Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
branchstable
changeset 6410 2e7a7b0829ed
parent 6340 470d8e828fda
child 7072 bcf96f2a4c5d
equal deleted inserted replaced
6408:7674f674de40 6410:2e7a7b0829ed 
    20 import sys
 
    20 import sys
 
    21 
    21 
    22 from logilab.common.testlib import unittest_main, TestCase
 
    22 from logilab.common.testlib import unittest_main, TestCase
 
    23 from cubicweb.devtools.testlib import CubicWebTC
 
    23 from cubicweb.devtools.testlib import CubicWebTC
 
    24 
    24 
    25 from cubicweb import Unauthorized, ValidationError
 
    25 from cubicweb import Unauthorized, ValidationError, QueryError
 
    26 from cubicweb.server.querier import check_read_access
 
    26 from cubicweb.server.querier import check_read_access
 
    27 
    27 
    28 class BaseSecurityTC(CubicWebTC):
 
    28 class BaseSecurityTC(CubicWebTC):
 
    29 
    29 
    30     def setUp(self):
 
    30     def setUp(self):
 
   187         # this won't actually do anything since the selection query won't return anything
 
   187         # this won't actually do anything since the selection query won't return anything
 
   188         cu.execute("DELETE Affaire X")
 
   188         cu.execute("DELETE Affaire X")
 
   189         cnx.commit()
 
   189         cnx.commit()
 
   190         # to actually get Unauthorized exception, try to delete an entity we can read
 
   190         # to actually get Unauthorized exception, try to delete an entity we can read
 
   191         self.assertRaises(Unauthorized, cu.execute, "DELETE Societe S")
 
   191         self.assertRaises(Unauthorized, cu.execute, "DELETE Societe S")
 
       
   192         self.assertRaises(QueryError, cnx.commit) # can't commit anymore
 
       
   193         cnx.rollback() # required after Unauthorized
 
   192         cu.execute("INSERT Affaire X: X sujet 'pascool'")
 
   194         cu.execute("INSERT Affaire X: X sujet 'pascool'")
 
   193         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   195         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   194         cu.execute("SET A concerne S WHERE A sujet 'pascool', S nom 'chouette'")
 
   196         cu.execute("SET A concerne S WHERE A sujet 'pascool', S nom 'chouette'")
 
   195         cnx.commit()
 
   197         cnx.commit()
 
   196 ##         # this one should fail since it will try to delete two affaires, one authorized
 
   198 ##         # this one should fail since it will try to delete two affaires, one authorized
 
   214         ent = rset.get_entity(0, 0)
 
   216         ent = rset.get_entity(0, 0)
 
   215         session.set_pool() # necessary
 
   217         session.set_pool() # necessary
 
   216         self.assertRaises(Unauthorized, ent.cw_check_perm, 'update')
 
   218         self.assertRaises(Unauthorized, ent.cw_check_perm, 'update')
 
   217         self.assertRaises(Unauthorized,
 
   219         self.assertRaises(Unauthorized,
 
   218                           cu.execute, "SET P travaille S WHERE P is Personne, S is Societe")
 
   220                           cu.execute, "SET P travaille S WHERE P is Personne, S is Societe")
 
       
   221         self.assertRaises(QueryError, cnx.commit) # can't commit anymore
 
       
   222         cnx.rollback()
 
   219         # test nothing has actually been inserted:
 
   223         # test nothing has actually been inserted:
 
   220         self.assertEqual(cu.execute('Any P,S WHERE P travaille S,P is Personne, S is Societe').rowcount, 0)
 
   224         self.assertEqual(cu.execute('Any P,S WHERE P travaille S,P is Personne, S is Societe').rowcount, 0)
 
   221         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   225         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   222         cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
 
   226         cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
 
   223         cnx.commit()
 
   227         cnx.commit()
 
   237         self.execute("SET A concerne S WHERE A sujet 'pascool', S is Societe")
 
   241         self.execute("SET A concerne S WHERE A sujet 'pascool', S is Societe")
 
   238         self.commit()
 
   242         self.commit()
 
   239         cnx = self.login('iaminusersgrouponly')
 
   243         cnx = self.login('iaminusersgrouponly')
 
   240         cu = cnx.cursor()
 
   244         cu = cnx.cursor()
 
   241         self.assertRaises(Unauthorized, cu.execute, "DELETE A concerne S")
 
   245         self.assertRaises(Unauthorized, cu.execute, "DELETE A concerne S")
 
       
   246         self.assertRaises(QueryError, cnx.commit) # can't commit anymore
 
       
   247         cnx.rollback() # required after Unauthorized
 
   242         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   248         cu.execute("INSERT Societe X: X nom 'chouette'")
 
   243         cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
 
   249         cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
 
   244         cnx.commit()
 
   250         cnx.commit()
 
   245         cu.execute("DELETE A concerne S WHERE S nom 'chouette'")
 
   251         cu.execute("DELETE A concerne S WHERE S nom 'chouette'")
 
   246 
   252
cubicweb