Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/test/unittest_security.py
changeset 11057 0b59724cb3f2
parent 11052 058bb3dc685f
child 11058 23eb30449fe5
equal deleted inserted replaced
11052:058bb3dc685f 11057:0b59724cb3f2 
     1 # copyright 2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 
       
     2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 
       
     3 #
 
       
     4 # This file is part of CubicWeb.
 
       
     5 #
 
       
     6 # CubicWeb is free software: you can redistribute it and/or modify it under the
 
       
     7 # terms of the GNU Lesser General Public License as published by the Free
 
       
     8 # Software Foundation, either version 2.1 of the License, or (at your option)
 
       
     9 # any later version.
 
       
    10 #
 
       
    11 # CubicWeb is distributed in the hope that it will be useful, but WITHOUT
 
       
    12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 
       
    13 # FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
 
       
    14 # details.
 
       
    15 #
 
       
    16 # You should have received a copy of the GNU Lesser General Public License along
 
       
    17 # with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
 
       
    18 
       
    19 from cubicweb.devtools.testlib import CubicWebTC
 
       
    20 from cubicweb.server import hook
 
       
    21 from cubicweb.predicates import is_instance
 
       
    22 
       
    23 
       
    24 class SecurityHooksTC(CubicWebTC):
 
       
    25     def setup_database(self):
 
       
    26         with self.admin_access.repo_cnx() as cnx:
 
       
    27             self.add_eid = cnx.create_entity('EmailAddress',
 
       
    28                                              address=u'hop@perdu.com',
 
       
    29                                              reverse_use_email=cnx.user.eid).eid
 
       
    30             cnx.commit()
 
       
    31 
       
    32     def test_inlined_cw_edited_relation(self):
 
       
    33         """modification of cw_edited to add an inlined relation shouldn't trigger a security error.
 
       
    34 
       
    35         Test for https://www.cubicweb.org/ticket/5477315
 
       
    36         """
 
       
    37         sender = self.repo.schema['Email'].rdef('sender')
 
       
    38         with self.temporary_permissions((sender, {'add': ()})):
 
       
    39 
       
    40             class MyHook(hook.Hook):
 
       
    41                 __regid__ = 'test.pouet'
 
       
    42                 __select__ = hook.Hook.__select__ & is_instance('Email')
 
       
    43                 events = ('before_add_entity',)
 
       
    44 
       
    45                 def __call__(self):
 
       
    46                     self.entity.cw_edited['sender'] = self._cw.user.primary_email[0].eid
 
       
    47 
       
    48             with self.temporary_appobjects(MyHook):
 
       
    49                 with self.admin_access.repo_cnx() as cnx:
 
       
    50                     email = cnx.create_entity('Email', messageid=u'1234')
 
       
    51                     cnx.commit()
 
       
    52                     self.assertEqual(email.sender[0].eid, self.add_eid)
 
       
    53 
       
    54 if __name__ == '__main__':
 
       
    55     from logilab.common.testlib import unittest_main
 
       
    56     unittest_main()
cubicweb