[tests] add tests for cross user access code

author: Victor Shyba <victor1984@riseup.net> 2017-08-30 23:02:23 -0300
committer: drebs <drebs@riseup.net> 2017-09-05 11:08:48 -0300
commit: 75b5f4131b912325f2e7ee9d7e75b51d12a5270d (patch)
tree: 30dfe5d415ff8652156043a2550bb6b9626bb5cd
parent: da26a7f22c6ea77bc417d1184c2a0a4f976669a2 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/testing/tests/server/test_session.py b/testing/tests/server/test_session.py
index 1ca34f8a..3dbd2740 100644
--- a/testing/tests/server/test_session.py
+++ b/testing/tests/server/test_session.py
@@ -184,3 +184,12 @@ class SoledadSessionTestCase(unittest.TestCase):
         request.render(child)
         self.assertEqual(request.responseCode, 500)
         self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
+
+    def test_cantAccessOtherUserPathByDefault(self):
+        request = self.makeRequest([])
+        # valid url_mapper path, but for another user
+        request.path = '/blobs/another-user/'
+        child = self._authorizedTokenLogin(request)
+
+        request.render(child)
+        self.assertEqual(request.responseCode, 500)
author	Victor Shyba <victor1984@riseup.net>	2017-08-30 23:02:23 -0300
committer	drebs <drebs@riseup.net>	2017-09-05 11:08:48 -0300
commit	75b5f4131b912325f2e7ee9d7e75b51d12a5270d (patch)
tree	30dfe5d415ff8652156043a2550bb6b9626bb5cd
parent	da26a7f22c6ea77bc417d1184c2a0a4f976669a2 (diff)