fix: prevent delete for built-in roles

2024-08-14 16:58:08 -05:00 · 2024-08-14 16:58:08 -05:00 · bc49392140
commit bc49392140
parent 330ee324ba
8 changed files with 106 additions and 53 deletions
--- a/tests/views/test_roles.py
+++ b/tests/views/test_roles.py
@ -31,6 +31,22 @@ class TestRoleView(WebTestCase):
        view.configure_grid(grid)
        self.assertTrue(grid.is_linked('name'))

+    def test_is_deletable(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        self.session.commit()
+        view = self.make_view()
+
+        # deletable by default
+        self.assertTrue(view.is_deletable(blokes))
+
+        # built-in roles not deletable
+        self.assertFalse(view.is_deletable(auth.get_role_administrator(self.session)))
+        self.assertFalse(view.is_deletable(auth.get_role_authenticated(self.session)))
+        self.assertFalse(view.is_deletable(auth.get_role_anonymous(self.session)))
+
    def test_configure_form(self):
        model = self.app.model
        role = model.Role(name="Foo")