From a39af0e003ba95c9b7ab554aa4a4c5ce316a43c7 Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Sun, 18 Dec 2016 12:56:21 -0200
Subject: [bug] disallow all requests to "user-{uuid}/"

---
 testing/tests/server/test_server.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'testing')

diff --git a/testing/tests/server/test_server.py b/testing/tests/server/test_server.py
index 6710caaf..cae2e75c 100644
--- a/testing/tests/server/test_server.py
+++ b/testing/tests/server/test_server.py
@@ -110,7 +110,7 @@ class ServerAuthorizationTestCase(BaseSoledadTest):
             /shared-db/docs               | -
             /shared-db/doc/{id}           | GET, PUT, DELETE
             /shared-db/sync-from/{source} | -
-            /user-db                      | GET, PUT, DELETE
+            /user-db                      | -
             /user-db/docs                 | -
             /user-db/doc/{id}             | -
             /user-db/sync-from/{source}   | GET, PUT, POST
@@ -174,13 +174,13 @@ class ServerAuthorizationTestCase(BaseSoledadTest):
             authmap.is_authorized(
                 self._make_environ('/shared/sync-from/x', 'POST')))
         # test user-db database resource auth
-        self.assertTrue(
+        self.assertFalse(
             authmap.is_authorized(
                 self._make_environ('/%s' % dbname, 'GET')))
-        self.assertTrue(
+        self.assertFalse(
             authmap.is_authorized(
                 self._make_environ('/%s' % dbname, 'PUT')))
-        self.assertTrue(
+        self.assertFalse(
             authmap.is_authorized(
                 self._make_environ('/%s' % dbname, 'DELETE')))
         self.assertFalse(
-- 
cgit v1.2.3