def test_write_auth_ignores_r_users_field(self):
user2 = User('test2', 'sdfsdf', 'sdfsdf')
doc = Doc('docid', 'title', ['test1'], ['test'], None, None, None,
False)
with app.test_request_context("/"):
self.assertRaises(AuthenticationException, BokehServerTransaction,
user2, doc, 'rw')
def test_read_auth_checks_both_fields(self):
user2 = User('test2', 'sdfsdf', 'sdfsdf')
user = User('test1', 'sdfsdf', 'sdfsdf')
doc = Doc('docid', 'title', ['test1'], ['test2'], None, None, None,
False)
with app.test_request_context("/"):
BokehServerTransaction(user, doc, 'r')
with app.test_request_context("/"):
BokehServerTransaction(user2, doc, 'r')
def test_permissions_with_temporary_docid(self):
user = User('test1', 'sdfsdf', 'sdfsdf')
doc = Doc('docid', 'title', [], ['test2'], None, None, None, False)
# with temporary docid, a user must be able to read in order to get write access
# this call should fail
with app.test_request_context("/"):
self.assertRaises(AuthenticationException,
BokehServerTransaction,
user,
doc,
'rw',
temporary_docid="foobar")
