--- a/devtools/__init__.py Thu Mar 10 12:04:46 2011 +0100
+++ b/devtools/__init__.py Fri Mar 11 09:47:09 2011 +0100
@@ -85,13 +85,6 @@
read_instance_schema = False
init_repository = True
db_require_setup = True
- options = cwconfig.merge_options(
- ServerConfiguration.options +
- tuple((opt, optdict) for opt, optdict in TwistedConfiguration.options
- if opt in ('anonymous-user', 'anonymous-password')))
- # By default anonymous login are allow but some test need to deny of to
- # change the default user. Set it to None to prevent anonymous login.
- anonymous_credential = ('anon', 'anon')
def __init__(self, appid='data', apphome=None, log_threshold=logging.CRITICAL+10):
# must be set before calling parent __init__
@@ -106,7 +99,20 @@
# need this, usually triggered by cubicweb-ctl
self.load_cwctl_plugins()
- anonymous_user = TwistedConfiguration.anonymous_user.im_func
+ # By default anonymous login are allow but some test need to deny of to
+ # change the default user. Set it to None to prevent anonymous login.
+ anonymous_credential = ('anon', 'anon')
+
+ def anonymous_user(self):
+ if not self.anonymous_credential:
+ return None, None
+ return self.anonymous_credential
+
+ def set_anonymous_allowed(self, allowed, anonuser='anon'):
+ if allowed:
+ self.anonymous_credential = (anonuser, anonuser)
+ else:
+ self.anonymous_credential = None
@property
def apphome(self):
@@ -115,10 +121,6 @@
def load_configuration(self):
super(TestServerConfiguration, self).load_configuration()
- if self.anonymous_credential:
- user, password = self.anonymous_credential
- self.global_set_option('anonymous-user', user)
- self.global_set_option('anonymous-password', password)
# no undo support in tests
self.global_set_option('undo-support', '')
--- a/devtools/cwwindmill.py Thu Mar 10 12:04:46 2011 +0100
+++ b/devtools/cwwindmill.py Fri Mar 11 09:47:09 2011 +0100
@@ -93,7 +93,7 @@
edit_test = "-i" in sys.argv # detection for pytest invocation
# Windmill use case are written with no anonymous user
- anonymous_logged = False
+ anonymous_allowed = False
tags = CubicWebServerTC.tags & Tags(('windmill',))
--- a/devtools/httptest.py Thu Mar 10 12:04:46 2011 +0100
+++ b/devtools/httptest.py Fri Mar 11 09:47:09 2011 +0100
@@ -89,12 +89,11 @@
"""Class for running test web server. See :class:`CubicWebServerConfig`.
Class attributes:
- * `anonymous_logged`: flag telling if anonymous user should be logged-in
- by default (True by default) XXX (syt) s/logged-in/allowed/ ?
+ * `anonymous_allowed`: flag telling if anonymous browsing should be allowed
"""
configcls = CubicWebServerConfig
# anonymous is logged by default in cubicweb test cases
- anonymous_logged = True
+ anonymous_allowed = True
def start_server(self):
# use a semaphore to avoid starting test while the http server isn't
@@ -189,6 +188,5 @@
@classmethod
def init_config(cls, config):
- if not cls.anonymous_logged:
- config.anonymous_credential = None
+ config.set_anonymous_allowed(cls.anonymous_allowed)
super(CubicWebServerTC, cls).init_config(config)
--- a/devtools/test/unittest_httptest.py Thu Mar 10 12:04:46 2011 +0100
+++ b/devtools/test/unittest_httptest.py Fri Mar 11 09:47:09 2011 +0100
@@ -42,7 +42,7 @@
class TwistedCWIdentTC(CubicWebServerTC):
- anonymous_logged = False
+ anonymous_allowed = False
tags = CubicWebServerTC.tags | Tags(('auth',))
def test_response_denied(self):
--- a/devtools/testlib.py Thu Mar 10 12:04:46 2011 +0100
+++ b/devtools/testlib.py Fri Mar 11 09:47:09 2011 +0100
@@ -660,6 +660,10 @@
def init_authentication(self, authmode, anonuser=None):
self.set_option('auth-mode', authmode)
