237 'X type AA, X modification_date AB') |
237 'X type AA, X modification_date AB') |
238 n = self.request().create_entity('Note') |
238 n = self.request().create_entity('Note') |
239 self.assertEqual(n.cw_related_rql('evaluee', role='object', |
239 self.assertEqual(n.cw_related_rql('evaluee', role='object', |
240 targettypes=('Societe', 'Personne')), |
240 targettypes=('Societe', 'Personne')), |
241 "Any X,AA ORDERBY AB DESC WHERE E eid %(x)s, X evaluee E, " |
241 "Any X,AA ORDERBY AB DESC WHERE E eid %(x)s, X evaluee E, " |
242 "X is IN('Personne', 'Societe'), X nom AA, " |
242 "X is IN(Personne, Societe), X nom AA, " |
243 "X modification_date AB") |
243 "X modification_date AB") |
244 Personne.fetch_attrs, Personne.cw_fetch_order = fetch_config(('nom', )) |
244 Personne.fetch_attrs, Personne.cw_fetch_order = fetch_config(('nom', )) |
245 # XXX |
245 # XXX |
246 self.assertEqual(p.cw_related_rql('evaluee'), |
246 self.assertEqual(p.cw_related_rql('evaluee'), |
247 'Any X,AA ORDERBY AA DESC ' |
247 'Any X,AA ORDERBY AA DESC ' |
277 |
277 |
278 def test_unrelated_rql_security_1_manager(self): |
278 def test_unrelated_rql_security_1_manager(self): |
279 user = self.request().user |
279 user = self.request().user |
280 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
280 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
281 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
281 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
282 'WHERE NOT ZZ use_email O, S eid %(x)s, ' |
282 'WHERE NOT A use_email O, S eid %(x)s, ' |
283 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
283 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
284 |
284 |
285 def test_unrelated_rql_security_1_user(self): |
285 def test_unrelated_rql_security_1_user(self): |
286 req = self.request() |
286 req = self.request() |
287 self.create_user(req, 'toto') |
287 self.create_user(req, 'toto') |
288 self.login('toto') |
288 self.login('toto') |
289 user = req.user |
289 user = req.user |
290 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
290 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
291 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
291 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
292 'WHERE NOT ZZ use_email O, S eid %(x)s, ' |
292 'WHERE NOT A use_email O, S eid %(x)s, ' |
293 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
293 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
294 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
294 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
295 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
295 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
296 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
296 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
297 'WHERE NOT ZZ use_email O, S eid %(x)s, ' |
297 'WHERE NOT A use_email O, S eid %(x)s, ' |
298 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, AD eid %(AE)s, ' |
298 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, AD eid %(AE)s, ' |
299 'EXISTS(S identity AD, NOT AD in_group AF, AF name "guests", AF is CWGroup), ZZ is CWUser') |
299 'EXISTS(S identity AD, NOT AD in_group AF, AF name "guests", AF is CWGroup), A is CWUser') |
300 |
300 |
301 def test_unrelated_rql_security_1_anon(self): |
301 def test_unrelated_rql_security_1_anon(self): |
302 self.login('anon') |
302 self.login('anon') |
303 user = self.request().user |
303 user = self.request().user |
304 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
304 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
305 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
305 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
306 'WHERE NOT ZZ use_email O, S eid %(x)s, ' |
306 'WHERE NOT A use_email O, S eid %(x)s, ' |
307 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, AD eid %(AE)s, ' |
307 'O is EmailAddress, O address AA, O alias AB, O modification_date AC, AD eid %(AE)s, ' |
308 'EXISTS(S identity AD, NOT AD in_group AF, AF name "guests", AF is CWGroup), ZZ is CWUser') |
308 'EXISTS(S identity AD, NOT AD in_group AF, AF name "guests", AF is CWGroup), A is CWUser') |
309 |
309 |
310 def test_unrelated_rql_security_2(self): |
310 def test_unrelated_rql_security_2(self): |
311 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
311 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
312 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
312 rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0] |
313 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
