255 # more cache test w/ NOT eid |
255 # more cache test w/ NOT eid |
256 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid}, 'x') |
256 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': eid}, 'x') |
257 self.assertEquals(rset.rows, [[aff2]]) |
257 self.assertEquals(rset.rows, [[aff2]]) |
258 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x') |
258 rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x') |
259 self.assertEquals(rset.rows, []) |
259 self.assertEquals(rset.rows, []) |
|
260 # test can't update an attribute of an entity that can't be readen |
|
261 self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid}, 'x') |
|
262 |
|
263 |
|
264 def test_entity_created_in_transaction(self): |
|
265 affschema = self.schema['Affaire'] |
|
266 origperms = affschema.permissions['read'] |
|
267 affschema.set_action_permissions('read', affschema.permissions['add']) |
|
268 try: |
|
269 cnx = self.login('iaminusersgrouponly') |
|
270 cu = cnx.cursor() |
|
271 aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
|
272 # entity created in transaction are readable *by eid* |
|
273 self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}, 'x')) |
|
274 # XXX would be nice if it worked |
|
275 rset = cu.execute("Affaire X WHERE X sujet 'cool'") |
|
276 self.assertEquals(len(rset), 0) |
|
277 finally: |
|
278 affschema.set_action_permissions('read', origperms) |
|
279 cnx.close() |
260 |
280 |
261 def test_read_erqlexpr_has_text1(self): |
281 def test_read_erqlexpr_has_text1(self): |
262 aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
282 aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0] |
263 card1 = self.execute("INSERT Card X: X title 'cool'")[0][0] |
283 card1 = self.execute("INSERT Card X: X title 'cool'")[0][0] |
264 self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1}, 'x') |
284 self.execute('SET X owned_by U WHERE X eid %(x)s, U login "iaminusersgrouponly"', {'x': card1}, 'x') |