From 27ead26a76d31644314b82f549a558752f632c39 Mon Sep 17 00:00:00 2001
From: Florian Spreckelsen <f.spreckelsen@indiscale.com>
Date: Mon, 29 Apr 2024 16:17:16 +0200
Subject: [PATCH] ENH: Add test for container updates of entity ACLs

---
 tests/test_permissions.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 17c5d2d..d44264c 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -1353,6 +1353,10 @@ def test_select_query_with_invisible_reference():
 
 
 def test_update_acl_with_unique():
+    """Test that ACL can be updated despite name duplications with
+    ``unique=False``.
+
+    """
 
     rt = db.RecordType(name="TestType").insert()
     # Name duplicate
@@ -1380,3 +1384,27 @@ def test_update_acl_with_unique():
     rec = db.Record(id=rec1.id).retrieve()
     assert rec.name == rec1.name
     assert rec.name == rec2.name
+
+
+def test_container_update_unique():
+    """Test that ACL updates are performed correctly within a Container."""
+
+    # Both are visible to test at first
+    rt = db.RecordType(name="TestType").insert()
+    rec1 = db.Record(name="TestRec").add_parent(rt).insert()
+    rec2 = db.Record(name="TestRec").add_parent(rt).insert(unique=False)
+
+    switch_to_test_user()
+    ents = db.execute_query("FIND ENTITY TestType")
+    assert len(ents) == 3
+
+    switch_to_admin_user()
+    cont = db.Container().extend([rt, rec1, rec2])
+    cont.retrieve(flags={"ACL": None})
+    for ent in cont:
+        ent.deny(username=test_user, priority=False, permission="RETRIEVE:*")
+    cont.update(unique=False)
+
+    switch_to_test_user()
+    ents = db.execute_query("FIND ENTITY TestType")
+    assert len(ents) == 0
-- 
GitLab