def change_attr_fails(self): """ Test changing attributes we shouldn't be able to as an anonymous user. Runs through and tries to change every column name on each listed model and ensures we get a 403 """ lst = [(Task, 'task'), (Project, 'project'), (Comment, 'comment'), (User, 'user')] for cls, url_key in lst: obj = self.db.session.query(cls).first() values = jsonize(obj, obj.to_dict().keys(), raw=True) for key, val in values.items(): if key == 'id' or 'event' in key: continue self.put('/api/' + url_key, 403, params={'id': obj.id, key: val})
def to_dict(self): ret = jsonize(self, self.__dict__.keys(), raw=True) ret["_cls"] = self.__class__.__name__ return ret