[PATCH 1 of 4 saem_ref V2] [security] Fix security on the code_keyword_type relation

Sylvain Thenault sylvain.thenault at logilab.fr
Tue Apr 11 10:22:00 CEST 2017


# HG changeset patch
# User Sylvain Thénault <sylvain.thenault at logilab.fr>
# Date 1491831366 -7200
#      Mon Apr 10 15:36:06 2017 +0200
# Node ID 9bf0d4951f012022e1a5e0ec6d305f0d35062659
# Parent  97b0930ee722e32f9dc65662c4f689406867b7d4
[security] Fix security on the code_keyword_type relation

Because of permissions on ConceptScheme in the saem_ref cube, security for this
relation has to be checked on commit, else we get unexpected Unauthorized error
during scheme creation.

Related to extranet #16383144

diff --git a/cubicweb_saem_ref/hooks.py b/cubicweb_saem_ref/hooks.py
--- a/cubicweb_saem_ref/hooks.py
+++ b/cubicweb_saem_ref/hooks.py
@@ -467,5 +467,6 @@ def registration_callback(vreg):
     # Add relations involved in a composite graph with security setup to "on
     # commit" check step.
     graph = ConceptSchemeGraph(vreg.schema)
     for rdef, __ in utils.mandatory_rdefs(vreg.schema, graph.parent_structure('ConceptScheme')):
         ON_COMMIT_ADD_RELATIONS.add(rdef.rtype)
+    ON_COMMIT_ADD_RELATIONS.add('code_keyword_type')
diff --git a/test/test_security.py b/test/test_security.py
--- a/test/test_security.py
+++ b/test/test_security.py
@@ -49,16 +49,28 @@ class NonManagerUserTC(CubicWebTC):
             cnx.commit()
             profile.cw_set(user_annotation=u'meh')
             cnx.commit()
 
     def test_create_update_vocabulary(self):
+        with self.admin_access.cnx() as cnx:
+            admin_scheme = testutils.scheme_for_type(cnx, u'seda_keyword_type_to', None,
+                                                     u'type1')
+            cnx.commit()
+            type_concept = admin_scheme.reverse_in_scheme[0]
+
         with self.new_access(self.login).cnx() as cnx:
             scheme = testutils.setup_scheme(cnx, u'my scheme',
-                                            u'lab1', u'lab2')
+                                            u'lab1', u'lab2', code_keyword_type=type_concept)
             cnx.commit()
             scheme.add_concept(u'lab3')
             cnx.commit()
+            scheme.cw_set(code_keyword_type=None)
+            cnx.commit()
+
+            admin_scheme = cnx.entity_from_eid(admin_scheme.eid)
+            admin_scheme.cw_set(code_keyword_type=type_concept)
+            cnx.commit()
 
     def test_create_update_agent_in_own_organization(self):
         with self.admin_access.cnx() as cnx:
             org = testutils.authority_with_naa(cnx)
             cnx.execute('SET U authority O WHERE U login %(login)s, O eid %(o)s',
diff --git a/test/testutils.py b/test/testutils.py
--- a/test/testutils.py
+++ b/test/testutils.py
@@ -112,13 +112,13 @@ def authority_with_naa(cnx, name=u'Defau
         with cnx.security_enabled(False, False):
             authority.cw_set(ark_naa=naa(cnx))
     return authority
 
 
-def setup_scheme(cnx, title, *labels):
+def setup_scheme(cnx, title, *labels, **kwargs):
     """Return info new concept scheme"""
-    scheme = cnx.create_entity('ConceptScheme', title=title, ark_naa=naa(cnx))
+    scheme = cnx.create_entity('ConceptScheme', title=title, ark_naa=naa(cnx), **kwargs)
     for label in labels:
         scheme.add_concept(label)
     return scheme
 
 


More information about the saem-devel mailing list