134 Personne = self.vreg['etypes'].etype_class('Personne') |
145 Personne = self.vreg['etypes'].etype_class('Personne') |
135 Societe = self.vreg['etypes'].etype_class('Societe') |
146 Societe = self.vreg['etypes'].etype_class('Societe') |
136 Note = self.vreg['etypes'].etype_class('Note') |
147 Note = self.vreg['etypes'].etype_class('Note') |
137 peschema = Personne.e_schema |
148 peschema = Personne.e_schema |
138 seschema = Societe.e_schema |
149 seschema = Societe.e_schema |
139 peschema.subjrels['travaille'].rdef(peschema, seschema).cardinality = '1*' |
150 torestore = [] |
140 peschema.subjrels['connait'].rdef(peschema, peschema).cardinality = '11' |
151 for rdef, card in [(peschema.subjrels['travaille'].rdef(peschema, seschema), '1*'), |
141 peschema.subjrels['evaluee'].rdef(peschema, Note.e_schema).cardinality = '1*' |
152 (peschema.subjrels['connait'].rdef(peschema, peschema), '11'), |
142 seschema.subjrels['evaluee'].rdef(seschema, Note.e_schema).cardinality = '1*' |
153 (peschema.subjrels['evaluee'].rdef(peschema, Note.e_schema), '1*'), |
143 # testing basic fetch_attrs attribute |
154 (seschema.subjrels['evaluee'].rdef(seschema, Note.e_schema), '1*')]: |
144 self.assertEqual(Personne.fetch_rql(user), |
155 cm = tempattr(rdef, 'cardinality', card) |
145 'Any X,AA,AB,AC ORDERBY AA ASC ' |
156 cm.__enter__() |
146 'WHERE X is Personne, X nom AA, X prenom AB, X modification_date AC') |
157 torestore.append(cm) |
147 pfetch_attrs = Personne.fetch_attrs |
|
148 sfetch_attrs = Societe.fetch_attrs |
|
149 try: |
158 try: |
|
159 # testing basic fetch_attrs attribute |
|
160 self.assertEqual(Personne.fetch_rql(user), |
|
161 'Any X,AA,AB,AC ORDERBY AA ASC ' |
|
162 'WHERE X is Personne, X nom AA, X prenom AB, X modification_date AC') |
150 # testing unknown attributes |
163 # testing unknown attributes |
151 Personne.fetch_attrs = ('bloug', 'beep') |
164 Personne.fetch_attrs = ('bloug', 'beep') |
152 self.assertEqual(Personne.fetch_rql(user), 'Any X WHERE X is Personne') |
165 self.assertEqual(Personne.fetch_rql(user), 'Any X WHERE X is Personne') |
153 # testing one non final relation |
166 # testing one non final relation |
154 Personne.fetch_attrs = ('nom', 'prenom', 'travaille') |
167 Personne.fetch_attrs = ('nom', 'prenom', 'travaille') |
225 |
239 |
226 def test_unrelated_rql_security_1_manager(self): |
240 def test_unrelated_rql_security_1_manager(self): |
227 user = self.request().user |
241 user = self.request().user |
228 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
242 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
229 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
230 'WHERE NOT S use_email O, S eid %(x)s, ' |
244 'WHERE NOT EXISTS(S use_email O), S eid %(x)s, ' |
231 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
245 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
232 |
246 |
233 def test_unrelated_rql_security_1_user(self): |
247 def test_unrelated_rql_security_1_user(self): |
234 self.create_user('toto') |
248 self.create_user('toto') |
235 self.login('toto') |
249 self.login('toto') |
236 user = self.request().user |
250 user = self.request().user |
237 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
251 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
238 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
252 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
239 'WHERE NOT S use_email O, S eid %(x)s, ' |
253 'WHERE NOT EXISTS(S use_email O), S eid %(x)s, ' |
240 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
254 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
241 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
255 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
242 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
256 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
257 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
244 'NOT EXISTS(S use_email O), S eid %(x)s, ' |
258 'NOT EXISTS(S use_email O), S eid %(x)s, ' |
255 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
269 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
256 |
270 |
257 def test_unrelated_rql_security_2(self): |
271 def test_unrelated_rql_security_2(self): |
258 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
272 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
259 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
273 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
260 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ASC ' |
274 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
261 'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, S login AA, S firstname AB, S surname AC, S modification_date AD') |
275 'WHERE NOT EXISTS(S use_email O), S is CWUser, ' |
|
276 'S login AA, S firstname AB, S surname AC, S modification_date AD') |
262 self.login('anon') |
277 self.login('anon') |
263 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
278 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
264 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
279 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