313 self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
362 rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
362 rql, 'Any S,AA,AB,AC ORDERBY AC DESC WHERE ' |
363 'NOT S connait O, O eid %(x)s, S is Personne, ' |
363 'NOT S connait O, O eid %(x)s, S is Personne, ' |
364 'S nom AA, S prenom AB, S modification_date AC, ' |
364 'S nom AA, S prenom AB, S modification_date AC, ' |
365 'NOT S identity O, NOT (S connait AD, AD nom "toto"), ' |
365 'NOT S identity O, NOT (S connait AD, AD nom "toto"), ' |
366 'EXISTS(S travaille AE, AE nom "tutu")') |
366 'EXISTS(S travaille AE, AE nom "tutu")') |
|
367 |
|
368 def test_unrelated_rql_s_linkto_s(self): |
|
369 req = self.request() |
|
370 person = self.vreg['etypes'].etype_class('Personne')(req) |
|
371 self.vreg['etypes'].etype_class('Personne').fetch_attrs = () |
|
372 soc = req.create_entity('Societe', nom=u'logilab') |
|
373 lt_infos = {('actionnaire', 'subject'): [soc.eid]} |
|
374 rql, args = person.cw_unrelated_rql('associe', 'Personne', 'subject', |
|
375 lt_infos=lt_infos) |
|
376 self.assertEqual(u'Any O ORDERBY O WHERE O is Personne, ' |
|
377 u'EXISTS(AA eid %(SOC)s, O actionnaire AA)', rql) |
|
378 self.assertEqual({'SOC': soc.eid}, args) |
|
379 |
|
380 def test_unrelated_rql_s_linkto_o(self): |
|
381 req = self.request() |
|
382 person = self.vreg['etypes'].etype_class('Personne')(req) |
|
383 self.vreg['etypes'].etype_class('Societe').fetch_attrs = () |
|
384 soc = req.create_entity('Societe', nom=u'logilab') |
|
385 lt_infos = {('contrat_exclusif', 'object'): [soc.eid]} |
|
386 rql, args = person.cw_unrelated_rql('actionnaire', 'Societe', 'subject', |
|
387 lt_infos=lt_infos) |
|
388 self.assertEqual(u'Any O ORDERBY O WHERE NOT A actionnaire O, ' |
|
389 u'O is Societe, NOT EXISTS(O eid %(O)s), ' |
|
390 u'A is Personne', rql) |
|
391 self.assertEqual({'O': soc.eid}, args) |
|
392 |
|
393 def test_unrelated_rql_o_linkto_s(self): |
|
394 req = self.request() |
|
395 soc = self.vreg['etypes'].etype_class('Societe')(req) |
|
396 self.vreg['etypes'].etype_class('Personne').fetch_attrs = () |
|
397 person = req.create_entity('Personne', nom=u'florent') |
|
398 lt_infos = {('contrat_exclusif', 'subject'): [person.eid]} |
|
399 rql, args = soc.cw_unrelated_rql('actionnaire', 'Personne', 'object', |
|
400 lt_infos=lt_infos) |
|
401 self.assertEqual(u'Any S ORDERBY S WHERE NOT S actionnaire A, ' |
|
402 u'S is Personne, NOT EXISTS(S eid %(S)s), ' |
|
403 u'A is Societe', rql) |
|
404 self.assertEqual({'S': person.eid}, args) |
|
405 |
|
406 def test_unrelated_rql_o_linkto_o(self): |
|
407 req = self.request() |
|
408 soc = self.vreg['etypes'].etype_class('Societe')(req) |
|
409 self.vreg['etypes'].etype_class('Personne').fetch_attrs = () |
|
410 person = req.create_entity('Personne', nom=u'florent') |
|
411 lt_infos = {('actionnaire', 'object'): [person.eid]} |
|
412 rql, args = soc.cw_unrelated_rql('dirige', 'Personne', 'object', |
|
413 lt_infos=lt_infos) |
|
414 self.assertEqual(u'Any S ORDERBY S WHERE NOT S dirige A, ' |
|
415 u'S is Personne, EXISTS(S eid %(S)s), ' |
|
416 u'A is Societe', rql) |
|
417 self.assertEqual({'S': person.eid}, args) |
|
418 |
|
419 def test_unrelated_rql_s_linkto_s_no_info(self): |
|
420 req = self.request() |
|
421 person = self.vreg['etypes'].etype_class('Personne')(req) |
|
422 self.vreg['etypes'].etype_class('Personne').fetch_attrs = () |
|
423 soc = req.create_entity('Societe', nom=u'logilab') |
|
424 rql, args = person.cw_unrelated_rql('associe', 'Personne', 'subject') |
|
425 self.assertEqual(u'Any O ORDERBY O WHERE O is Personne', rql) |
|
426 self.assertEqual({}, args) |
|
427 |
|
428 def test_unrelated_rql_s_linkto_s_unused_info(self): |
|
429 req = self.request() |
|
430 person = self.vreg['etypes'].etype_class('Personne')(req) |
|
431 self.vreg['etypes'].etype_class('Personne').fetch_attrs = () |
|
432 other_p = req.create_entity('Personne', nom=u'titi') |
|
433 lt_infos = {('dirige', 'subject'): [other_p.eid]} |
|
434 rql, args = person.cw_unrelated_rql('associe', 'Personne', 'subject', |
|
435 lt_infos=lt_infos) |
|
436 self.assertEqual(u'Any O ORDERBY O WHERE O is Personne', rql) |
367 |
437 |
368 def test_unrelated_base(self): |
438 def test_unrelated_base(self): |
369 req = self.request() |
439 req = self.request() |
370 p = req.create_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
440 p = req.create_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
371 e = req.create_entity('Tag', name=u'x') |
441 e = req.create_entity('Tag', name=u'x') |