diff options
| author | Barry Warsaw | 2016-02-07 17:47:15 -0500 |
|---|---|---|
| committer | Barry Warsaw | 2016-02-07 17:47:15 -0500 |
| commit | 407adc0e44c7487e78643c5185c49f1a1bedd7d6 (patch) | |
| tree | 2f12b42765590e1c12836e5a2ccee87bedad132c /src/mailman/rest/tests/test_moderation.py | |
| parent | d87106191610b69387feb1e339ecdf6db9727c53 (diff) | |
| download | mailman-407adc0e44c7487e78643c5185c49f1a1bedd7d6.tar.gz mailman-407adc0e44c7487e78643c5185c49f1a1bedd7d6.tar.zst mailman-407adc0e44c7487e78643c5185c49f1a1bedd7d6.zip | |
Diffstat (limited to 'src/mailman/rest/tests/test_moderation.py')
| -rw-r--r-- | src/mailman/rest/tests/test_moderation.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/mailman/rest/tests/test_moderation.py b/src/mailman/rest/tests/test_moderation.py index c0e00a6c9..17322b618 100644 --- a/src/mailman/rest/tests/test_moderation.py +++ b/src/mailman/rest/tests/test_moderation.py @@ -126,6 +126,29 @@ Something else. self.assertEqual(content['total_size'], 1) self.assertEqual(content['entries'][0]['request_id'], held_id) + def test_cant_get_other_lists_holds(self): + # Issue #161: It was possible to moderate a held message for another + # list via the REST API. + with transaction(): + held_id = hold_message(self._mlist, self._msg) + create_list('bee@example.com') + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/lists/bee.example.com' + '/held/{}'.format(held_id)) + self.assertEqual(cm.exception.code, 404) + + def test_cant_moderate_other_lists_holds(self): + # Issue #161: It was possible to moderate a held message for another + # list via the REST API. + with transaction(): + held_id = hold_message(self._mlist, self._msg) + create_list('bee@example.com') + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/lists/bee.example.com' + '/held/{}'.format(held_id), + dict(action='discard')) + self.assertEqual(cm.exception.code, 404) + class TestSubscriptionModeration(unittest.TestCase): |