issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi fix tests

rouilj · rouilj · commit 773b46b53ac7 · 2016-09-01T21:26:59.000-04:00
Correct tests so they now expect NotFound exception rather than
SeriousError.

Renamed:
  test/test_cgi.py::FormTestCase::testCSVExportFailPermission
to
  test/test_cgi.py::FormTestCase::testCSVExportFailPermissionBadColumn

I think this test should return Unauthorised rather than
NotFound. Discussion is on the issue.

Also added a new test case to verify that exceptions.Unauthorised is
raised if all columns are valid and the user is not allowed to access
the class.
diff --git a/test/test_cgi.py b/test/test_cgi.py
@@ -1151,10 +1151,10 @@ def testCSVExportBadColumnName(self):
         output = StringIO.StringIO()
         cl.request = MockNull()
         cl.request.wfile = output
-        self.assertRaises(exceptions.SeriousError,
+        self.assertRaises(exceptions.NotFound,
             actions.ExportCSVAction(cl).handle)
 
-    def testCSVExportFailPermission(self):
+    def testCSVExportFailPermissionBadColumn(self):
         cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
             userid='2')
         cl.classname = 'user'
@@ -1163,7 +1163,22 @@ def testCSVExportFailPermission(self):
         cl.request.wfile = output
         # used to be self.assertRaises(exceptions.Unauthorised,
         # but not acting like the column name is not found
-        self.assertRaises(exceptions.SeriousError,
+        # see issue2550755 - should this return Unauthorised?
+        # The unauthorised user should never get to the point where
+        # they can determine if the column name is valid or not.
+        self.assertRaises(exceptions.NotFound,
+            actions.ExportCSVAction(cl).handle)
+
+    def testCSVExportFailPermissionValidColumn(self):
+        cl = self._make_client({'@columns': 'id,address,password'}, nodeid=None,
+            userid='2')
+        cl.classname = 'user'
+        output = StringIO.StringIO()
+        cl.request = MockNull()
+        cl.request.wfile = output
+        # used to be self.assertRaises(exceptions.Unauthorised,
+        # but not acting like the column name is not found
+        self.assertRaises(exceptions.Unauthorised,
             actions.ExportCSVAction(cl).handle)
 
 class TemplateHtmlRendering(unittest.TestCase):
