author | Julien Cristau <julien.cristau@logilab.fr> |
Mon, 05 Oct 2015 16:54:12 +0200 | |
changeset 10772 | 2ff5afce3216 |
parent 10388 | 90fcddcce166 |
permissions | -rw-r--r-- |
10388
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
1 |
# copyright 2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
3 |
# |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
4 |
# This file is part of CubicWeb. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
5 |
# |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
9 |
# any later version. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
10 |
# |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
14 |
# details. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
15 |
# |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
18 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
from cubicweb.devtools.testlib import CubicWebTC |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
20 |
from cubicweb.server import hook |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
21 |
from cubicweb.predicates import is_instance |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
22 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
23 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
24 |
class SecurityHooksTC(CubicWebTC): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
25 |
def setup_database(self): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
26 |
with self.admin_access.repo_cnx() as cnx: |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
27 |
self.add_eid = cnx.create_entity('EmailAddress', |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
28 |
address=u'hop@perdu.com', |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
29 |
reverse_use_email=cnx.user.eid).eid |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
30 |
cnx.commit() |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
31 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
def test_inlined_cw_edited_relation(self): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
33 |
"""modification of cw_edited to add an inlined relation shouldn't trigger a security error. |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
34 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
35 |
Test for https://www.cubicweb.org/ticket/5477315 |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
36 |
""" |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
37 |
sender = self.repo.schema['Email'].rdef('sender') |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
38 |
with self.temporary_permissions((sender, {'add': ()})): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
39 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
40 |
class MyHook(hook.Hook): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
41 |
__regid__ = 'test.pouet' |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
42 |
__select__ = hook.Hook.__select__ & is_instance('Email') |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
43 |
events = ('before_add_entity',) |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
44 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
45 |
def __call__(self): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
46 |
self.entity.cw_edited['sender'] = self._cw.user.primary_email[0].eid |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
47 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
48 |
with self.temporary_appobjects(MyHook): |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
49 |
with self.admin_access.repo_cnx() as cnx: |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
50 |
email = cnx.create_entity('Email', messageid=u'1234') |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
51 |
cnx.commit() |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
52 |
self.assertEqual(email.sender[0].eid, self.add_eid) |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
53 |
|
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
54 |
if __name__ == '__main__': |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
55 |
from logilab.common.testlib import unittest_main |
90fcddcce166
when some inlined relation is set using cw_edited, its security shouldn't be checked.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
56 |
unittest_main() |