# HG changeset patch # User Sylvain Thénault # Date 1278408694 -7200 # Node ID 782b27eaf97a17789096f24ff6be0a04fec0ca0a # Parent 0c6f2f8662023d3e0f477b4bf1ef465ca0ddbb14# Parent 002af94623d3486acd3c3f8df669165bbfa487b1 backport stable diff -r 0c6f2f866202 -r 782b27eaf97a appobject.py --- a/appobject.py Tue Jul 06 09:41:19 2010 +0200 +++ b/appobject.py Tue Jul 06 11:31:34 2010 +0200 @@ -293,7 +293,7 @@ return int(not score) def __str__(self): - return 'NOT(%s)' % super(NotSelector, self).__str__() + return 'NOT(%s)' % self.selector class yes(Selector): diff -r 0c6f2f866202 -r 782b27eaf97a selectors.py --- a/selectors.py Tue Jul 06 09:41:19 2010 +0200 +++ b/selectors.py Tue Jul 06 11:31:34 2010 +0200 @@ -883,10 +883,13 @@ if self.target_etype is not None: try: rdef = rschema.role_rdef(eschema, self.target_etype, self.role) - if self.action and not rdef.may_have_permission(self.action, req): - return 0 except KeyError: return 0 + if self.action and not rdef.may_have_permission(self.action, req): + return 0 + teschema = req.vreg.schema.eschema(self.target_etype) + if not teschema.may_have_permission('read', req): + return 0 elif self.action: return rschema.may_have_permission(self.action, req, eschema, self.role) return 1 @@ -903,6 +906,10 @@ return 0 elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid): return 0 + if self.target_etype is not None: + teschema = entity._cw.vreg.schema.eschema(self.target_etype) + if not teschema.may_have_permission('read', req): + return 0 return 1 diff -r 0c6f2f866202 -r 782b27eaf97a server/sources/rql2sql.py --- a/server/sources/rql2sql.py Tue Jul 06 09:41:19 2010 +0200 +++ b/server/sources/rql2sql.py Tue Jul 06 11:31:34 2010 +0200 @@ -822,7 +822,7 @@ assert lhsvar is not None if isinstance(relation.parent, Not) \ and len(lhsvar.stinfo['relations']) > 1 \ - and (rhsvar is None or rhsvar._q_invariant): + and (rhsvar is not None and rhsvar._q_invariant): self._state.done.add(relation.parent) return '%s IS NULL' % self._inlined_var_sql(lhsvar, relation.r_type) lhssql = self._inlined_var_sql(lhsvar, relation.r_type) diff -r 0c6f2f866202 -r 782b27eaf97a server/test/unittest_rql2sql.py --- a/server/test/unittest_rql2sql.py Tue Jul 06 09:41:19 2010 +0200 +++ b/server/test/unittest_rql2sql.py Tue Jul 06 11:31:34 2010 +0200 @@ -1025,9 +1025,16 @@ ('Any X WHERE NOT Y for_user X, X eid 123', '''SELECT 123 -WHERE NOT (EXISTS(SELECT 1 FROM cw_CWProperty AS _Y WHERE _Y.cw_for_user=123)) -'''), +WHERE NOT (EXISTS(SELECT 1 FROM cw_CWProperty AS _Y WHERE _Y.cw_for_user=123))'''), + ('DISTINCT Any X WHERE X from_entity OET, NOT X from_entity NET, OET name "Image", NET eid 1', + '''SELECT DISTINCT _X.cw_eid +FROM cw_CWAttribute AS _X, cw_CWEType AS _OET +WHERE _X.cw_from_entity=_OET.cw_eid AND NOT (_X.cw_from_entity=1) AND _OET.cw_name=Image +UNION +SELECT DISTINCT _X.cw_eid +FROM cw_CWEType AS _OET, cw_CWRelation AS _X +WHERE _X.cw_from_entity=_OET.cw_eid AND NOT (_X.cw_from_entity=1) AND _OET.cw_name=Image'''), ] INTERSECT = [