239 |
239 |
240 def test_unrelated_rql_security_1_manager(self): |
240 def test_unrelated_rql_security_1_manager(self): |
241 user = self.request().user |
241 user = self.request().user |
242 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
242 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
244 'WHERE NOT EXISTS(S use_email O), S eid %(x)s, ' |
244 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
245 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
245 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
246 |
246 |
247 def test_unrelated_rql_security_1_user(self): |
247 def test_unrelated_rql_security_1_user(self): |
248 self.create_user('toto') |
248 self.create_user('toto') |
249 self.login('toto') |
249 self.login('toto') |
250 user = self.request().user |
250 user = self.request().user |
251 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
251 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
252 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
252 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
253 'WHERE NOT EXISTS(S use_email O), S eid %(x)s, ' |
253 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
254 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
254 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
255 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
255 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
256 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
256 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
257 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
257 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
258 'NOT EXISTS(S use_email O), S eid %(x)s, ' |
258 'WHERE NOT EXISTS(ZZ use_email O, ZZ is CWUser), S eid %(x)s, ' |
259 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, ' |
259 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, A eid %(B)s, ' |
260 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
260 'EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
261 |
261 |
262 def test_unrelated_rql_security_1_anon(self): |
262 def test_unrelated_rql_security_1_anon(self): |
263 self.login('anon') |
263 self.login('anon') |
264 user = self.request().user |
264 user = self.request().user |
265 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
265 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
266 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
266 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
267 'NOT EXISTS(S use_email O), S eid %(x)s, ' |
267 'WHERE NOT EXISTS(ZZ use_email O, ZZ is CWUser), S eid %(x)s, ' |
268 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, ' |
268 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, A eid %(B)s, ' |
269 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
269 'EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
270 |
270 |
271 def test_unrelated_rql_security_2(self): |
271 def test_unrelated_rql_security_2(self): |
272 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
272 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
273 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
273 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
274 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
274 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
275 'WHERE NOT EXISTS(S use_email O), S is CWUser, ' |
275 'WHERE NOT EXISTS(S use_email O), O eid %(x)s, S is CWUser, ' |
276 'S login AA, S firstname AB, S surname AC, S modification_date AD') |
276 'S login AA, S firstname AB, S surname AC, S modification_date AD') |
277 self.login('anon') |
277 self.login('anon') |
278 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
278 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
279 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
279 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
280 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
280 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
281 'WHERE NOT EXISTS(S use_email O, O is EmailAddress), S is CWUser, ' |
281 'WHERE NOT EXISTS(S use_email O), O eid %(x)s, S is CWUser, ' |
282 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
282 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
283 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
283 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
284 |
284 |
285 def test_unrelated_rql_security_nonexistant(self): |
285 def test_unrelated_rql_security_nonexistant(self): |
286 self.login('anon') |
286 self.login('anon') |
287 email = self.vreg['etypes'].etype_class('EmailAddress')(self.request()) |
287 email = self.vreg['etypes'].etype_class('EmailAddress')(self.request()) |
288 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
288 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
289 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
289 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
290 'WHERE NOT EXISTS(S use_email O, O is EmailAddress), S is CWUser, ' |
290 'WHERE S is CWUser, ' |
291 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
291 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
292 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
292 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
293 |
293 |
294 def test_unrelated_rql_constraints_creation_subject(self): |
294 def test_unrelated_rql_constraints_creation_subject(self): |
295 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |
295 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |