[wip] Add access to the security_context from subsitute variables

Related to #4919855

authorChristophe de Vienne <christophe@unlish.com>
changesetdd582ac2a037
branchdefault
phasedraft
hiddenyes
parent revision#df655cf48679 [wip] Introduce a security_ctx in rqlrewrite
child revision#37f0846caf23 [wip] Inject security context in RQLExpression._check
files modified by this revision
rqlrewrite.py
test/unittest_rqlrewrite.py
# HG changeset patch
# User Christophe de Vienne <christophe@unlish.com>
# Date 1423493581 -3600
# Mon Feb 09 15:53:01 2015 +0100
# Node ID dd582ac2a0371188b2ce12acbbc3e5d02532a37c
# Parent df655cf48679c0863b660908b72467c2bde084cf
[wip] Add access to the security_context from subsitute variables

Related to #4919855

diff --git a/rqlrewrite.py b/rqlrewrite.py
@@ -880,10 +880,14 @@
1              function_.append(c.accept(self))
2          return function_
3 
4      def visit_constant(self, node):
5          """generate filter name for a constant"""
6 +        if node.value.startswith('ctx_'):
7 +            # Make sure the corresponding var is copied from the ctx
8 +            if node.value not in self.kwargs:
9 +                self.kwargs[node.value] = self.security_ctx[node.value[4:]]
10          return n.Constant(node.value, node.type)
11 
12      def visit_variableref(self, node):
13          """get the sql name for a variable reference"""
14          stmt = self.current_statement()
diff --git a/test/unittest_rqlrewrite.py b/test/unittest_rqlrewrite.py
@@ -124,10 +124,24 @@
15          self.assertEqual(rqlst.as_string(),
16                           u"Any C WHERE C is Card, "
17                           "EXISTS(C owned_by A, A in_group B, "
18                           "B name 'agroupname', A is CWUser, B is CWGroup)")
19 
20 +    def test_security_ctx_subst_var(self):
21 +        constraint = (
22 +            'X owned_by USER, USER in_group G, G name %(ctx_maingroup)s')
23 +        rqlst = parse('Card C')
24 +        kwargs = {}
25 +        rewrite(rqlst, {('C', 'X'): (constraint,)},
26 +                kwargs, security_ctx={'maingroup': 'agroupname'})
27 +        self.assertEqual(rqlst.as_string(),
28 +                         u"Any C WHERE C is Card, "
29 +                         "EXISTS(C owned_by A, A in_group B, "
30 +                         "B name %(ctx_maingroup)s, A is CWUser, B is CWGroup)")
31 +        self.assertIn('ctx_maingroup', kwargs)
32 +        self.assertEquals(kwargs['ctx_maingroup'], 'agroupname')
33 +
34      def test_multiple_var(self):
35          card_constraint = ('X in_state S, U in_group G, P require_state S,'
36                             'P name "read", P require_group G')
37          affaire_constraints = ('X ref LIKE "PUBLIC%"', 'U in_group G, G name "public"')
38          kwargs = {'u':2}