[PATCH 4 of 4 saem] [security] Update security of the authority record kind relation

Denis Laxalde denis.laxalde at logilab.fr
Fri Apr 14 10:41:25 CEST 2017


Sylvain Thénault a écrit :
>
>
> Le 14/04/2017 à 09:55, Denis Laxalde a écrit :
>> Sylvain Thenault a écrit :
>>> # HG changeset patch
>>> # User Sylvain Thénault <sylvain.thenault at logilab.fr>
>>> # Date 1492070281 -7200
>>> #      Thu Apr 13 09:58:01 2017 +0200
>>> # Node ID a3945adaf0b1d9b6bc0713413610b3c0eaebdceb
>>> # Parent  19025cca31f03f035616ce1995cfbecb728d46c3
>>> [security] Update security of the authority record kind relation
>>>
>>> (still named agent_kind for historical reason).
>>>
>>> In the eac cube, this relation can't be modified unless its value is
>>> 'unknown'.
>>> Here we want to allow modification provided that the record isn't
>>> referenced by
>>> authority_record relation which add constraint on the kind's value.
>>>
>>> To achieve this, update the relation's permission to depends on its
>>> subject
>>> entity's permission, then add a constraint to ensure consistency of
>>> authority_record wrt kind's value.
>>>
>>> Related to #16385734
>>>

>>> diff --git a/test/unittest_schema.py b/test/unittest_schema.py
>>> --- a/test/unittest_schema.py
>>> +++ b/test/unittest_schema.py
>>> @@ -90,10 +90,40 @@ class SchemaConstraintsTC(CubicWebTC):
>>>              self.assertEqual(
>>>                  pou.unrelated('authority_record',
>>> 'AuthorityRecord').one(),
>>>                  cnx.find("AuthorityRecord", has_text=u"Direction de
>>> la communication").one(),
>>>              )
>>>
>>> +    def assertCantChangeRecordKind(self, arecord, kind):
>>> +        cnx = arecord._cw
>>> +        with self.assertValidationError(cnx) as cm:
>>> +            arecord.cw_set(agent_kind=cnx.find('AgentKind',
>>> name=kind).one())
>>> +            cnx.commit()
>>> +        self.assertEqual(cm.exception.errors,
>>> +                         {'agent_kind-subject':
>>> +                          'This record is used by a relation
>>> forbidding to change its type'})
>>
>> Isn't cnx.rollback() needed?
>
> nop, because it's handled by assertValidationError. I've rather removed
> the commit :)

It's getting quite hard to follow. How about removing the
assertValidationError layer and make things explicit?



More information about the saem-devel mailing list