--- a/server/test/unittest_security.py Fri Jul 06 09:00:33 2012 +0200
+++ b/server/test/unittest_security.py Fri Jul 06 14:31:13 2012 +0200
@@ -23,8 +23,10 @@
from cubicweb.devtools.testlib import CubicWebTC
from cubicweb import Unauthorized, ValidationError, QueryError
+from cubicweb.schema import ERQLExpression
from cubicweb.server.querier import check_read_access
+
class BaseSecurityTC(CubicWebTC):
def setup_database(self):
@@ -468,6 +470,28 @@
cnx.rollback()
cnx.close()
+ def test_yams_inheritance_and_security_bug(self):
+ oldperms = self.schema['Division'].permissions
+ try:
+ self.schema['Division'].permissions = {
+ 'read': ('managers', ERQLExpression('X owned_by U')),
+ 'add': ('managers', 'users'),
+ 'update': ('managers', 'owners'),
+ 'delete': ('managers', 'owners')}
+ self.login('iaminusersgrouponly')
+ querier = self.repo.querier
+ rqlst = querier.parse('Any X WHERE X is_instance_of Societe')
+ querier.solutions(self.session, rqlst, {})
+ querier._annotate(rqlst)
+ plan = querier.plan_factory(rqlst, {}, self.session)
+ plan.preprocess(rqlst)
+ self.assertEqual(
+ rqlst.as_string(),
+ '(Any X WHERE X is IN(SubDivision, Societe)) UNION (Any X WHERE X is Division, EXISTS(X owned_by %(B)s))')
+ finally:
+ self.schema['Division'].permissions = oldperms
+
+
class BaseSchemaSecurityTC(BaseSecurityTC):
"""tests related to the base schema permission configuration"""