Commit 65f8c2c5 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

[schema/optimization] Wrap rql expressions into EXISTS node when checking individual permissions


Some RQL expression may retrieve several results. It makes sense to wrap them
into an EXISTS node to optimized things a bit. This is already done by security
insertion of 'read' rql expressions.
parent 002007272a76
......@@ -325,6 +325,7 @@ class RQLExpression(object):
keyarg = None
rqlst.recover()
return rql, found, keyarg
rqlst.where = nodes.Exists(rqlst.where)
return rqlst.as_string(), None, None
def _check(self, _cw, **kwargs):
......
......@@ -575,5 +575,31 @@ class CompositeSchemaTC(CubicWebTC):
for r, role in schema[etype].composite_rdef_roles]))
class CWShemaTC(CubicWebTC):
def test_transform_has_permission_match(self):
with self.admin_access.repo_cnx() as cnx:
eschema = cnx.vreg.schema['EmailAddress']
rql_exprs = eschema.get_rqlexprs('update')
self.assertEqual(len(rql_exprs), 1)
self.assertEqual(rql_exprs[0].expression,
'P use_email X, U has_update_permission P')
rql, found, keyarg = rql_exprs[0].transform_has_permission()
self.assertEqual(rql, 'Any X,P WHERE P use_email X, X eid %(x)s')
self.assertEqual(found, [(u'update', 1)])
self.assertEqual(keyarg, None)
def test_transform_has_permission_no_match(self):
with self.admin_access.repo_cnx() as cnx:
eschema = cnx.vreg.schema['EmailAddress']
rql_exprs = eschema.get_rqlexprs('read')
self.assertEqual(len(rql_exprs), 1)
self.assertEqual(rql_exprs[0].expression,
'U use_email X')
rql, found, keyarg = rql_exprs[0].transform_has_permission()
self.assertEqual(rql, 'Any X WHERE EXISTS(U use_email X, X eid %(x)s, U eid %(u)s)')
self.assertEqual(found, None)
self.assertEqual(keyarg, None)
if __name__ == '__main__':
unittest_main()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment