceptor):

@@ -170,6 +172,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor):
      self.assertRaises(ValueError, self.folder.newContent,
                        portal_type='Category')

+    def test_editWithoutModifyPortalContent(self):
+      edit = guarded_getattr(self.folder, 'edit')
+      guarded_apply(edit, title='foo')
+      self.assertEqual(self.folder.title, 'foo')
+      original_permission_list = self.folder.permission_settings('Modify portal content')
+      assert len(original_permission_list) == 1
+      self.folder.manage_permission('Modify portal content', [], 0)
+      self.assertRaises(Unauthorized, guarded_getattr, self.folder, 'edit')
+      # Reset to original permissions
+      self.folder.manage_permission('Modify portal content', original_permission_list[0]['roles'], original_permission_list[0]['acquire'])
+
 def test_suite():
  suite = unittest.TestSuite()
  suite.addTest(unittest.makeSuite(TestFolder))