Mercurial > p > roundup > code

diff test/db_test_base.py @ 8136:5a2b9435a04d permission-performance

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make permission filter functions configurable For debugging and performance measurements it makes sense to allow turning permission filter functions off.
author Ralf Schlatterbeck <rsc@runtux.com>
date Wed, 23 Oct 2024 17:46:05 +0200
parents aa5ae3f84889
children e9af08743759
line wrap: on
line diff
--- a/test/db_test_base.py	Wed Oct 23 16:29:43 2024 +0200
+++ b/test/db_test_base.py	Wed Oct 23 17:46:05 2024 +0200
@@ -3033,6 +3033,22 @@
         # User may see own and public queries
         self.assertEqual(r, ['5', '6', '4', '3', '2', '1'])
 
+    def testFilteringWithPermissionFilterFunctionOff(self):
+        view_query = self.setupQuery()
+
+        def filter(db, userid, klass):
+            return [dict(filterspec = dict(private_for=['-1', userid]))]
+        perm = self.db.security.addPermission
+        p = perm(name='View', klass='query', check=view_query, filter=filter)
+        self.db.security.addPermissionToRole("User", p)
+        # Turn filtering off
+        self.db.config.RDBMS_DEBUG_FILTER = True
+        filt = self.db.query.filter_with_permissions
+
+        r = filt(None, {}, sort=[('+', 'name')])
+        # User may see own and public queries
+        self.assertEqual(r, ['5', '6', '4', '3', '2', '1'])
+
 # XXX add sorting tests for other types
 
     # nuke and re-create db for restore
Roundup Issue Tracker: http://roundup-tracker.org/