diff --git a/tests/test_issues_server.py b/tests/test_issues_server.py
index 960af63b22f4406304b9d31631cdadb523e5660f..81fe351f21c172f4650befe516d3833d103e5d3c 100644
--- a/tests/test_issues_server.py
+++ b/tests/test_issues_server.py
@@ -1178,6 +1178,84 @@ def test_192():
assert count8 == 1
+def test_196a():
+ """See https://gitlab.com/caosdb/caosdb-server/-/issues/196"""
+ admin._insert_role(name=CURATOR_ROLE, description="Desc")
+
+ perms = admin._get_permissions(CURATOR_ROLE)
+ g = admin.PermissionRule(action="Grant", permission="TRANSACTION:*")
+ perms.add(g)
+ admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+ admin._insert_user(name="TestUser", password="Password1!", status="ACTIVE")
+ admin._set_roles(username="TestUser", roles=[CURATOR_ROLE])
+
+ db.configure_connection(username="TestUser", password_method="plain",
+ password="Password1!")
+ # works
+ db.RecordType(name="TestRT1").insert()
+ db.Property(name="TestProp1", datatype=db.TEXT).insert()
+
+ # Deny TRANSACTION:INSERT:PROPERTY
+ db.configure_connection()
+ perms = admin._get_permissions(CURATOR_ROLE)
+ g = admin.PermissionRule(action="Deny", permission="TRANSACTION:INSERT:PROPERTY")
+ perms.add(g)
+ admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+
+ db.configure_connection(username="TestUser", password_method="plain",
+ password="Password1!")
+
+ # it is still allowed to insert a record type...
+ db.RecordType(name="TestRT2").insert()
+
+ # fails
+ with pytest.raises(TransactionError) as cm:
+ # this should fail because the curator doesn't have TRANSACTION:INSERT:PROPERTY
+ db.Property(name="TestProp2", datatype=db.TEXT).insert()
+ assert cm.value.errors[0].msg == "You are not allowed to do this."
+
+
+@pytest.mark.parametrize("deny", ["TRANSACTION:INSERT:", "TRANSACTION:INSERT:*"])
+def test_196b(deny):
+ """Same as test_196a but we completely deny insertion."""
+ admin._insert_role(name=CURATOR_ROLE, description="Desc")
+
+ perms = admin._get_permissions(CURATOR_ROLE)
+ g = admin.PermissionRule(action="Grant", permission="TRANSACTION:*")
+ perms.add(g)
+ admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+ admin._insert_user(name="TestUser", password="Password1!", status="ACTIVE")
+ admin._set_roles(username="TestUser", roles=[CURATOR_ROLE])
+
+ db.configure_connection(username="TestUser", password_method="plain",
+ password="Password1!")
+ # works
+ db.RecordType(name="TestRT1").insert()
+ db.Property(name="TestProp1", datatype=db.TEXT).insert()
+
+ # Deny TRANSACTION:INSERT
+ db.configure_connection()
+ perms = admin._get_permissions(CURATOR_ROLE)
+ g = admin.PermissionRule(action="Deny", permission=deny)
+ perms.add(g)
+ admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+
+ db.configure_connection(username="TestUser", password_method="plain",
+ password="Password1!")
+
+ # fails (in contrast to test_196a)
+ with pytest.raises(TransactionError) as cm:
+ # this should fail because the curator doesn't have TRANSACTION:INSERT:RECORDTYPE
+ db.RecordType(name="TestRT2").insert()
+ assert cm.value.errors[0].msg == "You are not allowed to do this."
+
+ # fails
+ with pytest.raises(TransactionError) as cm:
+ # this should fail because the curator doesn't have TRANSACTION:INSERT:PROPERTY
+ db.Property(name="TestProp2", datatype=db.TEXT).insert()
+ assert cm.value.errors[0].msg == "You are not allowed to do this."
+
+
@pytest.mark.xfail(reason="fix needed")
@pytest.mark.parametrize("num", ["1e+23", "5e22", "2e-323"])
def test_143(num):
@@ -1225,4 +1303,4 @@ def test_166():
name="RT5").add_parent("notexists").add_property(
"exists_property",
234243).insert()
- assert [e.msg for e in cm.value.errors] == ["Entity has unqualified parents."]
+ assert [e.msg for e in cm.value.errors] == ["Entity has unqualified parents."]
\ No newline at end of file