Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/test/unittest_security.py
branchstable
changeset 4765 c33d12865641
parent 4711 7ef3b029e10b
child 4787 dc07678c4935
equal deleted inserted replaced
4761:e37932b89a6a 4765:c33d12865641 
   255         # more cache test w/ NOT eid
 
   255         # more cache test w/ NOT eid
 
   256         rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid}, 'x')
 
   256         rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid}, 'x')
 
   257         self.assertEquals(rset.rows, [[aff2]])
 
   257         self.assertEquals(rset.rows, [[aff2]])
 
   258         rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x')
 
   258         rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x')
 
   259         self.assertEquals(rset.rows, [])
 
   259         self.assertEquals(rset.rows, [])
 
       
   260         # test can't update an attribute of an entity that can't be readen
 
       
   261         self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid}, 'x')
 
       
   262 
       
   263 
       
   264     def test_entity_created_in_transaction(self):
 
       
   265         affschema = self.schema['Affaire']
 
       
   266         origperms = affschema.permissions['read']
 
       
   267         affschema.set_action_permissions('read', affschema.permissions['add'])
 
       
   268         try:
 
       
   269             cnx = self.login('iaminusersgrouponly')
 
       
   270             cu = cnx.cursor()
 
       
   271             aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
       
   272             # entity created in transaction are readable *by eid*
 
       
   273             self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}, 'x'))
 
       
   274             # XXX would be nice if it worked
 
       
   275             rset = cu.execute("Affaire X WHERE X sujet 'cool'")
 
       
   276             self.assertEquals(len(rset), 0)
 
       
   277         finally:
 
       
   278             affschema.set_action_permissions('read', origperms)
 
       
   279             cnx.close()
 
   260 
   280 
   261     def test_read_erqlexpr_has_text1(self):
 
   281     def test_read_erqlexpr_has_text1(self):
 
   262         aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   282         aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
 
   263         card1 = self.execute("INSERT Card X: X title 'cool'")[0][0]
 
   283         card1 = self.execute("INSERT Card X: X title 'cool'")[0][0]
 
   264         self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1}, 'x')
 
   284         self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1}, 'x')
cubicweb