cubicweb: comparison server/test/unittest

equal deleted inserted replaced

-:73760bbb66bd
+:78438ad513ca
 cu.execute("DELETE A concerne S")
 cnx.commit()
 # to actually get Unauthorized exception, try to delete a relation we can read
 self.restore_connection()
 eid = self.execute("INSERT Affaire X: X sujet 'pascool'")[0][0]
-self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': eid}, 'x')
+self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': eid})
 self.execute("SET A concerne S WHERE A sujet 'pascool', S is Societe")
 self.commit()
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 self.assertRaises(Unauthorized, cu.execute, "DELETE A concerne S")
 def test_user_can_change_its_upassword(self):
 ueid = self.create_user('user').eid
 cnx = self.login('user')
 cu = cnx.cursor()
 cu.execute('SET X upassword %(passwd)s WHERE X eid %(x)s',
-{'x': ueid, 'passwd': 'newpwd'}, 'x')
+{'x': ueid, 'passwd': 'newpwd'})
 cnx.commit()
 cnx.close()
 cnx = self.login('user', password='newpwd')
 def test_user_cant_change_other_upassword(self):
 ueid = self.create_user('otheruser').eid
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 cu.execute('SET X upassword %(passwd)s WHERE X eid %(x)s',
-{'x': ueid, 'passwd': 'newpwd'}, 'x')
+{'x': ueid, 'passwd': 'newpwd'})
 self.assertRaises(Unauthorized, cnx.commit)
 # read security test
 def test_read_base(self):
 self.commit()
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 rset = cu.execute('Affaire X')
 self.assertEquals(rset.rows, [])
-self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x': eid}, 'x')
+self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x': eid})
 # cache test
-self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x': eid}, 'x')
+self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x': eid})
 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0]
 cu.execute("SET A concerne S WHERE A is Affaire, S is Societe")
 cnx.commit()
-rset = cu.execute('Any X WHERE X eid %(x)s', {'x': aff2}, 'x')
+rset = cu.execute('Any X WHERE X eid %(x)s', {'x': aff2})
 self.assertEquals(rset.rows, [[aff2]])
 # more cache test w/ NOT eid
-rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid}, 'x')
+rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid})
 self.assertEquals(rset.rows, [[aff2]])
-rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x')
+rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2})
 self.assertEquals(rset.rows, [])
 # test can't update an attribute of an entity that can't be readen
-self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid}, 'x')
+self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid})
 def test_entity_created_in_transaction(self):
 affschema = self.schema['Affaire']
 origperms = affschema.permissions['read']
 try:
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 # entity created in transaction are readable *by eid*
-self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}, 'x'))
+self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
 # XXX would be nice if it worked
 rset = cu.execute("Affaire X WHERE X sujet 'cool'")
 self.assertEquals(len(rset), 0)
 finally:
 affschema.set_action_permissions('read', origperms)
 cnx.close()
 def test_read_erqlexpr_has_text1(self):
 aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 card1 = self.execute("INSERT Card X: X title 'cool'")[0][0]
-self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1}, 'x')
+self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1})
 self.commit()
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 soc1 = cu.execute("INSERT Societe X: X nom 'chouette'")[0][0]
-cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1},
+cu.execute("SET A concerne S WHERE A eid %(a)s, S eid %(s)s", {'a': aff2, 's': soc1})
-('a', 's'))
+cnx.commit()
-cnx.commit()
+self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1})
-self.assertRaises(Unauthorized, cu.execute, 'Any X WHERE X eid %(x)s', {'x':aff1}, 'x')
+self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}))
-self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}, 'x'))
+self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':card1}))
-self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':card1}, 'x'))
 rset = cu.execute("Any X WHERE X has_text 'cool'")
 self.assertEquals(sorted(eid for eid, in rset.rows),
 [card1, aff2])
 def test_read_erqlexpr_has_text2(self):
 def test_attribute_security(self):
 # only managers should be able to edit the 'test' attribute of Personne entities
 eid = self.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test TRUE")[0][0]
