TST: add tests for caosdb-server#141

5a8a181b · Timm Fitschen · 424b78bf · 5a8a181b · 5a8a181b
Verified Commit 5a8a181b authored 3 years ago by Timm Fitschen
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Tests for caosdb-server#217
 * Tests for caosdb-pylib#61
 * Test for [caosdb-server#136](https://gitlab.com/caosdb/caosdb-server/-/issues/136)
+* Test for [caosdb-server#141](https://gitlab.com/caosdb/caosdb-server/-/issues/141)

 ### Changed (for changes in existing functionality)


--- a/tests/test_issues_server.py
+++ b/tests/test_issues_server.py
@@ -26,15 +26,27 @@ import tempfile
 import time

 import caosdb as db
+from caosdb import administration as admin
 import pytest
 from caosdb.exceptions import TransactionError

+CURATOR_ROLE = "curator"
+

 def setup_module():
+    db.configure_connection()
    try:
        db.execute_query("FIND ENTITY WITH ID > 99").delete()
    except Exception as delete_exc:
        print(delete_exc)
+    try:
+        admin._delete_user("TestUser")
+    except Exception as delete_exc:
+        print(delete_exc)
+    try:
+        admin._delete_role(CURATOR_ROLE)
+    except Exception as delete_exc:
+        print(delete_exc)


 def setup_function(function):
@@ -44,7 +56,7 @@ def setup_function(function):

 def teardown_function(function):
    """Deleting entities again."""
-    pass  # setup_module()
+    setup_module()


 # ########################### Issue tests start here #####################
@@ -800,3 +812,39 @@ def test_136():
    te = err.value
    assert te.has_error(db.UnqualifiedPropertiesError)
    assert "Cannot parse value to integer" in str(te)
+
+
+def test_141():
+    """Roles with `Grant(*)P` permissions still can't update other people's
+    entities."""
+    admin._insert_role(name=CURATOR_ROLE, description="Desc")
+
+    perms = admin._get_permissions(CURATOR_ROLE)
+    g = admin.PermissionRule(action="Grant", permission="*", priority=True)
+    d = admin.PermissionRule(action="Deny", permission="*", priority=True)
+    if g in perms:
+        perms.remove(g)
+    if d in perms:
+        perms.remove(d)
+    perms.add(g)
+    admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+    perms = admin._get_permissions(CURATOR_ROLE)
+    print(perms)
+
+    rt = db.RecordType(name="TestRT", description="Desc1").insert()
+
+    admin._insert_user(name="TestUser", password="Password1!", status="ACTIVE")
+    admin._set_roles(username="TestUser", roles=[CURATOR_ROLE])
+
+    db.configure_connection(username="TestUser", password_method="plain",
+                            password="Password1!")
+    assert db.Info().user_info.name == "TestUser"
+    assert db.Info().user_info.roles == [CURATOR_ROLE]
+
+    rt.description = "Desc2"
+    rt.update()
+    assert rt.description == "Desc2"
+
+    # switch back to admin user
+    db.configure_connection()
+    assert db.execute_query("FIND TestRT", unique=True).description == "Desc2"