summaryrefslogtreecommitdiff
path: root/testing/tests
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests')
-rw-r--r--testing/tests/server/test_session.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/testing/tests/server/test_session.py b/testing/tests/server/test_session.py
index 1ca34f8a..3dbd2740 100644
--- a/testing/tests/server/test_session.py
+++ b/testing/tests/server/test_session.py
@@ -184,3 +184,12 @@ class SoledadSessionTestCase(unittest.TestCase):
request.render(child)
self.assertEqual(request.responseCode, 500)
self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1)
+
+ def test_cantAccessOtherUserPathByDefault(self):
+ request = self.makeRequest([])
+ # valid url_mapper path, but for another user
+ request.path = '/blobs/another-user/'
+ child = self._authorizedTokenLogin(request)
+
+ request.render(child)
+ self.assertEqual(request.responseCode, 500)