Open Source Monorail

appengine/monorail/features/test/savedqueries_test.py

Index: appengine/monorail/features/test/savedqueries_test.py
diff --git a/appengine/monorail/features/test/savedqueries_test.py b/appengine/monorail/features/test/savedqueries_test.py
new file mode 100644
index 0000000000000000000000000000000000000000..84750419ad38373f11328039a0a33ebcc8ab14c7
--- /dev/null
+++ b/appengine/monorail/features/test/savedqueries_test.py
@@ -0,0 +1,40 @@
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is govered by a BSD-style
+# license that can be found in the LICENSE file or at
+# https://developers.google.com/open-source/licenses/bsd
+
+"""Unit tests for savedqueries feature."""
+
+import unittest
+
+from features import savedqueries
+from framework import monorailrequest
+from framework import permissions
+from services import service_manager
+from testing import fake
+
+
+class SavedQueriesTest(unittest.TestCase):
+
+  def setUp(self):
+    self.services = service_manager.Services(
+        user=fake.UserService())
+    self.servlet = savedqueries.SavedQueries(
+    		'req', 'res', services=self.services)
+    self.services.user.TestAddUser('a@example.com', 111L)
+
+  def testAssertBasePermission(self):
+    """Only permit site admins and users viewing themselves."""
+    mr = monorailrequest.MonorailRequest()
+    mr.viewed_user_auth.user_id = 111L
+    mr.auth.user_id = 222L
+
+    self.assertRaises(permissions.PermissionException,
+                      self.servlet.AssertBasePermission, mr)
+
+    mr.auth.user_id = 111L
+    self.servlet.AssertBasePermission(mr)
+
+    mr.auth.user_id = 222L
+    mr.auth.user_pb.is_site_admin = True
+    self.servlet.AssertBasePermission(mr)