7 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
7 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
8 """ |
8 """ |
9 |
9 |
10 from datetime import datetime |
10 from datetime import datetime |
11 |
11 |
12 from cubicweb import Binary |
12 from cubicweb import Binary, Unauthorized |
13 from cubicweb.devtools.testlib import CubicWebTC |
13 from cubicweb.devtools.testlib import CubicWebTC |
14 from cubicweb.common.mttransforms import HAS_TAL |
14 from cubicweb.common.mttransforms import HAS_TAL |
|
15 from cubicweb.entities import fetch_config |
15 |
16 |
16 class EntityTC(CubicWebTC): |
17 class EntityTC(CubicWebTC): |
17 |
|
18 ## def setup_database(self): |
|
19 ## self.add_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
|
20 ## self.add_entity('Task', title=u'fait ca !', description=u'et plus vite', start=now()) |
|
21 ## self.add_entity('Tag', name=u'x') |
|
22 ## self.add_entity('Link', title=u'perdu', url=u'http://www.perdu.com', |
|
23 ## embed=False) |
|
24 |
18 |
25 def test_boolean_value(self): |
19 def test_boolean_value(self): |
26 e = self.vreg['etypes'].etype_class('CWUser')(self.request()) |
20 e = self.vreg['etypes'].etype_class('CWUser')(self.request()) |
27 self.failUnless(e) |
21 self.failUnless(e) |
28 |
22 |
177 finally: |
171 finally: |
178 Personne.fetch_attrs = pfetch_attrs |
172 Personne.fetch_attrs = pfetch_attrs |
179 Societe.fetch_attrs = sfetch_attrs |
173 Societe.fetch_attrs = sfetch_attrs |
180 |
174 |
181 def test_related_rql(self): |
175 def test_related_rql(self): |
182 from cubicweb.entities import fetch_config |
|
183 Personne = self.vreg['etypes'].etype_class('Personne') |
176 Personne = self.vreg['etypes'].etype_class('Personne') |
184 Note = self.vreg['etypes'].etype_class('Note') |
177 Note = self.vreg['etypes'].etype_class('Note') |
185 self.failUnless(issubclass(self.vreg['etypes'].etype_class('SubNote'), Note)) |
178 self.failUnless(issubclass(self.vreg['etypes'].etype_class('SubNote'), Note)) |
186 Personne.fetch_attrs, Personne.fetch_order = fetch_config(('nom', 'type')) |
179 Personne.fetch_attrs, Personne.fetch_order = fetch_config(('nom', 'type')) |
187 Note.fetch_attrs, Note.fetch_order = fetch_config(('type',)) |
180 Note.fetch_attrs, Note.fetch_order = fetch_config(('type',)) |
192 Personne.fetch_attrs, Personne.fetch_order = fetch_config(('nom', )) |
185 Personne.fetch_attrs, Personne.fetch_order = fetch_config(('nom', )) |
193 # XXX |
186 # XXX |
194 self.assertEquals(p.related_rql('evaluee'), |
187 self.assertEquals(p.related_rql('evaluee'), |
195 'Any X,AA ORDERBY Z DESC WHERE X modification_date Z, E eid %(x)s, E evaluee X, X modification_date AA') |
188 'Any X,AA ORDERBY Z DESC WHERE X modification_date Z, E eid %(x)s, E evaluee X, X modification_date AA') |
196 |
189 |
197 def test_entity_unrelated(self): |
190 def test_unrelated_rql_security_1(self): |
|
191 user = self.request().user |
|
192 rql = user.unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
|
193 self.assertEquals(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
|
194 'WHERE NOT S use_email O, S eid %(x)s, O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
|
195 self.create_user('toto') |
|
196 self.login('toto') |
|
197 user = self.request().user |
|
198 rql = user.unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
|
199 self.assertEquals(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
|
200 'WHERE NOT S use_email O, S eid %(x)s, O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
|
201 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
|
202 self.assertRaises(Unauthorized, user.unrelated_rql, 'use_email', 'EmailAddress', 'subject') |
|
203 self.login('anon') |
|
204 user = self.request().user |
|
205 self.assertRaises(Unauthorized, user.unrelated_rql, 'use_email', 'EmailAddress', 'subject') |
|
206 |
|
207 def test_unrelated_rql_security_2(self): |
|
208 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
|
209 rql = email.unrelated_rql('use_email', 'CWUser', 'object')[0] |
|
210 self.assertEquals(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ASC ' |
|
211 'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, S login AA, S firstname AB, S surname AC, S modification_date AD') |
|
212 #rql = email.unrelated_rql('use_email', 'Person', 'object')[0] |
|
213 #self.assertEquals(rql, '') |
|
214 self.login('anon') |