self.set_option('anonymous-user', anonuser)
+ if anonuser is None:
+ self.config.anonymous_credential = None
+ else:
+ self.config.anonymous_credential = (anonuser, anonuser)
req = self.request()
origsession = req.session
req.session = req.cnx = None
--- a/entities/test/unittest_wfobjs.py Thu Mar 10 12:04:46 2011 +0100
+++ b/entities/test/unittest_wfobjs.py Fri Mar 11 09:47:09 2011 +0100
@@ -127,6 +127,7 @@
# fetch the entity using the new session
trs = list(cnx.user().cw_adapt_to('IWorkflowable').possible_transitions())
self.assertEqual(len(trs), 0)
+ cnx.close()
def _test_manager_deactivate(self, user):
iworkflowable = user.cw_adapt_to('IWorkflowable')
@@ -211,6 +212,7 @@
with self.assertRaises(ValidationError) as cm:
iworkflowable.fire_transition('activate')
self.assertEqual(cm.exception.errors, {'by_transition-subject': "transition may not be fired"})
+ cnx.close()
def test_fire_transition_owned_by(self):
self.execute('INSERT RQLExpression X: X exprtype "ERQLExpression", '
--- a/server/test/unittest_migractions.py Thu Mar 10 12:04:46 2011 +0100
+++ b/server/test/unittest_migractions.py Fri Mar 11 09:47:09 2011 +0100
@@ -23,7 +23,7 @@
from datetime import date
from os.path import join
-from logilab.common.testlib import TestCase, unittest_main
+from logilab.common.testlib import TestCase, unittest_main, Tags, tag
from yams.constraints import UniqueConstraint
@@ -37,10 +37,13 @@
def tearDownModule(*args):
global migrschema
del migrschema
- del MigrationCommandsTC.origschema
+ if hasattr(MigrationCommandsTC, 'origschema'):
+ del MigrationCommandsTC.origschema
class MigrationCommandsTC(CubicWebTC):
+ tags = CubicWebTC.tags | Tags(('server', 'migration', 'migractions'))
+
@classmethod
def init_config(cls, config):
super(MigrationCommandsTC, cls).init_config(config)
@@ -343,6 +346,7 @@
self.mh.cmd_change_relation_props('Personne', 'adel', 'String',
fulltextindexed=False)
+ @tag('longrun')
def test_sync_schema_props_perms(self):
cursor = self.mh.session
cursor.set_pool()
@@ -464,6 +468,7 @@
finally:
self.mh.cmd_set_size_constraint('CWEType', 'description', None)
+ @tag('longrun')
def test_add_remove_cube_and_deps(self):
cubes = set(self.config.cubes())
schema = self.repo.schema
@@ -527,6 +532,7 @@
self.commit()
+ @tag('longrun')
def test_add_remove_cube_no_deps(self):
cubes = set(self.config.cubes())
schema = self.repo.schema
@@ -558,6 +564,7 @@
self.mh.cmd_remove_cube('file')
self.assertEqual(str(cm.exception), "can't remove cube file, used as a dependency")
+ @tag('longrun')
def test_introduce_base_class(self):
self.mh.cmd_add_entity_type('Para')
self.mh.repo.schema.rebuild_infered_relations()
--- a/server/test/unittest_security.py Thu Mar 10 12:04:46 2011 +0100
+++ b/server/test/unittest_security.py Fri Mar 11 09:47:09 2011 +0100
@@ -27,8 +27,8 @@
class BaseSecurityTC(CubicWebTC):
- def setUp(self):
- CubicWebTC.setUp(self)
+ def setup_database(self):
+ super(BaseSecurityTC, self).setup_database()
self.create_user('iaminusersgrouponly')
self.readoriggroups = self.schema['Personne'].permissions['read']
self.addoriggroups = self.schema['Personne'].permissions['add']
@@ -75,7 +75,7 @@
def tearDown(self):
self.repo.system_source.__dict__.pop('syntax_tree_search', None)
- BaseSecurityTC.tearDown(self)
+ super(SecurityRewritingTC, self).tearDown()
def test_not_relation_read_security(self):
cnx = self.login('iaminusersgrouponly')
@@ -86,6 +86,7 @@
self.execute('Any U WHERE NOT EXISTS(A todo_by U), A is Affaire')
self.assertEqual(self.query[0][1].as_string(),
'Any U WHERE NOT EXISTS(A todo_by U), A is Affaire')
+ cnx.close()
class SecurityTC(BaseSecurityTC):
@@ -104,6 +105,7 @@
