moo.core.tests.test_security_model_object

Security tests: Object model permission checks.

Covers Object.delete write enforcement, Object.remove_parent write enforcement, the _original_owner / _original_location entrust-bypass defenses, and the wizard-ORM queryset-mutation guard.

Functions

`test_add_parent_regression`(t_init, t_wizard)	add_parent() still works correctly after remove_parent() was added — regression.
`test_add_parent_with_transmute_and_derive_only`(...)	Mirror of the remove test: `add_parent` only requires `transmute` on the child and `derive` on the parent.
`test_entrust_check_fires_for_third_party_transfer`(...)	A caller with write but not entrust cannot use Object.save() to transfer ownership to a THIRD PARTY (one who is not the current caller).
`test_object_delete_requires_write_permission`(...)	A non-wizard with read access must not be able to delete an arbitrary object.
`test_original_location_write_blocked`(t_init, ...)	Object._original_location is the pre-save location snapshot used by Object.save() to detect location changes and trigger the move permission check plus accept/ enterfunc/exitfunc logic.
`test_original_owner_write_blocked`(t_init, ...)	Object._original_owner is the pre-save owner snapshot used by Object.save() to detect ownership changes and trigger the entrust permission check.
`test_remove_parent_requires_transmute_and_derive`(...)	remove_parent() goes through the m2m_changed signal handler, which enforces `transmute` on the child and `derive` on the parent.
`test_remove_parent_with_transmute_and_derive_only`(...)	A caller with `transmute` on the child and `derive` on the parent (but no `write` on either) can successfully remove the parent.
`test_remove_parent_works`(t_init, t_wizard)	Wizard can remove a parent from an object they own.
`test_save_combined_change_requires_all_relevant_perms`(...)	When both `location` and a non-ACL field change in the same save, both `move` AND `write` are required.
`test_save_location_only_requires_move`(...)	A caller with `move` permission on an object (but not `write`) can change `location` and save.
`test_save_name_change_still_requires_write`(...)	A caller with `move` and `entrust` but not `write` cannot change a non-ACL field like `name`.
`test_save_no_change_skips_write_check`(...)	Re-saving an object with no field changes does not require `write`.
`test_save_owner_only_requires_entrust`(...)	A caller with `entrust` on an object (but not `write`) can transfer ownership.
`test_wizard_allowed_modules_queryset_mutations_still_blocked`(...)	WIZARD_ALLOWED_MODULES includes moo.core.models, giving wizard verb code access to Object, Verb, Property, User, Player, and other model classes for debugging purposes.