From 75b5f4131b912325f2e7ee9d7e75b51d12a5270d Mon Sep 17 00:00:00 2001 From: Victor Shyba Date: Wed, 30 Aug 2017 23:02:23 -0300 Subject: [tests] add tests for cross user access code --- testing/tests/server/test_session.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'testing/tests') diff --git a/testing/tests/server/test_session.py b/testing/tests/server/test_session.py index 1ca34f8a..3dbd2740 100644 --- a/testing/tests/server/test_session.py +++ b/testing/tests/server/test_session.py @@ -184,3 +184,12 @@ class SoledadSessionTestCase(unittest.TestCase): request.render(child) self.assertEqual(request.responseCode, 500) self.assertEqual(len(self.flushLoggedErrors(UnexpectedException)), 1) + + def test_cantAccessOtherUserPathByDefault(self): + request = self.makeRequest([]) + # valid url_mapper path, but for another user + request.path = '/blobs/another-user/' + child = self._authorizedTokenLogin(request) + + request.render(child) + self.assertEqual(request.responseCode, 500) -- cgit v1.2.3