243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
243 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
244 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
244 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
245 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
245 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
246 |
246 |
247 def test_unrelated_rql_security_1_user(self): |
247 def test_unrelated_rql_security_1_user(self): |
248 self.create_user('toto') |
248 req = self.request() |
|
249 self.create_user(req, 'toto') |
249 self.login('toto') |
250 self.login('toto') |
250 user = self.request().user |
251 user = req.user |
251 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
252 rql = user.cw_unrelated_rql('use_email', 'EmailAddress', 'subject')[0] |
252 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
253 self.assertEqual(rql, 'Any O,AA,AB,AC ORDERBY AC DESC ' |
253 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
254 'WHERE NOT EXISTS(ZZ use_email O), S eid %(x)s, ' |
254 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
255 'O is EmailAddress, O address AA, O alias AB, O modification_date AC') |
255 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
256 user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0) |
351 rset = email.unrelated('use_email', 'CWUser', 'object') |
352 rset = email.unrelated('use_email', 'CWUser', 'object') |
352 self.assertEqual([x.login for x in rset.entities()], [u'admin', u'anon']) |
353 self.assertEqual([x.login for x in rset.entities()], [u'admin', u'anon']) |
353 user = self.request().user |
354 user = self.request().user |
354 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
355 rset = user.unrelated('use_email', 'EmailAddress', 'subject') |
355 self.assertEqual([x.address for x in rset.entities()], [u'hop']) |
356 self.assertEqual([x.address for x in rset.entities()], [u'hop']) |
356 self.create_user('toto') |
357 req = self.request() |
|
358 self.create_user(req, 'toto') |
357 self.login('toto') |
359 self.login('toto') |
358 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
360 email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0) |
359 rset = email.unrelated('use_email', 'CWUser', 'object') |
361 rset = email.unrelated('use_email', 'CWUser', 'object') |
360 self.assertEqual([x.login for x in rset.entities()], ['toto']) |
362 self.assertEqual([x.login for x in rset.entities()], ['toto']) |
361 user = self.request().user |
363 user = self.request().user |