F parse acl

Summary

Fixes the xml parsing of EntityACLs.

Focus

Point the reviewer to the core of the code change. Where should they start reading? What should they focus on (e.g. security, performance, maintainability, user-friendliness, compliance with the specs, finding more corner cases, concrete questions)?

Test Environment

How to set up a test environment for manual testing?

Check List for the Author

Please, prepare your MR for a review. Be sure to write a summary and a focus and create gitlab comments for the reviewer. They should guide the reviewer through the changes, explain your changes and also point out open questions. For further good practices have a look at our review guidelines

• All automated tests pass
• Reference related issues
• Up-to-date CHANGELOG.md (or not necessary)
• Annotations in code (Gitlab comments)
  • Intent of new code
  • Problems with old code
  • Why this implementation?

Check List for the Reviewer

• I understand the intent of this MR
• All automated tests pass
• Up-to-date CHANGELOG.md (or not necessary)
• The test environment setup works and the intended behavior is reproducible in the test environment
• In-code documentation and comments are up-to-date.
• Check: Are there specifications? Are they satisfied?

For further good practices have a look at our review guidelines.

tests/test_state.py

@@ -111,6 +111,7 @@ def setup_module():
             "ACL": None})
     state_acl = db.ACL()
     state_acl.grant(role="role1", permission="UPDATE:DESCRIPTION")
+    state_acl.deny(role="anonymous", permission="RETRIEVE:ENTITY")
     state_acl = db.State.create_state_acl(state_acl)
     st1.acl = state_acl.combine(st1.acl)
     st1.update_acl()
@@ -146,6 +147,8 @@ def setup_module():
 
 def teardown_function(function):
     switch_to_admin_user()
+    # deactivate anonymous user
+    db.administration.set_server_property("AUTH_OPTIONAL", "FALSE")
     d = db.execute_query("FIND TestRT")
     if len(d) > 0:
         d.delete(flags={"forceFinalState": "true"})
@@ -480,10 +483,14 @@ def test_transfer_state_acl():
     rec.state = db.State(model="Model1", name="State1")
     insert_rec = rec.insert(flags={"ACL": None})
 
-    state_acl = db.ACL().combine(db.get_global_acl())
+    state_acl = db.ACL()
     state_acl.grant(role="role1", permission="UPDATE:DESCRIPTION")
+    state_acl.deny(role="anonymous", permission="RETRIEVE:ENTITY")
+    state_acl = state_acl.combine(db.get_global_acl())
 
     # the acl has been transfered from the state record
+    assert insert_rec.acl.get_permissions_for_role("role1") == {"UPDATE:DESCRIPTION"}
+    assert "RETRIEVE:ENTITY" not in insert_rec.acl.get_permissions_for_role("anonymous")
     assert insert_rec.acl == state_acl
 
 
@@ -806,3 +813,28 @@ def test_transitions_included_after_empty_update():
                                               db.Transition(name="Transition4",
                                                             from_state="State2",
                                                             to_state="State2")}
+
+
+def test_missing_retrieve_permission():
+    """When the retrieve permission is missing, the state must not be leaked."""
+    rec = db.Record()
+    rec.description = "old description"
+    rec.add_parent("TestRT")
+    rec.state = db.State(model="Model1", name="State1")
+    rec.insert(flags={"ACL": None})
+    print(rec)
+
+    # switch to anonymous
+    db.administration.set_server_property("AUTH_OPTIONAL", "TRUE")
+    db.configure_connection(password_method="unauthenticated")
+    assert db.Info().user_info.roles == ["anonymous"]
+
+    rec2 = db.Record(id=rec.id)
+    with pytest.raises(db.TransactionError) as te:
+        rec2.retrieve()
+    assert te.value.has_error(db.AuthorizationError)
+
+    rec2 = db.Record(id=rec.id)
+    rec2.retrieve(raise_exception_on_error=False)
+    assert len(rec2.get_errors()) > 0
+    assert rec2.state is None