Merge branch 'f-deny-role' into 'dev'

TST: deny role???

See merge request !61

tests/test_permissions.py

@@ -1167,3 +1167,30 @@ def test_check_entity_acl_roles():
     assert ret.get_warnings()[0].description == "User role does not exist."
 
     db.administration.set_server_property("CHECK_ENTITY_ACL_ROLES_MODE", reset)
+
+
+def test_deny_update_role():
+
+    p = db.Property(name="TestProperty", datatype=db.TEXT).insert()
+    assert p.is_valid()
+
+    grant_permission(p, "RETRIEVE:*")
+    grant_permission(p, "UPDATE:*")
+
+    '''Success'''
+    p.name = "TestPropertyNew"
+    assert_is_none(p.acl)
+    p.update()
+
+    '''Failure'''
+    switch_to_admin_user()
+    db.administration._set_permissions(
+        role=test_role, permission_rules=[
+            db.administration.PermissionRule(
+                "Deny", "TRANSACTION:UPDATE:*")])
+    switch_to_test_user()
+
+    p.retrieve()
+    p.name = "TestPropertyEvenNewer"
+    with raises(db.TransactionError) as te:
+        p.update()