63 cnx = self.login('iaminusersgrouponly') |
63 cnx = self.login('iaminusersgrouponly') |
64 cu = cnx.cursor() |
64 cu = cnx.cursor() |
65 self.assertRaises(Unauthorized, |
65 self.assertRaises(Unauthorized, |
66 cu.execute, 'Any X,P WHERE X is CWUser, X upassword P') |
66 cu.execute, 'Any X,P WHERE X is CWUser, X upassword P') |
67 |
67 |
|
68 |
|
69 class SecurityRewritingTC(BaseSecurityTC): |
|
70 def hijack_source_execute(self): |
|
71 def syntax_tree_search(*args, **kwargs): |
|
72 self.query = (args, kwargs) |
|
73 return [] |
|
74 self.repo.system_source.syntax_tree_search = syntax_tree_search |
|
75 |
|
76 def tearDown(self): |
|
77 self.repo.system_source.__dict__.pop('syntax_tree_search', None) |
|
78 BaseSecurityTC.tearDown(self) |
|
79 |
|
80 def test_not_relation_read_security(self): |
|
81 cnx = self.login('iaminusersgrouponly') |
|
82 self.hijack_source_execute() |
|
83 self.execute('Any U WHERE NOT A todo_by U, A is Affaire') |
|
84 self.assertEquals(self.query[0][1].as_string(), |
|
85 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
|
86 self.execute('Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
|
87 self.assertEquals(self.query[0][1].as_string(), |
|
88 'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire') |
68 |
89 |
69 class SecurityTC(BaseSecurityTC): |
90 class SecurityTC(BaseSecurityTC): |
70 |
91 |
71 def setUp(self): |
92 def setUp(self): |
72 BaseSecurityTC.setUp(self) |
93 BaseSecurityTC.setUp(self) |