Add a test for edit method security.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20919 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Type/tests/testFolder.py

@@ -34,6 +34,8 @@ from Products.CMFCore.tests.base.testcase import LogInterceptor
 from Products.ERP5Type.tests.utils import createZODBPythonScript
 from Products.ERP5Type.ERP5Type import ERP5TypeInformation
 from Products.ERP5Type.Cache import clearCache
+from AccessControl.ZopeGuards import guarded_apply, guarded_getattr
+from zExceptions import Unauthorized
 
 class TestFolder(ERP5TypeTestCase, LogInterceptor):
 
@@ -170,6 +172,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor):
       self.assertRaises(ValueError, self.folder.newContent,
                         portal_type='Category')
 
+    def test_editWithoutModifyPortalContent(self):
+      edit = guarded_getattr(self.folder, 'edit')
+      guarded_apply(edit, title='foo')
+      self.assertEqual(self.folder.title, 'foo')
+      original_permission_list = self.folder.permission_settings('Modify portal content')
+      assert len(original_permission_list) == 1
+      self.folder.manage_permission('Modify portal content', [], 0)
+      self.assertRaises(Unauthorized, guarded_getattr, self.folder, 'edit')
+      # Reset to original permissions
+      self.folder.manage_permission('Modify portal content', original_permission_list[0]['roles'], original_permission_list[0]['acquire'])
+
 def test_suite():
   suite = unittest.TestSuite()
   suite.addTest(unittest.makeSuite(TestFolder))