42 rql = u'Personne U WHERE U nom "managers"' |
42 rql = u'Personne U WHERE U nom "managers"' |
43 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
43 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
44 nom = self.repo.schema['Personne'].rdef('nom') |
44 nom = self.repo.schema['Personne'].rdef('nom') |
45 with self.temporary_permissions((nom, {'read': ('users', 'managers')})): |
45 with self.temporary_permissions((nom, {'read': ('users', 'managers')})): |
46 with self.admin_access.repo_cnx() as cnx: |
46 with self.admin_access.repo_cnx() as cnx: |
47 self.repo.vreg.solutions(cnx, rqlst, None) |
47 self.repo.vreg.compute_var_types(cnx, rqlst, None) |
48 check_relations_read_access(cnx, rqlst, {}) |
48 check_relations_read_access(cnx, rqlst, {}) |
49 with self.new_access(u'anon').repo_cnx() as cnx: |
49 with self.new_access(u'anon').repo_cnx() as cnx: |
50 self.assertRaises(Unauthorized, |
50 self.assertRaises(Unauthorized, |
51 check_relations_read_access, |
51 check_relations_read_access, |
52 cnx, rqlst, {}) |
52 cnx, rqlst, {}) |
55 def test_get_local_checks(self): |
55 def test_get_local_checks(self): |
56 rql = u'Personne U WHERE U nom "managers"' |
56 rql = u'Personne U WHERE U nom "managers"' |
57 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
57 rqlst = self.repo.vreg.rqlhelper.parse(rql).children[0] |
58 with self.temporary_permissions(Personne={'read': ('users', 'managers')}): |
58 with self.temporary_permissions(Personne={'read': ('users', 'managers')}): |
59 with self.admin_access.repo_cnx() as cnx: |
59 with self.admin_access.repo_cnx() as cnx: |
60 self.repo.vreg.solutions(cnx, rqlst, None) |
60 self.repo.vreg.compute_var_types(cnx, rqlst, None) |
61 solution = rqlst.solutions[0] |
61 solution = rqlst.solutions[0] |
62 localchecks = get_local_checks(cnx, rqlst, solution) |
62 localchecks = get_local_checks(cnx, rqlst, solution) |
63 self.assertEqual({}, localchecks) |
63 self.assertEqual({}, localchecks) |
64 with self.new_access(u'anon').repo_cnx() as cnx: |
64 with self.new_access(u'anon').repo_cnx() as cnx: |
65 self.assertRaises(Unauthorized, |
65 self.assertRaises(Unauthorized, |
518 def test_yams_inheritance_and_security_bug(self): |
518 def test_yams_inheritance_and_security_bug(self): |
519 with self.temporary_permissions(Division={'read': ('managers', |
519 with self.temporary_permissions(Division={'read': ('managers', |
520 ERQLExpression('X owned_by U'))}): |
520 ERQLExpression('X owned_by U'))}): |
521 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |
521 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |
522 rqlst = self.repo.vreg.rqlhelper.parse('Any X WHERE X is_instance_of Societe') |
522 rqlst = self.repo.vreg.rqlhelper.parse('Any X WHERE X is_instance_of Societe') |
523 self.repo.vreg.solutions(cnx, rqlst, {}) |
523 self.repo.vreg.compute_var_types(cnx, rqlst, {}) |
524 self.repo.vreg.rqlhelper.annotate(rqlst) |
524 self.repo.vreg.rqlhelper.annotate(rqlst) |
525 plan = cnx.repo.querier.plan_factory(rqlst, {}, cnx) |
525 plan = cnx.repo.querier.plan_factory(rqlst, {}, cnx) |
526 plan.preprocess(rqlst) |
526 plan.preprocess(rqlst) |
527 self.assertEqual( |
527 self.assertEqual( |
528 rqlst.as_string(), |
528 rqlst.as_string(), |