moo.core.tests.test_security_model_verb

Security tests: Verb / VerbName / Alias model permission checks.

Covers Verb.save / .delete / .reload, VerbName.save / .delete, Alias.delete, Verb._invoked_object / _invoked_name read+write blocking, and passthrough() caller-context forgery.

Functions

test_alias_delete_requires_write_permission(...)	Alias.save() was already permission-checked, but Alias.delete() was not.
test_passthrough_has_no_this_parameter()	passthrough() is passed to verb code as its second positional argument.
test_passthrough_raises_when_unbound()	passthrough() raises RuntimeError when called on an unbound verb (no _invoked_object/_invoked_name set).
test_verb_delete_allowed_for_owner(t_init, ...)	The owner can delete a verb on their own object.
test_verb_delete_requires_write_permission(...)	Verb.delete() previously had no permission check.
test_verb_reload_requires_write_permission(...)	Verb.reload() previously had no permission check.
test_verb_save_allowed_for_owner(t_init, ...)	The owner of an object can still save changes to a verb on it.
test_verb_save_requires_write_permission(...)	A non-wizard with only read access must not be able to overwrite verb code by getting a Verb model instance and calling .save() directly.
test_verbname_delete_requires_write_permission(...)	VerbName.delete() previously had no permission check.
test_verbname_save_requires_write_permission(...)	VerbName.save() previously had no permission check.
testinvoked_name_write_blocked(t_init, t_wizard)	Verb._invoked_name is an underscore-prefixed instance attribute.
testinvoked_object_read_blocked(t_init, t_wizard)	Verb._invoked_object is underscore-prefixed; get_protected_attribute must block read access from verb code, preventing information disclosure about the dispatch target.
testinvoked_object_write_blocked(t_init, ...)	Verb._invoked_object is an underscore-prefixed instance attribute.