@@ -1331,6 +1331,33 @@ def testDispatchPost(self):
13311331 ['assignedto' ]['link' ],
13321332 "http://tracker.example/cgi-bin/roundup.cgi/bugs/rest/data/user/2" )
13331333
1334+
1335+ def testDispatchDelete (self ):
1336+ """
1337+ run Delete through rest dispatch().
1338+ """
1339+
1340+ # TEST #0
1341+ # Delete class raises unauthorized error
1342+ # simulate: /rest/data/issue
1343+ env = { "REQUEST_METHOD" : "DELETE"
1344+ }
1345+ headers = {"accept" : "application/json; version=1" ,
1346+ }
1347+ self .headers = headers
1348+ self .server .client .request .headers .get = self .get_header
1349+ results = self .server .dispatch (env ["REQUEST_METHOD" ],
1350+ "/rest/data/issue" ,
1351+ self .empty_form )
1352+
1353+ print (results )
1354+ self .assertEqual (self .server .client .response_code , 403 )
1355+ json_dict = json .loads (b2s (results ))
1356+
1357+ self .assertEqual (json_dict ['error' ]['msg' ],
1358+ "Deletion of a whole class disabled" )
1359+
1360+
13341361 def testDispatchBadContent (self ):
13351362 """
13361363 runthrough rest dispatch() with bad content_type patterns.
@@ -2743,12 +2770,15 @@ def testPostFile(self):
27432770 # File content is only shown with verbose=3
27442771 form = cgi .FieldStorage ()
27452772 form .list = [
2746- cgi .MiniFieldStorage ('@verbose' , '3' )
2773+ cgi .MiniFieldStorage ('@verbose' , '3' ),
2774+ cgi .MiniFieldStorage ('@protected' , 'true' )
27472775 ]
27482776 results = self .server .get_element ('file' , fileid , form )
27492777 results = results ['data' ]
27502778 self .assertEqual (self .dummy_client .response_code , 200 )
27512779 self .assertEqual (results ['attributes' ]['content' ], 'hello\r \n there' )
2780+ self .assertIn ('creator' , results ['attributes' ]) # added by @protected
2781+ self .assertEqual (results ['attributes' ]['creator' ]['username' ], "joe" )
27522782
27532783 def testAuthDeniedPut (self ):
27542784 """
0 commit comments