diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 9df914a1de5adc925acd4083b31fb9264f9f65eb..170a25b8c63a34820c5ac2926bcdbe99d758fda0 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -1200,10 +1200,12 @@ def test_deny_update_role():
@mark.xfail(reason="Fix insufficient permission checks of referenced entity names.")
def test_query_with_invisible_reference():
- """Names of references that are not visible to the test user should not be
- usable as query filters.
-
"""
+ Names of references that are not visible to the test user should not be usable as query
+ filters.
+ """
+ db.administration.set_server_property(
+ "QUERY_FILTER_ENTITIES_WITHOUT_RETRIEVE_PERMISSIONS", "FALSE")
rt = db.RecordType(name="TestRT").insert()
rec_invisible = db.Record(name="TestInvisible").add_parent(rt).insert()
@@ -1258,14 +1260,15 @@ def test_select_query_with_invisible_reference():
visible_rec.insert()
# Everything is there when queried as admin
- select_results = db.execute_query(
+ select_query = (
f"SELECT name, {invisible_rt.name}, {invisible_rt.name}.name, "
f"{invisible_rt.name}.{prop.name}, {invisible_rt.name}.{other_rt.name}, "
f"{invisible_rt.name}.{other_rt.name}.name FROM {visible_rec.id}")
- values = select_results.get_property_values(
- "name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
- (invisible_rt.name, prop.name), (invisible_rt.name, other_rt.name),
- (invisible_rt.name, other_rt.name, "name"))[0]
+ select_results = db.execute_query(select_query)
+ value_args = ["name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
+ (invisible_rt.name, prop.name), (invisible_rt.name, other_rt.name),
+ (invisible_rt.name, other_rt.name, "name")]
+ values = select_results.get_property_values(*value_args)[0]
assert values[0] == visible_rec.name
assert values[1] == invisible_rec.id
assert values[2] == invisible_rec.name
@@ -1280,14 +1283,8 @@ def test_select_query_with_invisible_reference():
switch_to_test_user()
- select_results = db.execute_query(
- f"SELECT name, {invisible_rt.name}, {invisible_rt.name}.name, "
- f"{invisible_rt.name}.{prop.name}, {invisible_rt.name}.{other_rt.name}, "
- f"{invisible_rt.name}.{other_rt.name}.name FROM {visible_rec.id}")
- values = select_results.get_property_values(
- "name", f"{invisible_rt.name}", (invisible_rt.name, "name"),
- (invisible_rt.name, prop.name), (invisible_rt.name, other_rt.name),
- (invisible_rt.name, other_rt.name, "name"))[0]
+ select_results = db.execute_query(select_query)
+ values = select_results.get_property_values(*value_args)[0]
assert values[0] == visible_rec.name
assert values[1] == invisible_rec.id # id is ok
assert values[2] is None # name isn't
@@ -1299,22 +1296,19 @@ def test_select_query_with_invisible_reference():
switch_to_admin_user()
- select_results = db.execute_query(
+ select_query = (
f"SELECT {invisible_rt.name}.{visible_rt.name}, "
f"{invisible_rt.name}.{visible_rt.name}.name FROM {visible_rec.id}")
- values = select_results.get_property_values(
- (invisible_rt.name, visible_rt.name),
- (invisible_rt.name, visible_rt.name, "name"))[0]
+ value_args = [(invisible_rt.name, visible_rt.name),
+ (invisible_rt.name, visible_rt.name, "name")]
+ select_results = db.execute_query(select_query)
+ values = select_results.get_property_values(*value_args)[0]
assert values[0] == referenced_visible.id
assert values[1] == referenced_visible.name
switch_to_test_user()
- select_results = db.execute_query(
- f"SELECT {invisible_rt.name}.{visible_rt.name}, "
- f"{invisible_rt.name}.{visible_rt.name}.name FROM {visible_rec.id}")
- values = select_results.get_property_values(
- (invisible_rt.name, visible_rt.name),
- (invisible_rt.name, visible_rt.name, "name"))[0]
+ select_results = db.execute_query(select_query)
+ values = select_results.get_property_values(*value_args)[0]
assert values[0] is None
assert values[1] is None