760 {'A': 'table0.C0', 'X': 'table1.C0', 'X.login': 'table1.C1', 'R': 'table1.C1', 'Y.type': 'table0.C1'}, []) |
760 {'A': 'table0.C0', 'X': 'table1.C0', 'X.login': 'table1.C1', 'R': 'table1.C1', 'Y.type': 'table0.C1'}, []) |
761 ]) |
761 ]) |
762 |
762 |
763 def test_security_has_text(self): |
763 def test_security_has_text(self): |
764 # use a guest user |
764 # use a guest user |
765 self.session = self._user_session()[1] |
765 self.session = self.user_groups_session('guests') |
766 self._test('Any X WHERE X has_text "bla"', |
766 self._test('Any X WHERE X has_text "bla"', |
767 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
767 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
768 [self.cards, self.system], None, {'E': 'table0.C0'}, []), |
768 [self.cards, self.system], None, {'E': 'table0.C0'}, []), |
769 ('UnionStep', None, None, |
769 ('UnionStep', None, None, |
770 [('OneFetchStep', |
770 [('OneFetchStep', |
787 ]) |
787 ]) |
788 ]) |
788 ]) |
789 |
789 |
790 def test_security_has_text_limit_offset(self): |
790 def test_security_has_text_limit_offset(self): |
791 # use a guest user |
791 # use a guest user |
792 self.session = self._user_session()[1] |
792 self.session = self.user_groups_session('guests') |
793 # note: same as the above query but because of the subquery usage, the display differs (not printing solutions for each union) |
793 # note: same as the above query but because of the subquery usage, the display differs (not printing solutions for each union) |
794 self._test('Any X LIMIT 10 OFFSET 10 WHERE X has_text "bla"', |
794 self._test('Any X LIMIT 10 OFFSET 10 WHERE X has_text "bla"', |
795 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
795 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
796 [self.cards, self.system], None, {'E': 'table1.C0'}, []), |
796 [self.cards, self.system], None, {'E': 'table1.C0'}, []), |
797 ('UnionFetchStep', [ |
797 ('UnionFetchStep', [ |
825 ]) |
825 ]) |
826 |
826 |
827 def test_security_user(self): |
827 def test_security_user(self): |
828 """a guest user trying to see another user: EXISTS(X owned_by U) is automatically inserted""" |
828 """a guest user trying to see another user: EXISTS(X owned_by U) is automatically inserted""" |
829 # use a guest user |
829 # use a guest user |
830 self.session = self._user_session()[1] |
830 self.session = self.user_groups_session('guests') |
831 self._test('Any X WHERE X login "bla"', |
831 self._test('Any X WHERE X login "bla"', |
832 [('FetchStep', |
832 [('FetchStep', |
833 [('Any X WHERE X login "bla", X is CWUser', [{'X': 'CWUser'}])], |
833 [('Any X WHERE X login "bla", X is CWUser', [{'X': 'CWUser'}])], |
834 [self.ldap, self.system], None, {'X': 'table0.C0'}, []), |
834 [self.ldap, self.system], None, {'X': 'table0.C0'}, []), |
835 ('OneFetchStep', |
835 ('OneFetchStep', |
836 [('Any X WHERE EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
836 [('Any X WHERE EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
837 None, None, [self.system], {'X': 'table0.C0'}, [])]) |
837 None, None, [self.system], {'X': 'table0.C0'}, [])]) |
838 |
838 |
839 def test_security_complex_has_text(self): |
839 def test_security_complex_has_text(self): |
840 # use a guest user |
840 # use a guest user |
841 self.session = self._user_session()[1] |
841 self.session = self.user_groups_session('guests') |
842 self._test('Any X WHERE X has_text "bla", X firstname "bla"', |
842 self._test('Any X WHERE X has_text "bla", X firstname "bla"', |
843 [('FetchStep', [('Any X WHERE X firstname "bla", X is CWUser', [{'X': 'CWUser'}])], |
843 [('FetchStep', [('Any X WHERE X firstname "bla", X is CWUser', [{'X': 'CWUser'}])], |
844 [self.ldap, self.system], None, {'X': 'table0.C0'}, []), |
844 [self.ldap, self.system], None, {'X': 'table0.C0'}, []), |
845 ('UnionStep', None, None, [ |
