Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
changeset 7791 31bb51ea5485
parent 7398 26695dd703d8
child 8075 f57ffbfe90fe
equal deleted inserted replaced
7790:7e16e056eecb 7791:31bb51ea5485 
   325         try:
 
   325         try:
 
   326             cnx = self.login('iaminusersgrouponly')
 
   326             cnx = self.login('iaminusersgrouponly')
 
   327             cu = cnx.cursor()
 
   327             cu = cnx.cursor()
 
   328             aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   328             aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   329             # entity created in transaction are readable *by eid*
 
   329             # entity created in transaction are readable *by eid*
 
   330             self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
 
   330             self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
 
   331             # XXX would be nice if it worked
 
   331             # XXX would be nice if it worked
 
   332             rset = cu.execute("Affaire X WHERE X sujet 'cool'")
 
   332             rset = cu.execute("Affaire X WHERE X sujet 'cool'")
 
   333             self.assertEqual(len(rset), 0)
 
   333             self.assertEqual(len(rset), 0)
 
   334         finally:
 
   334         finally:
 
   335             affschema.set_action_permissions('read', origperms)
 
   335             affschema.set_action_permissions('read', origperms)
 
   345         aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   345         aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   346         soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0]
 
   346         soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0]
 
   347         cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1})
 
   347         cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1})
 
   348         cnx.commit()
 
   348         cnx.commit()
 
   349         self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1})
 
   349         self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1})
 
   350         self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
 
   350         self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
 
   351         self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':card1}))
 
   351         self.assertTrue(cu.execute('Any X WHERE X eid %(x)s', {'x':card1}))
 
   352         rset = cu.execute("Any X WHERE X has_text 'cool'")
 
   352         rset = cu.execute("Any X WHERE X has_text 'cool'")
 
   353         self.assertEqual(sorted(eid for eid, in rset.rows),
 
   353         self.assertEqual(sorted(eid for eid, in rset.rows),
 
   354                           [card1, aff2])
 
   354                           [card1, aff2])
 
   355         cnx.close()
 
   355         cnx.close()
 
   356 
   356 
   455         self.repo.schema['CWUser'].set_action_permissions('read', ('guests', 'users', 'managers'))
 
   455         self.repo.schema['CWUser'].set_action_permissions('read', ('guests', 'users', 'managers'))
 
   456         self.repo.schema['CWUser'].rdef('login').set_action_permissions('read', ('users', 'managers'))
 
   456         self.repo.schema['CWUser'].rdef('login').set_action_permissions('read', ('users', 'managers'))
 
   457         cnx = self.login('anon')
 
   457         cnx = self.login('anon')
 
   458         cu = cnx.cursor()
 
   458         cu = cnx.cursor()
 
   459         rset = cu.execute('CWUser X')
 
   459         rset = cu.execute('CWUser X')
 
   460         self.failUnless(rset)
 
   460         self.assertTrue(rset)
 
   461         x = rset.get_entity(0, 0)
 
   461         x = rset.get_entity(0, 0)
 
   462         self.assertEqual(x.login, None)
 
   462         self.assertEqual(x.login, None)
 
   463         self.failUnless(x.creation_date)
 
   463         self.assertTrue(x.creation_date)
 
   464         x = rset.get_entity(1, 0)
 
   464         x = rset.get_entity(1, 0)
 
   465         x.complete()
 
   465         x.complete()
 
   466         self.assertEqual(x.login, None)
 
   466         self.assertEqual(x.login, None)
 
   467         self.failUnless(x.creation_date)
 
   467         self.assertTrue(x.creation_date)
 
   468         cnx.rollback()
 
   468         cnx.rollback()
 
   469         cnx.close()
 
   469         cnx.close()
 
   470 
   470 
   471 class BaseSchemaSecurityTC(BaseSecurityTC):
 
   471 class BaseSchemaSecurityTC(BaseSecurityTC):
 
   472     """tests related to the base schema permission configuration"""
 
   472     """tests related to the base schema permission configuration"""
 
   490                           1) # TrInfo at the above state change
 
   490                           1) # TrInfo at the above state change
 
   491         cnx = self.login('iaminusersgrouponly')
 
   491         cnx = self.login('iaminusersgrouponly')
 
   492         cu = cnx.cursor()
 
   492         cu = cnx.cursor()
 
   493         cu.execute('DELETE Affaire X WHERE X ref "ARCT01"')
 
   493         cu.execute('DELETE Affaire X WHERE X ref "ARCT01"')
 
   494         cnx.commit()
 
   494         cnx.commit()
 
   495         self.failIf(cu.execute('Affaire X'))
 
   495         self.assertFalse(cu.execute('Affaire X'))
 
   496         cnx.close()
 
   496         cnx.close()
 
   497 
   497 
   498     def test_users_and_groups_non_readable_by_guests(self):
 
   498     def test_users_and_groups_non_readable_by_guests(self):
 
   499         cnx = self.login('anon')
 
   499         cnx = self.login('anon')
 
   500         anon = cnx.user(self.session)
 
   500         anon = cnx.user(self.session)
cubicweb