|
1 # copyright 2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
3 # |
|
4 # This file is part of CubicWeb. |
|
5 # |
|
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
|
7 # terms of the GNU Lesser General Public License as published by the Free |
|
8 # Software Foundation, either version 2.1 of the License, or (at your option) |
|
9 # any later version. |
|
10 # |
|
11 # CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
|
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
13 # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
14 # details. |
|
15 # |
|
16 # You should have received a copy of the GNU Lesser General Public License along |
|
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
|
18 |
|
19 from cubicweb.devtools.testlib import CubicWebTC |
|
20 from cubicweb.server import hook |
|
21 from cubicweb.predicates import is_instance |
|
22 |
|
23 |
|
24 class SecurityHooksTC(CubicWebTC): |
|
25 def setup_database(self): |
|
26 with self.admin_access.repo_cnx() as cnx: |
|
27 self.add_eid = cnx.create_entity('EmailAddress', |
|
28 address=u'hop@perdu.com', |
|
29 reverse_use_email=cnx.user.eid).eid |
|
30 cnx.commit() |
|
31 |
|
32 def test_inlined_cw_edited_relation(self): |
|
33 """modification of cw_edited to add an inlined relation shouldn't trigger a security error. |
|
34 |
|
35 Test for https://www.cubicweb.org/ticket/5477315 |
|
36 """ |
|
37 sender = self.repo.schema['Email'].rdef('sender') |
|
38 with self.temporary_permissions((sender, {'add': ()})): |
|
39 |
|
40 class MyHook(hook.Hook): |
|
41 __regid__ = 'test.pouet' |
|
42 __select__ = hook.Hook.__select__ & is_instance('Email') |
|
43 events = ('before_add_entity',) |
|
44 |
|
45 def __call__(self): |
|
46 self.entity.cw_edited['sender'] = self._cw.user.primary_email[0].eid |
|
47 |
|
48 with self.temporary_appobjects(MyHook): |
|
49 with self.admin_access.repo_cnx() as cnx: |
|
50 email = cnx.create_entity('Email', messageid=u'1234') |
|
51 cnx.commit() |
|
52 self.assertEqual(email.sender[0].eid, self.add_eid) |
|
53 |
|
54 if __name__ == '__main__': |
|
55 from logilab.common.testlib import unittest_main |
|
56 unittest_main() |