# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1326388627 -3600
# Node ID 6f4229eb8178fbfafdb674e1f4b6bef42de5c4ad
# Parent  f8678956bd05cee47d2b8ee678438ae1aa443f8f
[test] fix test broken by 8158:2ee254e74382 and add a test for that change

diff -r f8678956bd05 -r 6f4229eb8178 server/test/unittest_security.py
--- a/server/test/unittest_security.py	Wed Jan 11 18:29:33 2012 +0100
+++ b/server/test/unittest_security.py	Thu Jan 12 18:17:07 2012 +0100
@@ -646,5 +646,13 @@
                           self.execute, 'SET TI to_state S WHERE TI eid %(ti)s, S name "pitetre"',
                           {'ti': trinfo.eid})
 
+    def test_emailaddress_security(self):
+        self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
+        self.execute('INSERT EmailAddress X: X address "anon", U use_email X WHERE U login "anon"').get_entity(0, 0)
+        self.commit()
+        self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 2)
+        self.login('anon')
+        self.assertEqual(len(self.execute('Any X WHERE X is EmailAddress')), 1)
+
 if __name__ == '__main__':
     unittest_main()
diff -r f8678956bd05 -r 6f4229eb8178 test/unittest_entity.py
--- a/test/unittest_entity.py	Wed Jan 11 18:29:33 2012 +0100
+++ b/test/unittest_entity.py	Thu Jan 12 18:17:07 2012 +0100
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 #
 # This file is part of CubicWeb.
@@ -19,7 +19,10 @@
 """unit tests for cubicweb.web.views.entities module"""
 
 from datetime import datetime
+
 from logilab.common import tempattr
+from logilab.common.decorators import clear_cache
+
 from cubicweb import Binary, Unauthorized
 from cubicweb.devtools.testlib import CubicWebTC
 from cubicweb.mttransforms import HAS_TAL
@@ -314,12 +317,22 @@
                          'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, '
                          'S login AA, S firstname AB, S surname AC, S modification_date AD')
         self.login('anon')
-        email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
-        rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0]
-        self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA '
-                         'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, '
-                         'S login AA, S firstname AB, S surname AC, S modification_date AD, '
-                         'AE eid %(AF)s, EXISTS(S identity AE, NOT AE in_group AG, AG name "guests", AG is CWGroup)')
+        rperms = self.schema['EmailAddress'].permissions['read']
+        clear_cache(self.schema['EmailAddress'], 'get_groups')
+        clear_cache(self.schema['EmailAddress'], 'get_rqlexprs')
+        self.schema['EmailAddress'].permissions['read'] = ('managers', 'users', 'guests',)
+        try:
+            email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
+            rql = email.cw_unrelated_rql('use_email', 'CWUser', 'object')[0]
+            self.assertEqual(rql, 'Any S,AA,AB,AC,AD ORDERBY AA '
+                             'WHERE NOT S use_email O, O eid %(x)s, S is CWUser, '
+                             'S login AA, S firstname AB, S surname AC, S modification_date AD, '
+                             'AE eid %(AF)s, EXISTS(S identity AE, NOT AE in_group AG, AG name "guests", AG is CWGroup)')
+        finally:
+            clear_cache(self.schema['EmailAddress'], 'get_groups')
+            clear_cache(self.schema['EmailAddress'], 'get_rqlexprs')
+            self.schema['EmailAddress'].permissions['read'] = rperms
+
 
     def test_unrelated_rql_security_nonexistant(self):
         self.login('anon')
@@ -457,31 +470,40 @@
                           1)
 
     def test_unrelated_security(self):
-        email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
-        rset = email.unrelated('use_email', 'CWUser', 'object')
-        self.assertEqual([x.login for x in rset.entities()], [u'admin', u'anon'])
-        user = self.request().user
-        rset = user.unrelated('use_email', 'EmailAddress', 'subject')
-        self.assertEqual([x.address for x in rset.entities()], [u'hop'])
-        req = self.request()
-        self.create_user(req, 'toto')
-        self.login('toto')
-        email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
-        rset = email.unrelated('use_email', 'CWUser', 'object')
-        self.assertEqual([x.login for x in rset.entities()], ['toto'])
-        user = self.request().user
-        rset = user.unrelated('use_email', 'EmailAddress', 'subject')
-        self.assertEqual([x.address for x in rset.entities()], ['hop'])
-        user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0)
-        rset = user.unrelated('use_email', 'EmailAddress', 'subject')
-        self.assertEqual([x.address for x in rset.entities()], [])
-        self.login('anon')
-        email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
-        rset = email.unrelated('use_email', 'CWUser', 'object')
-        self.assertEqual([x.login for x in rset.entities()], [])
-        user = self.request().user
-        rset = user.unrelated('use_email', 'EmailAddress', 'subject')
-        self.assertEqual([x.address for x in rset.entities()], [])
+        rperms = self.schema['EmailAddress'].permissions['read']
+        clear_cache(self.schema['EmailAddress'], 'get_groups')
+        clear_cache(self.schema['EmailAddress'], 'get_rqlexprs')
+        self.schema['EmailAddress'].permissions['read'] = ('managers', 'users', 'guests',)
+        try:
+            email = self.execute('INSERT EmailAddress X: X address "hop"').get_entity(0, 0)
+            rset = email.unrelated('use_email', 'CWUser', 'object')
+            self.assertEqual([x.login for x in rset.entities()], [u'admin', u'anon'])
+            user = self.request().user
+            rset = user.unrelated('use_email', 'EmailAddress', 'subject')
+            self.assertEqual([x.address for x in rset.entities()], [u'hop'])
+            req = self.request()
+            self.create_user(req, 'toto')
+            self.login('toto')
+            email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
+            rset = email.unrelated('use_email', 'CWUser', 'object')
+            self.assertEqual([x.login for x in rset.entities()], ['toto'])
+            user = self.request().user
+            rset = user.unrelated('use_email', 'EmailAddress', 'subject')
+            self.assertEqual([x.address for x in rset.entities()], ['hop'])
+            user = self.execute('Any X WHERE X login "admin"').get_entity(0, 0)
+            rset = user.unrelated('use_email', 'EmailAddress', 'subject')
+            self.assertEqual([x.address for x in rset.entities()], [])
+            self.login('anon')
+            email = self.execute('Any X WHERE X eid %(x)s', {'x': email.eid}).get_entity(0, 0)
+            rset = email.unrelated('use_email', 'CWUser', 'object')
+            self.assertEqual([x.login for x in rset.entities()], [])
+            user = self.request().user
+            rset = user.unrelated('use_email', 'EmailAddress', 'subject')
+            self.assertEqual([x.address for x in rset.entities()], [])
+        finally:
+            clear_cache(self.schema['EmailAddress'], 'get_groups')
+            clear_cache(self.schema['EmailAddress'], 'get_rqlexprs')
+            self.schema['EmailAddress'].permissions['read'] = rperms
 
     def test_unrelated_new_entity(self):
         e = self.vreg['etypes'].etype_class('CWUser')(self.request())