 self.commit()
-self.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid}, 'x')
+self.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid})
 self.commit()
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
 cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test TRUE")
 self.assertRaises(Unauthorized, cnx.commit)
 cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org', X test FALSE")
 self.assertRaises(Unauthorized, cnx.commit)
 eid = cu.execute("INSERT Personne X: X nom 'bidule', X web 'http://www.debian.org'")[0][0]
 cnx.commit()
-cu.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid}, 'x')
+cu.execute('SET X test FALSE WHERE X eid %(x)s', {'x': eid})
 self.assertRaises(Unauthorized, cnx.commit)
-cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid}, 'x')
+cu.execute('SET X test TRUE WHERE X eid %(x)s', {'x': eid})
 self.assertRaises(Unauthorized, cnx.commit)
-cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid}, 'x')
+cu.execute('SET X web "http://www.logilab.org" WHERE X eid %(x)s', {'x': eid})
 cnx.commit()
 cnx.close()
 def test_attribute_security_rqlexpr(self):
 # Note.para attribute editable by managers or if the note is in "todo" state
 note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0)
 self.commit()
 note.fire_transition('markasdone')
-self.execute('SET X para "truc" WHERE X eid %(x)s', {'x': note.eid}, 'x')
+self.execute('SET X para "truc" WHERE X eid %(x)s', {'x': note.eid})
 self.commit()
 cnx = self.login('iaminusersgrouponly')
 cu = cnx.cursor()
-cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note.eid}, 'x')
+cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note.eid})
 self.assertRaises(Unauthorized, cnx.commit)
 note2 = cu.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0)
 cnx.commit()
 note2.fire_transition('markasdone')
 cnx.commit()
-self.assertEquals(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s', {'x': note2.eid}, 'x')),
+self.assertEquals(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s', {'x': note2.eid})),
 0)
-cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}, 'x')
+cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid})
 self.assertRaises(Unauthorized, cnx.commit)
 note2.fire_transition('redoit')
 cnx.commit()
-cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}, 'x')
+cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid})
 cnx.commit()
 def test_attribute_read_security(self):
 # anon not allowed to see users'login, but they can see users
 self.repo.schema['CWUser'].set_action_permissions('read', ('guests', 'users', 'managers'))
 # anonymous user can read groups (necessary to check allowed transitions for instance)
 self.assert_(cu.execute('CWGroup X'))
 # should only be able to read the anonymous user, not another one
 origuser = self.adminsession.user
 self.assertRaises(Unauthorized,
-cu.execute, 'CWUser X WHERE X eid %(x)s', {'x': origuser.eid}, 'x')
+cu.execute, 'CWUser X WHERE X eid %(x)s', {'x': origuser.eid})
 # nothing selected, nothing updated, no exception raised
 #self.assertRaises(Unauthorized,
 #                  cu.execute, 'SET X login "toto" WHERE X eid %(x)s',
 #                  {'x': self.user.eid})
-rset = cu.execute('CWUser X WHERE X eid %(x)s', {'x': anon.eid}, 'x')
+rset = cu.execute('CWUser X WHERE X eid %(x)s', {'x': anon.eid})
 self.assertEquals(rset.rows, [[anon.eid]])
 # but can't modify it
 cu.execute('SET X login "toto" WHERE X eid %(x)s', {'x': anon.eid})
 self.assertRaises(Unauthorized, cnx.commit)
 self.assertEquals(cu.execute('Any B where B is Bookmark, NOT B bookmarked_by U').rows,
 [[beid1]])
 self.assertRaises(Unauthorized, cu.execute,'DELETE B bookmarked_by U')
 self.assertRaises(Unauthorized,
 cu.execute, 'SET B bookmarked_by U WHERE U eid %(x)s, B eid %(b)s',
-{'x': anoneid, 'b': beid1}, 'x')
+{'x': anoneid, 'b': beid1})
 def test_ambigous_ordered(self):
 cnx = self.login('anon')
 cu = cnx.cursor()
 self.assertEquals(trinfo.comment, 'bouh!')
 # but not from_state/to_state
 aff.clear_related_cache('wf_info_for', role='object')
 self.assertRaises(Unauthorized,
 self.execute, 'SET TI from_state S WHERE TI eid %(ti)s, S name "ben non"',
-{'ti': trinfo.eid}, 'ti')
+{'ti': trinfo.eid})
 self.assertRaises(Unauthorized,
 self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"',
-{'ti': trinfo.eid}, 'ti')
+{'ti': trinfo.eid})
 if __name__ == '__main__':
 unittest_main()

changeset 5174	78438ad513ca
parent 4915	d657b89df9f4
child 5423	e15abfdcce38