Skip to content
Snippets Groups Projects
Commit 2d9705bd authored by Henrik tom Wörden's avatar Henrik tom Wörden
Browse files

MAINT: minimal refactor

parent 537c4c84
Branches
Tags
1 merge request!69TST: Add xfailing tests for the permissions for referenced entities
Pipeline #44459 failed
......@@ -1200,10 +1200,12 @@ def test_deny_update_role():
@mark.xfail(reason="Fix insufficient permission checks of referenced entity names.")
def test_query_with_invisible_reference():
"""Names of references that are not visible to the test user should not be
usable as query filters.
"""
Names of references that are not visible to the test user should not be usable as query
filters.
"""
db.administration.set_server_property(
"QUERY_FILTER_ENTITIES_WITHOUT_RETRIEVE_PERMISSIONS", "FALSE")
rt = db.RecordType(name="TestRT").insert()
rec_invisible = db.Record(name="TestInvisible").add_parent(rt).insert()
......@@ -1258,14 +1260,15 @@ def test_select_query_with_invisible_reference():
visible_rec.insert()
# Everything is there when queried as admin
select_results = db.execute_query(
select_query = (
f"SELECT name, {invisible_rt.name}, {invisible_rt.name}.name, "
f"{invisible_rt.name}.{prop.name}, {invisible_rt.name}.{other_rt.name}, "
f"{invisible_rt.name}.{other_rt.name}.name FROM {visible_rec.id}")
values = select_results.get_property_values(
"name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
select_results = db.execute_query(select_query)
value_args = ["name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
(invisible_rt.name, prop.name), (invisible_rt.name, other_rt.name),
(invisible_rt.name, other_rt.name, "name"))[0]
(invisible_rt.name, other_rt.name, "name")]
values = select_results.get_property_values(*value_args)[0]
assert values[0] == visible_rec.name
assert values[1] == invisible_rec.id
assert values[2] == invisible_rec.name
......@@ -1280,14 +1283,8 @@ def test_select_query_with_invisible_reference():
switch_to_test_user()
select_results = db.execute_query(
f"SELECT name, {invisible_rt.name}, {invisible_rt.name}.name, "
f"{invisible_rt.name}.{prop.name}, {invisible_rt.name}.{other_rt.name}, "
f"{invisible_rt.name}.{other_rt.name}.name FROM {visible_rec.id}")
values = select_results.get_property_values(
"name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
(invisible_rt.name, prop.name), (invisible_rt.name, other_rt.name),
(invisible_rt.name, other_rt.name, "name"))[0]
select_results = db.execute_query(select_query)
values = select_results.get_property_values(*value_args)[0]
assert values[0] == visible_rec.name
assert values[1] == invisible_rec.id # id is ok
assert values[2] is None # name isn't
......@@ -1299,22 +1296,19 @@ def test_select_query_with_invisible_reference():
switch_to_admin_user()
select_results = db.execute_query(
select_query = (
f"SELECT {invisible_rt.name}.{visible_rt.name}, "
f"{invisible_rt.name}.{visible_rt.name}.name FROM {visible_rec.id}")
values = select_results.get_property_values(
(invisible_rt.name, visible_rt.name),
(invisible_rt.name, visible_rt.name, "name"))[0]
value_args = [(invisible_rt.name, visible_rt.name),
(invisible_rt.name, visible_rt.name, "name")]
select_results = db.execute_query(select_query)
values = select_results.get_property_values(*value_args)[0]
assert values[0] == referenced_visible.id
assert values[1] == referenced_visible.name
switch_to_test_user()
select_results = db.execute_query(
f"SELECT {invisible_rt.name}.{visible_rt.name}, "
f"{invisible_rt.name}.{visible_rt.name}.name FROM {visible_rec.id}")
values = select_results.get_property_values(
(invisible_rt.name, visible_rt.name),
(invisible_rt.name, visible_rt.name, "name"))[0]
select_results = db.execute_query(select_query)
values = select_results.get_property_values(*value_args)[0]
assert values[0] is None
assert values[1] is None
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment