From 1edae946cc31eda0be09f622f547a794f8617fff Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 6 Oct 2013 22:02:22 +0100
Subject: Test that non-admin can't remove a user

---
 git.liw.fi.sh   |  3 +++
 git.liw.fi.yarn | 18 +++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/git.liw.fi.sh b/git.liw.fi.sh
index 56945e4..653e6ec 100644
--- a/git.liw.fi.sh
+++ b/git.liw.fi.sh
@@ -74,5 +74,8 @@ user_del()
     then
 	secret=$(awk '{ s = $2 } END { print s }' "$DATADIR/temp")
 	run_gitano_as "$1" user del "$2" "$secret"
+    else
+	cat "$DATADIR/temp" 1>&2
+	return 1
     fi
 }
diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn
index ba616b2..72714d7 100644
--- a/git.liw.fi.yarn
+++ b/git.liw.fi.yarn
@@ -47,12 +47,19 @@ A non-admin mustn't be able to create or remove users.
 	SCENARIO non-admin attempts to create or remove users
 	ASSUMING no tstusr user exists on server
 	AND no tstusr2 user exists on server
+
 	GIVEN an ssh key for tstusr
 	AND an ssh key for tstusr2
 	WHEN admin creates user tstusr
 	AND tstusr attempts to create user tstusr2
 	THEN attempt failed with error matching "You may not perform site administration"
+
+	WHEN admin creates user tstusr2
+	AND tstusr attempts to remove user tstusr2
+	THEN attempt failed with error matching "You may not perform site administration"
+
 	FINALLY remove user tstusr on server
+	AND remove user tstusr2 on server
 
 
 Implementation sections
@@ -68,6 +75,7 @@ intentionally named to be quite generic so we don't need to have
 multiple "foo failed with error..." steps.
 
 	IMPLEMENTS THEN attempt failed with error matching "(.*)"
+	cat "$DATADIR/attempt.stderr"
 	grep "$MATCH_1" "$DATADIR/attempt.stderr"
 
 ssh key generation
@@ -153,7 +161,15 @@ Admin removes a user.
 	IMPLEMENTS WHEN admin removes user (\S+)
 	user_del admin "$MATCH_1"
 
+Non-admin attempts to remove a user.
+
+	IMPLEMENTS WHEN (\S+) attempts to remove user (\S+)
+	attempt user_del "$MATCH_1" "$MATCH_2"
+
 Admin clean up user at end of scenario.
 
 	IMPLEMENTS FINALLY remove user (\S+) on server
-	user_del admin "$MATCH_1"
+	if user_exists "$MATCH_1"
+	then
+		user_del admin "$MATCH_1"
+	fi
-- 
cgit v1.2.1