github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Check permissions on canned query page, refs #800

Browse source
This commit is contained in:
Simon Willison 2020-06-06 12:27:00 -07:00
commit 966eec7f75
2 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/test_canned_write.py
View file

@ -128,3 +128,11 @@ def test_canned_query_permissions_on_database_page(canned_write_client):
{"name": q["name"], "requires_auth": q["requires_auth"]}
for q in response.json["queries"]
]
def test_canned_query_permissions(canned_write_client):
assert 403 == canned_write_client.get("/data/delete_name").status
assert 200 == canned_write_client.get("/data/update_name").status
cookies = {"ds_actor": canned_write_client.ds.sign({"id": "root"}, "actor")}
assert 200 == canned_write_client.get("/data/delete_name", cookies=cookies).status
assert 200 == canned_write_client.get("/data/update_name", cookies=cookies).status