# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1267636348 -3600
# Node ID c33d128656415e042df9ac79ef9a6d760cfbc4e9
# Parent  e37932b89a6a9a2ace50cfcde3a9845bcfbcdd1b
more tests

diff -r e37932b89a6a -r c33d12865641 server/test/unittest_querier.py
--- a/server/test/unittest_querier.py	Wed Mar 03 17:49:24 2010 +0100
+++ b/server/test/unittest_querier.py	Wed Mar 03 18:12:28 2010 +0100
@@ -862,6 +862,14 @@
         self.assert_(rset.rows)
         self.assertEquals(rset.description, [('Personne', 'Societe',)])
 
+    def test_insert_5bis(self):
+        peid = self.execute("INSERT Personne X: X nom 'bidule'")[0][0]
+        self.execute("INSERT Societe Y: Y nom 'toto', X travaille Y WHERE X eid %(x)s",
+                     {'x': peid}, 'x')
+        rset = self.execute('Any X, Y WHERE X nom "bidule", Y nom "toto", X travaille Y')
+        self.assert_(rset.rows)
+        self.assertEquals(rset.description, [('Personne', 'Societe',)])
+
     def test_insert_6(self):
         self.execute("INSERT Personne X, Societe Y: X nom 'bidule', Y nom 'toto', X travaille Y")
         rset = self.execute('Any X, Y WHERE X nom "bidule", Y nom "toto", X travaille Y')
diff -r e37932b89a6a -r c33d12865641 server/test/unittest_security.py
--- a/server/test/unittest_security.py	Wed Mar 03 17:49:24 2010 +0100
+++ b/server/test/unittest_security.py	Wed Mar 03 18:12:28 2010 +0100
@@ -257,6 +257,26 @@
         self.assertEquals(rset.rows, [[aff2]])
         rset = cu.execute('Affaire X WHERE NOT X eid %(x)s', {'x': aff2}, 'x')
         self.assertEquals(rset.rows, [])
+        # test can't update an attribute of an entity that can't be readen
+        self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid}, 'x')
+
+
+    def test_entity_created_in_transaction(self):
+        affschema = self.schema['Affaire']
+        origperms = affschema.permissions['read']
+        affschema.set_action_permissions('read', affschema.permissions['add'])
+        try:
+            cnx = self.login('iaminusersgrouponly')
+            cu = cnx.cursor()
+            aff2 = cu.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
+            # entity created in transaction are readable *by eid*
+            self.failUnless(cu.execute('Any X WHERE X eid %(x)s', {'x':aff2}, 'x'))
+            # XXX would be nice if it worked
+            rset = cu.execute("Affaire X WHERE X sujet 'cool'")
+            self.assertEquals(len(rset), 0)
+        finally:
+            affschema.set_action_permissions('read', origperms)
+            cnx.close()
 
     def test_read_erqlexpr_has_text1(self):
         aff1 = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]