[core] Protect session data from unwanted loading.
Use specialised Session and Connection types that forward their 'data' and
'session_data' attributes to the pyramid request.session attribute.
This forwarding is done with properties, instead of copying a reference, which
allow to access request.session (and the session factory) if and only if
Session.data or Connection.session_data is accessed.
In some cases, most notably the static resources requests, it can mean no
access the session during the request handling, which saves a request to the
session persistence layer.
Closes #4891437
from pyramid_cubicweb.tests import PyramidCWTest
from pyramid_cubicweb import tools
class ToolsTest(PyramidCWTest):
anonymous_allowed = True
def test_clone_user(self):
with self.admin_access.repo_cnx() as cnx:
user = cnx.find('CWUser', login='anon').one()
user.login # fill the cache
clone = tools.clone_user(self.repo, user)
self.assertEqual(clone.eid, user.eid)
self.assertEqual(clone.login, user.login)
self.assertEqual(clone.cw_rset.rows, user.cw_rset.rows)
self.assertEqual(clone.cw_rset.rql, user.cw_rset.rql)
def test_cnx_attach_entity(self):
with self.admin_access.repo_cnx() as cnx:
user = cnx.find('CWUser', login='anon').one()
with self.admin_access.repo_cnx() as cnx:
tools.cnx_attach_entity(cnx, user)
self.assertEqual(user.login, 'anon')