--- a/Allura/allura/tests/test_security.py
+++ b/Allura/allura/tests/test_security.py
@@ -21,6 +21,10 @@
self.app.get('/security/test-admin/needs_auth', status=200)
self.app.get('/security/test-admin/needs_project_access_fail', status=403)
self.app.get('/security/test-admin/needs_project_access_ok', status=200)
- self.app.get('/security/test-admin/needs_artifact_access_fail', status=403)
+ # This should fail b/c test-user doesn't have the permission
+ self.app.get('/security/test-user/needs_artifact_access_fail', extra_environ=dict(username='test-user'), status=403)
+ # This should succeed b/c users with the 'admin' permission on a
+ # project implicitly have all permissions to everything in the project
+ self.app.get('/security/test-admin/needs_artifact_access_fail', status=200)
self.app.get('/security/test-admin/needs_artifact_access_ok', status=200)