845 ('UnionStep', None, None, [ |
846 ('OneFetchStep', [('Any X WHERE X has_text "bla", EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
846 ('OneFetchStep', [('Any X WHERE X has_text "bla", EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
850 ]), |
850 ]), |
851 ]) |
851 ]) |
852 |
852 |
853 def test_security_complex_has_text_limit_offset(self): |
853 def test_security_complex_has_text_limit_offset(self): |
854 # use a guest user |
854 # use a guest user |
855 self.session = self._user_session()[1] |
855 self.session = self.user_groups_session('guests') |
856 self._test('Any X LIMIT 10 OFFSET 10 WHERE X has_text "bla", X firstname "bla"', |
856 self._test('Any X LIMIT 10 OFFSET 10 WHERE X has_text "bla", X firstname "bla"', |
857 [('FetchStep', [('Any X WHERE X firstname "bla", X is CWUser', [{'X': 'CWUser'}])], |
857 [('FetchStep', [('Any X WHERE X firstname "bla", X is CWUser', [{'X': 'CWUser'}])], |
858 [self.ldap, self.system], None, {'X': 'table1.C0'}, []), |
858 [self.ldap, self.system], None, {'X': 'table1.C0'}, []), |
859 ('UnionFetchStep', [ |
859 ('UnionFetchStep', [ |
860 ('FetchStep', [('Any X WHERE X has_text "bla", EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
860 ('FetchStep', [('Any X WHERE X has_text "bla", EXISTS(X owned_by 5), X is CWUser', [{'X': 'CWUser'}])], |
867 10, 10, [self.system], {'X': 'table0.C0'}, []) |
867 10, 10, [self.system], {'X': 'table0.C0'}, []) |
868 ]) |
868 ]) |
869 |
869 |
870 def test_security_complex_aggregat(self): |
870 def test_security_complex_aggregat(self): |
871 # use a guest user |
871 # use a guest user |
872 self.session = self._user_session()[1] |
872 self.session = self.user_groups_session('guests') |
873 self._test('Any MAX(X)', |
873 self._test('Any MAX(X)', |
874 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
874 [('FetchStep', [('Any E WHERE E type "X", E is Note', [{'E': 'Note'}])], |
875 [self.cards, self.system], None, {'E': 'table1.C0'}, []), |
875 [self.cards, self.system], None, {'E': 'table1.C0'}, []), |
876 ('FetchStep', [('Any X WHERE X is CWUser', [{'X': 'CWUser'}])], |
876 ('FetchStep', [('Any X WHERE X is CWUser', [{'X': 'CWUser'}])], |
877 [self.ldap, self.system], None, {'X': 'table2.C0'}, []), |
877 [self.ldap, self.system], None, {'X': 'table2.C0'}, []), |
912 None, None, [self.system], {'X': 'table0.C0'}, []) |
912 None, None, [self.system], {'X': 'table0.C0'}, []) |
913 ]) |
913 ]) |
914 |
914 |
915 def test_security_complex_aggregat2(self): |
915 def test_security_complex_aggregat2(self): |
916 # use a guest user |
916 # use a guest user |
917 self.session = self._user_session()[1] |
917 self.session = self.user_groups_session('guests') |
918 X_ET_ALL_SOLS = [] |
918 X_ET_ALL_SOLS = [] |
919 for s in X_ALL_SOLS: |
919 for s in X_ALL_SOLS: |
920 ets = {'ET': 'CWEType'} |
920 ets = {'ET': 'CWEType'} |
921 ets.update(s) |
921 ets.update(s) |
922 X_ET_ALL_SOLS.append(ets) |
922 X_ET_ALL_SOLS.append(ets) |
976 None, None, [self.system], {'ET': 'table0.C0', 'X': 'table0.C1'}, []) |
976 None, None, [self.system], {'ET': 'table0.C0', 'X': 'table0.C1'}, []) |
977 ]) |
977 ]) |
978 |
978 |
979 def test_security_3sources(self): |
979 def test_security_3sources(self): |
980 # use a guest user |
980 # use a guest user |
981 self.session = self._user_session()[1] |
981 self.session = self.user_groups_session('guests') |
982 self._test('Any X, XT WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
982 self._test('Any X, XT WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
983 [('FetchStep', |
983 [('FetchStep', |
984 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
984 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
985 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
985 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
986 ('FetchStep', |
986 ('FetchStep', |
994 ]) |
994 ]) |
995 |
995 |