|
215 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}, 'x').get_entity(0, 0) |
|
216 rql = email.unrelated_rql('use_email', 'CWUser', 'object')[0] |
|
217 self.assertEquals(rql, 'Any S,AA,AB,AC,AD ORDERBY AA ' |
|
218 'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, S login AA, S firstname AB, S surname AC, S modification_date AD, ' |
|
219 'A eid %(B)s, EXISTS(S identity A, NOT A in_group C, C name "guests", C is CWGroup)') |
|
220 #rql = email.unrelated_rql('use_email', 'Person', 'object')[0] |
|
221 #self.assertEquals(rql, '') |
|
222 |
|
223 def test_unrelated_base(self): |
198 p = self.add_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
224 p = self.add_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
199 e = self.add_entity('Tag', name=u'x') |
225 e = self.add_entity('Tag', name=u'x') |
200 related = [r.eid for r in e.tags] |
226 related = [r.eid for r in e.tags] |
201 self.failUnlessEqual(related, []) |
227 self.failUnlessEqual(related, []) |
202 unrelated = [r[0] for r in e.unrelated('tags', 'Personne', 'subject')] |
228 unrelated = [r[0] for r in e.unrelated('tags', 'Personne', 'subject')] |
204 self.execute('SET X tags Y WHERE X is Tag, Y is Personne') |
230 self.execute('SET X tags Y WHERE X is Tag, Y is Personne') |
205 e = self.entity('Any X WHERE X is Tag') |
231 e = self.entity('Any X WHERE X is Tag') |
206 unrelated = [r[0] for r in e.unrelated('tags', 'Personne', 'subject')] |
232 unrelated = [r[0] for r in e.unrelated('tags', 'Personne', 'subject')] |
207 self.failIf(p.eid in unrelated) |
233 self.failIf(p.eid in unrelated) |
208 |
234 |
209 def test_entity_unrelated_limit(self): |
235 def test_unrelated_limit(self): |
210 e = self.add_entity('Tag', name=u'x') |
236 e = self.add_entity('Tag', name=u'x') |
211 self.add_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
237 self.add_entity('Personne', nom=u'di mascio', prenom=u'adrien') |
212 self.add_entity('Personne', nom=u'di mascio', prenom=u'gwen') |
238 self.add_entity('Personne', nom=u'thenault', prenom=u'sylvain') |
213 self.assertEquals(len(e.unrelated('tags', 'Personne', 'subject', limit=1)), |
239 self.assertEquals(len(e.unrelated('tags', 'Personne', 'subject', limit=1)), |
214 1) |
240 1) |
215 |
241 |
216 def test_new_entity_unrelated(self): |
242 def test_unrelated_security(self): |
|
243 email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0) |
|
244 rset = email.unrelated('use_email', 'CWUser', 'object') |
|
245 self.assertEquals([x.login for x in rset.entities()], [u'admin', u'anon']) |
|
246 user = self.request().user |
|
247 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
|
248 self.assertEquals([x.address for x in rset.entities()], [u'hop']) |
|
249 self.create_user('toto') |
|
250 self.login('toto') |
|
251 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}, 'x').get_entity(0, 0) |
|
252 rset = email.unrelated('use_email', 'CWUser', 'object') |
|
253 self.assertEquals([x.login for x in rset.entities()], ['toto']) |
|
254 user = self.request().user |
|
255 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
|
256 self.assertEquals([x.address for x in rset.entities()], ['hop']) |
|
257 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
|
258 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
|
259 self.assertEquals([x.address for x in rset.entities()], []) |
|
260 self.login('anon') |
|
261 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}, 'x').get_entity(0, 0) |
|
262 rset = email.unrelated('use_email', 'CWUser', 'object') |
|
263 self.assertEquals([x.login for x in rset.entities()], []) |
|
264 user = self.request().user |
|
265 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
|
266 self.assertEquals([x.address for x in rset.entities()], []) |
|
267 |
|
268 def test_unrelated_new_entity(self): |
217 e = self.vreg['etypes'].etype_class('CWUser')(self.request()) |
269 e = self.vreg['etypes'].etype_class('CWUser')(self.request()) |
218 unrelated = [r[0] for r in e.unrelated('in_group', 'CWGroup', 'subject')] |
270 unrelated = [r[0] for r in e.unrelated('in_group', 'CWGroup', 'subject')] |
219 # should be default groups but owners, i.e. managers, users, guests |
271 # should be default groups but owners, i.e. managers, users, guests |
220 self.assertEquals(len(unrelated), 3) |
272 self.assertEquals(len(unrelated), 3) |
221 |
273 |