From 1ffaeff0a896e0dddd86654d20d1e61684e55d0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20tom=20W=C3=B6rden?= <h.tomwoerden@indiscale.com>
Date: Wed, 8 Feb 2023 21:57:17 +0100
Subject: [PATCH] TST: add a role test

---
 tests/test_permissions.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index bcad1f3..4df2707 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -1168,3 +1168,30 @@ def test_check_entity_acl_roles():
     assert ret.get_warnings()[0].description == "User role does not exist."
 
     db.administration.set_server_property("CHECK_ENTITY_ACL_ROLES_MODE", reset)
+
+
+def test_deny_update_role():
+
+    p = db.Property(name="TestProperty", datatype=db.TEXT).insert()
+    assert p.is_valid()
+
+    grant_permission(p, "RETRIEVE:*")
+    grant_permission(p, "UPDATE:*")
+
+    '''Success'''
+    p.name = "TestPropertyNew"
+    assert_is_none(p.acl)
+    p.update()
+
+    '''Failure'''
+    switch_to_admin_user()
+    db.administration._set_permissions(
+        role=test_role, permission_rules=[
+            db.administration.PermissionRule(
+                "Deny", "TRANSACTION:UPDATE:*")])
+    switch_to_test_user()
+
+    p.retrieve()
+    p.name = "TestPropertyEvenNewer"
+    with raises(db.TransactionError) as te:
+        p.update()
-- 
GitLab