cu.execute("INSERT Personne X: X nom 'bidule'")
self.assertRaises(Unauthorized, cnx.commit)
self.assertEqual(cu.execute('Personne X').rowcount, 1)
+ cnx.close()
def test_insert_rql_permission(self):
# test user can only add une affaire related to a societe he owns
@@ -120,6 +122,7 @@
cu.execute("INSERT Societe X: X nom 'chouette'")
cu.execute("SET A concerne S WHERE A sujet 'cool', S nom 'chouette'")
cnx.commit()
+ cnx.close()
def test_update_security_1(self):
cnx = self.login('anon')
@@ -147,6 +150,7 @@
cu.execute("INSERT Personne X: X nom 'biduuule'")
cu.execute("INSERT Societe X: X nom 'looogilab'")
cu.execute("SET X travaille S WHERE X nom 'biduuule', S nom 'looogilab'")
+ cnx.close()
def test_update_rql_permission(self):
self.execute("SET A concerne S WHERE A is Affaire, S is Societe")
@@ -165,6 +169,7 @@
cu.execute("SET A concerne S WHERE A sujet 'pascool', S nom 'chouette'")
cu.execute("SET X sujet 'habahsicestcool' WHERE X sujet 'pascool'")
cnx.commit()
+ cnx.close()
def test_delete_security(self):
# FIXME: sample below fails because we don't detect "owner" can't delete
@@ -177,6 +182,7 @@
cnx = self.login('iaminusersgrouponly')
cu = cnx.cursor()
self.assertRaises(Unauthorized, cu.execute, "DELETE CWGroup Y WHERE Y name 'staff'")
+ cnx.close()
def test_delete_rql_permission(self):
self.execute("SET A concerne S WHERE A is Affaire, S is Societe")
@@ -200,6 +206,7 @@
## self.assertRaises(Unauthorized, cu.execute, "DELETE Affaire X")
cu.execute("DELETE Affaire X WHERE X sujet 'pascool'")
cnx.commit()
+ cnx.close()
def test_insert_relation_rql_permission(self):
@@ -225,6 +232,7 @@
cu.execute("INSERT Societe X: X nom 'chouette'")
cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
cnx.commit()
+ cnx.close()
def test_delete_relation_rql_permission(self):
self.execute("SET A concerne S WHERE A is Affaire, S is Societe")
@@ -249,6 +257,7 @@
cu.execute("SET A concerne S WHERE A is Affaire, S nom 'chouette'")
cnx.commit()
cu.execute("DELETE A concerne S WHERE S nom 'chouette'")
+ cnx.close()
def test_user_can_change_its_upassword(self):
@@ -260,6 +269,7 @@
cnx.commit()
cnx.close()
cnx = self.login('user', password='newpwd')
+ cnx.close()
def test_user_cant_change_other_upassword(self):
ueid = self.create_user('otheruser').eid
@@ -268,6 +278,7 @@
cu.execute('SET X upassword %(passwd)s WHERE X eid %(x)s',
{'x': ueid, 'passwd': 'newpwd'})
self.assertRaises(Unauthorized, cnx.commit)
+ cnx.close()
# read security test
@@ -277,6 +288,7 @@
cu = cnx.cursor()
self.assertRaises(Unauthorized,
cu.execute, 'Personne U where U nom "managers"')
+ cnx.close()
def test_read_erqlexpr_base(self):
eid = self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
@@ -301,6 +313,7 @@
self.assertEqual(rset.rows, [])
# test can't update an attribute of an entity that can't be readen
self.assertRaises(Unauthorized, cu.execute, 'SET X sujet "hacked" WHERE X eid %(x)s', {'x': eid})
+ cnx.close()
def test_entity_created_in_transaction(self):
@@ -337,6 +350,7 @@
rset = cu.execute("Any X WHERE X has_text 'cool'")
self.assertEqual(sorted(eid for eid, in rset.rows),
[card1, aff2])
+ cnx.close()
def test_read_erqlexpr_has_text2(self):
self.execute("INSERT Personne X: X nom 'bidule'")
@@ -349,6 +363,7 @@
self.assertEqual(len(rset.rows), 1, rset.rows)
rset = cu.execute('Any N WITH N BEING (Any N WHERE N has_text "bidule")')
self.assertEqual(len(rset.rows), 1, rset.rows)
+ cnx.close()
def test_read_erqlexpr_optional_rel(self):
self.execute("INSERT Personne X: X nom 'bidule'")
@@ -359,6 +374,7 @@
cu = cnx.cursor()
rset = cu.execute('Any N,U WHERE N has_text "bidule", N owned_by U?')
