--- a/Allura/allura/tests/functional/test_rest.py
+++ b/Allura/allura/tests/functional/test_rest.py
@@ -19,9 +19,12 @@
from datetime import datetime, timedelta
+from nose.tools import assert_equal
+
from allura.tests import decorators as td
from alluratest.controller import TestRestApiBase
from allura.lib import helpers as h
+from allura import model as M
class TestRestHome(TestRestApiBase):
@@ -77,3 +80,19 @@
assert r.status_int == 200
assert r.json['title'].encode('utf-8') == 'tĂŠst', r.json
+ @td.with_wiki
+ def test_deny_access(self):
+ wiki = M.Project.query.get(shortname='test').app_instance('wiki')
+ anon_read_perm = M.ACE.allow(M.ProjectRole.by_name('*anonymous')._id, 'read')
+ auth_read_perm = M.ACE.allow(M.ProjectRole.by_name('*authenticated')._id, 'read')
+ acl = wiki.config.acl
+ if anon_read_perm in acl:
+ acl.remove(anon_read_perm)
+ if auth_read_perm in acl:
+ acl.remove(auth_read_perm)
+ self.app.get('/rest/p/test/wiki/Home/',
+ extra_environ={'username': '*anonymous'},
+ status=401)
+ self.app.get('/rest/p/test/wiki/Home/',
+ extra_environ={'username': 'test-user-0'},
+ status=401)