325 try: |
325 try: |
326 cnx = self.login('iaminusersgrouponly') |
326 cnx = self.login('iaminusersgrouponly') |
327 cu = cnx.cursor() |
327 cu = cnx.cursor() |
328 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
328 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
329 # entity created in transaction are readable *by eid* |
329 # entity created in transaction are readable *by eid* |
330 self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2})) |
330 self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2})) |
331 # XXX would be nice if it worked |
331 # XXX would be nice if it worked |
332 rset = cu.execute("Affaire X WHERE X sujet 'cool'") |
332 rset = cu.execute("Affaire X WHERE X sujet 'cool'") |
333 self.assertEqual(len(rset), 0) |
333 self.assertEqual(len(rset), 0) |
334 finally: |
334 finally: |
335 affschema.set_action_permissions('read', origperms) |
335 affschema.set_action_permissions('read', origperms) |
345 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
345 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
346 soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0] |
346 soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0] |
347 cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1}) |
347 cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1}) |
348 cnx.commit() |
348 cnx.commit() |
349 self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1}) |
349 self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1}) |
350 self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2})) |
350 self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2})) |
351 self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':card1})) |
351 self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':card1})) |
352 rset = cu.execute("Any X WHERE X has_text 'cool'") |
352 rset = cu.execute("Any X WHERE X has_text 'cool'") |
353 self.assertEqual(sorted(eid for eid, in rset.rows), |
353 self.assertEqual(sorted(eid for eid, in rset.rows), |
354 [card1, aff2]) |
354 [card1, aff2]) |
355 cnx.close() |
355 cnx.close() |
356 |
356 |
455 self.repo.schema['CWUser'].set_action_permissions('read', ('guests', 'users', 'managers')) |
455 self.repo.schema['CWUser'].set_action_permissions('read', ('guests', 'users', 'managers')) |
456 self.repo.schema['CWUser'].rdef('login').set_action_permissions('read', ('users', 'managers')) |
456 self.repo.schema['CWUser'].rdef('login').set_action_permissions('read', ('users', 'managers')) |
457 cnx = self.login('anon') |
457 cnx = self.login('anon') |
458 cu = cnx.cursor() |
458 cu = cnx.cursor() |
459 rset = cu.execute('CWUser X') |
459 rset = cu.execute('CWUser X') |
460 self.failUnless(rset) |
460 self.assertTrue(rset) |
461 x = rset.get_entity(0, 0) |
461 x = rset.get_entity(0, 0) |
462 self.assertEqual(x.login, None) |
462 self.assertEqual(x.login, None) |
463 self.failUnless(x.creation_date) |
463 self.assertTrue(x.creation_date) |
464 x = rset.get_entity(1, 0) |
464 x = rset.get_entity(1, 0) |
465 x.complete() |
465 x.complete() |
466 self.assertEqual(x.login, None) |
466 self.assertEqual(x.login, None) |
467 self.failUnless(x.creation_date) |
467 self.assertTrue(x.creation_date) |
468 cnx.rollback() |
468 cnx.rollback() |
469 cnx.close() |
469 cnx.close() |
470 |
470 |
471 class BaseSchemaSecurityTC(BaseSecurityTC): |
471 class BaseSchemaSecurityTC(BaseSecurityTC): |
472 """tests related to the base schema permission configuration""" |
472 """tests related to the base schema permission configuration""" |
490 1) # TrInfo at the above state change |
490 1) # TrInfo at the above state change |
491 cnx = self.login('iaminusersgrouponly') |
491 cnx = self.login('iaminusersgrouponly') |
492 cu = cnx.cursor() |
492 cu = cnx.cursor() |
493 cu.execute('DELETE Affaire X WHERE X ref "ARCT01"') |
493 cu.execute('DELETE Affaire X WHERE X ref "ARCT01"') |
494 cnx.commit() |
494 cnx.commit() |
495 self.failIf(cu.execute('Affaire X')) |
495 self.assertFalse(cu.execute('Affaire X')) |
496 cnx.close() |
496 cnx.close() |
497 |
497 |
498 def test_users_and_groups_non_readable_by_guests(self): |
498 def test_users_and_groups_non_readable_by_guests(self): |
499 cnx = self.login('anon') |
499 cnx = self.login('anon') |
500 anon = cnx.user(self.session) |
500 anon = cnx.user(self.session) |