996 def test_security_3sources_identity(self): |
996 def test_security_3sources_identity(self): |
997 self.restore_orig_cwuser_security() |
997 self.restore_orig_cwuser_security() |
998 # use a guest user |
998 # use a guest user |
999 self.session = self._user_session()[1] |
999 self.session = self.user_groups_session('guests') |
1000 print self.session |
|
1001 self._test('Any X, XT WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
1000 self._test('Any X, XT WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
1002 [('FetchStep', |
1001 [('FetchStep', |
1003 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
1002 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
1004 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
1003 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
1005 ('OneFetchStep', |
1004 ('OneFetchStep', |
1009 ]) |
1008 ]) |
1010 |
1009 |
1011 def test_security_3sources_identity_optional_var(self): |
1010 def test_security_3sources_identity_optional_var(self): |
1012 self.restore_orig_cwuser_security() |
1011 self.restore_orig_cwuser_security() |
1013 # use a guest user |
1012 # use a guest user |
1014 self.session = self._user_session()[1] |
1013 self.session = self.user_groups_session('guests') |
1015 self._test('Any X,XT,U WHERE X is Card, X owned_by U?, X title XT, U login L', |
1014 self._test('Any X,XT,U WHERE X is Card, X owned_by U?, X title XT, U login L', |
1016 [('FetchStep', |
1015 [('FetchStep', |
1017 [('Any U,L WHERE U identity 5, U login L, U is CWUser', |
1016 [('Any U,L WHERE U identity 5, U login L, U is CWUser', |
1018 [{'L': 'String', u'U': 'CWUser'}])], |
1017 [{'L': 'String', u'U': 'CWUser'}])], |
1019 [self.system], {}, {'L': 'table0.C1', 'U': 'table0.C0', 'U.login': 'table0.C1'}, []), |
1018 [self.system], {}, {'L': 'table0.C1', 'U': 'table0.C0', 'U.login': 'table0.C1'}, []), |
1030 'XT': 'table1.C1'}, []) |
1029 'XT': 'table1.C1'}, []) |
1031 ]) |
1030 ]) |
1032 |
1031 |
1033 def test_security_3sources_limit_offset(self): |
1032 def test_security_3sources_limit_offset(self): |
1034 # use a guest user |
1033 # use a guest user |
1035 self.session = self._user_session()[1] |
1034 self.session = self.user_groups_session('guests') |
1036 self._test('Any X, XT LIMIT 10 OFFSET 10 WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
1035 self._test('Any X, XT LIMIT 10 OFFSET 10 WHERE X is Card, X owned_by U, X title XT, U login "syt"', |
1037 [('FetchStep', |
1036 [('FetchStep', |
1038 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
1037 [('Any X,XT WHERE X title XT, X is Card', [{'X': 'Card', 'XT': 'String'}])], |
1039 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
1038 [self.cards, self.system], None, {'X': 'table0.C0', 'X.title': 'table0.C1', 'XT': 'table0.C1'}, []), |
1040 ('FetchStep', |
1039 ('FetchStep', |
1666 None, None, [self.system], {'U': 'table0.C0'}, []), |
1665 None, None, [self.system], {'U': 'table0.C0'}, []), |
1667 ]), |
1666 ]), |
1668 ]) |
1667 ]) |
1669 |
1668 |
1670 def test_update3(self): |
1669 def test_update3(self): |
1671 anoneid = self._user_session()[1].user.eid |
1670 anoneid = self.user_groups_session('guests').user.eid |
1672 # since we are adding a in_state relation for an entity in the system |
1671 # since we are adding a in_state relation for an entity in the system |
1673 # source, states should only be searched in the system source as well |
1672 # source, states should only be searched in the system source as well |
1674 self._test('SET X in_state S WHERE X eid %(x)s, S name "deactivated"', |
1673 self._test('SET X in_state S WHERE X eid %(x)s, S name "deactivated"', |
1675 [('UpdateStep', [ |
1674 [('UpdateStep', [ |
1676 ('OneFetchStep', [('DISTINCT Any 5,S WHERE S name "deactivated", S is State', |
1675 ('OneFetchStep', [('DISTINCT Any 5,S WHERE S name "deactivated", S is State', |