self.assertEqual(len(rset.rows), 1, rset.rows)
+ cnx.close()
def test_read_erqlexpr_aggregat(self):
self.execute("INSERT Affaire X: X sujet 'cool'")[0][0]
@@ -382,6 +398,7 @@
values = dict(rset)
self.assertEqual(values['Affaire'], 1)
self.assertEqual(values['Societe'], 2)
+ cnx.close()
def test_attribute_security(self):
@@ -429,6 +446,7 @@
cnx.commit()
cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid})
cnx.commit()
+ cnx.close()
def test_attribute_read_security(self):
# anon not allowed to see users'login, but they can see users
@@ -446,6 +464,7 @@
self.assertEqual(x.login, None)
self.failUnless(x.creation_date)
cnx.rollback()
+ cnx.close()
class BaseSchemaSecurityTC(BaseSecurityTC):
"""tests related to the base schema permission configuration"""
@@ -472,6 +491,7 @@
cu.execute('DELETE Affaire X WHERE X ref "ARCT01"')
cnx.commit()
self.failIf(cu.execute('Affaire X'))
+ cnx.close()
def test_users_and_groups_non_readable_by_guests(self):
cnx = self.login('anon')
@@ -498,6 +518,7 @@
# but can't modify it
cu.execute('SET X login "toto" WHERE X eid %(x)s', {'x': anon.eid})
self.assertRaises(Unauthorized, cnx.commit)
+ cnx.close()
def test_in_group_relation(self):
cnx = self.login('iaminusersgrouponly')
@@ -506,6 +527,7 @@
self.assertRaises(Unauthorized, cu.execute, rql)
rql = u"SET U in_group G WHERE U login 'admin', G name 'users'"
self.assertRaises(Unauthorized, cu.execute, rql)
+ cnx.close()
def test_owned_by(self):
self.execute("INSERT Personne X: X nom 'bidule'")
@@ -514,6 +536,7 @@
cu = cnx.cursor()
rql = u"SET X owned_by U WHERE U login 'iaminusersgrouponly', X is Personne"
self.assertRaises(Unauthorized, cu.execute, rql)
+ cnx.close()
def test_bookmarked_by_guests_security(self):
beid1 = self.execute('INSERT Bookmark B: B path "?vid=manage", B title "manage"')[0][0]
@@ -535,6 +558,7 @@
self.assertRaises(Unauthorized,
cu.execute, 'SET B bookmarked_by U WHERE U eid %(x)s, B eid %(b)s',
{'x': anoneid, 'b': beid1})
+ cnx.close()
def test_ambigous_ordered(self):
@@ -542,6 +566,7 @@
cu = cnx.cursor()
names = [t for t, in cu.execute('Any N ORDERBY lower(N) WHERE X name N')]
self.assertEqual(names, sorted(names, key=lambda x: x.lower()))
+ cnx.close()
def test_in_state_without_update_perm(self):
"""check a user change in_state without having update permission on the
@@ -575,6 +600,7 @@
# restore orig perms
for action, perms in affaire_perms.iteritems():
self.schema['Affaire'].set_action_permissions(action, perms)
+ cnx.close()
def test_trinfo_security(self):
aff = self.execute('INSERT Affaire X: X ref "ARCT01"').get_entity(0, 0)
--- a/web/views/basetemplates.py Thu Mar 10 12:04:46 2011 +0100
+++ b/web/views/basetemplates.py Fri Mar 11 09:47:09 2011 +0100
@@ -74,7 +74,7 @@
# FIXME Deprecated code ?
msg = self._cw._('you have been logged out')
w(u'<h2>%s</h2>\n' % msg)
- if self._cw.vreg.config['anonymous-user']:
+ if self._cw.vreg.config.anonymous_user()[0]:
indexurl = self._cw.build_url('view', vid='index', __message=msg)
w(u'<p><a href="%s">%s</a><p>' % (
xml_escape(indexurl),