265 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
280 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
266 'WHERE NOT EXISTS(S use_email O), O eid %(x)s, S is CWUser, S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
281 'WHERE NOT EXISTS(S use_email O, O is EmailAddress), S is CWUser, ' |
267 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
282 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
|
283 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
268 |
284 |
269 def test_unrelated_rql_security_nonexistant(self): |
285 def test_unrelated_rql_security_nonexistant(self): |
270 self.login('anon') |
286 self.login('anon') |
271 email = self.vreg['etypes'].etype_class('EmailAddress')(self.request()) |
287 email = self.vreg['etypes'].etype_class('EmailAddress')(self.request()) |
272 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
288 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
273 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
289 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
274 'WHERE S is CWUser, S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
290 'WHERE NOT EXISTS(S use_email O, O is EmailAddress), S is CWUser, ' |
275 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
291 'S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
|
292 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
276 |
293 |
277 def test_unrelated_rql_constraints_creation_subject(self): |
294 def test_unrelated_rql_constraints_creation_subject(self): |
278 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |
295 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |
279 rql = person.cw_unrelated_rql('connait', 'Personne', 'subject')[0] |
296 rql = person.cw_unrelated_rql('connait', 'Personne', 'subject')[0] |
280 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
297 self.assertEqual( |
281 'O is Personne, O nom AA, O prenom AB, O modification_date AC') |
298 rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
|
299 'O is Personne, O nom AA, O prenom AB, O modification_date AC') |
282 |
300 |
283 def test_unrelated_rql_constraints_creation_object(self): |
301 def test_unrelated_rql_constraints_creation_object(self): |
284 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |
302 person = self.vreg['etypes'].etype_class('Personne')(self.request()) |
285 rql = person.cw_unrelated_rql('connait', 'Personne', 'object')[0] |
303 rql = person.cw_unrelated_rql('connait', 'Personne', 'object')[0] |
286 self.assertEqual(rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
304 self.assertEqual( |
287 'NOT (S connait P, P nom "toto"), S is Personne, S nom AA, ' |
305 rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
288 'S prenom AB, S modification_date AC') |
306 'S is Personne, S nom AA, S prenom AB, S modification_date AC, ' |
|
307 'NOT (S connait A, A nom "toto"), A is Personne, EXISTS(S travaille B, B nom "tutu")') |
289 |
308 |
290 def test_unrelated_rql_constraints_edition_subject(self): |
309 def test_unrelated_rql_constraints_edition_subject(self): |
291 person = self.request().create_entity('Personne', nom=u'sylvain') |
310 person = self.request().create_entity('Personne', nom=u'sylvain') |
292 rql = person.cw_unrelated_rql('connait', 'Personne', 'subject')[0] |
311 rql = person.cw_unrelated_rql('connait', 'Personne', 'subject')[0] |
293 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
312 self.assertEqual( |
294 'NOT S connait O, S eid %(x)s, NOT S identity O, O is Personne, ' |
313 rql, 'Any O,AA,AB,AC ORDERBY AC DESC WHERE ' |
295 'O nom AA, O prenom AB, O modification_date AC') |
314 'NOT EXISTS(S connait O), S eid %(x)s, O is Personne, ' |
|
315 'O nom AA, O prenom AB, O modification_date AC, ' |
|
316 'NOT S identity O') |
296 |
317 |
297 def test_unrelated_rql_constraints_edition_object(self): |
318 def test_unrelated_rql_constraints_edition_object(self): |
298 person = self.request().create_entity('Personne', nom=u'sylvain') |
319 person = self.request().create_entity('Personne', nom=u'sylvain') |
299 rql = person.cw_unrelated_rql('connait', 'Personne', 'object')[0] |
320 rql = person.cw_unrelated_rql('connait', 'Personne', 'object')[0] |
300 self.assertEqual(rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
321 self.assertEqual( |
301 'NOT S connait O, O eid %(x)s, NOT S identity O, NOT (S connait P, ' |
322 rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
302 'P nom "toto"), S is Personne, S nom AA, S prenom AB, S modification_date AC') |
323 'NOT EXISTS(S connait O), O eid %(x)s, S is Personne, ' |
|
324 'S nom AA, S prenom AB, S modification_date AC, ' |
|
325 'NOT S identity O, NOT (S connait A, A nom "toto"), ' |
|
326 'EXISTS(S travaille B, B nom "tutu")') |
303 |
327 |
304 def test_unrelated_base(self): |
328 def test_unrelated_base(self): |
305 req = self.request() |
329 req = self.request() |
306 p = req.create_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
330 p = req.create_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
307 e = req.create_entity('Tag', name=u'x') |
331 e = req.create_entity('Tag', name=u'x') |