6
0
mirror of https://github.com/FirebirdSQL/firebird-qa.git synced 2025-01-22 13:33:07 +01:00
firebird-qa/tests/bugs/core_1869_test.py

123 lines
3.6 KiB
Python
Raw Permalink Normal View History

2021-04-26 20:07:00 +02:00
#coding:utf-8
2022-01-20 17:32:14 +01:00
"""
ID: issue-2300
ISSUE: 2300
TITLE: Roles granting/revoking logic
DESCRIPTION: Test for "grant ... to ... GRANTED BY ..." clause
JIRA: CORE-1869
FBTEST: bugs.core_1869
2022-01-20 17:32:14 +01:00
"""
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
import pytest
from firebird.qa import *
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
db = db_factory()
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
tmp_user_1 = user_factory('db', name='tmp$c1869_u01', password='123')
tmp_user_2 = user_factory('db', name='tmp$c1869_u02', password='123')
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
test_script = """
2021-04-26 20:07:00 +02:00
set term ^;
execute block as
begin
execute statement 'drop role boss';
when any do begin end
end
^
set term ;^
commit;
create role boss;
commit;
recreate view v_grants as
select
p.rdb$user as who_was_granted
2022-01-20 17:32:14 +01:00
,p.rdb$privilege as privilege_type
,p.rdb$relation_name as role_name
2021-04-26 20:07:00 +02:00
,r.rdb$owner_name as role_owner
,p.rdb$grantor as granted_by
2022-01-20 17:32:14 +01:00
,p.rdb$grant_option as grant_option
2021-04-26 20:07:00 +02:00
from rdb$user_privileges p
left join rdb$roles r on p.rdb$relation_name = r.rdb$role_name
2022-01-20 17:32:14 +01:00
where
2021-04-26 20:07:00 +02:00
p.rdb$object_type=13
and upper(p.rdb$user) != upper('SYSDBA') -- we have to add this because role RDB$ADMIN is shown as granted to SYSDBA in 4.0.x
;
commit;
grant select on v_grants to public;
commit;
set list on;
grant boss to tmp$c1869_u01;
grant boss to tmp$c1869_u02 granted by tmp$c1869_u01;
commit;
-- TWO record should be printed:
select 'init' as msg, v.* from v_grants v;
commit;
connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';
select current_user, current_role from rdb$database;
commit;
connect '$(DSN)' user 'tmp$c1869_u01' password '123';
2022-01-20 17:32:14 +01:00
-- this should PASS without error: user "_u01" was specified as GRANTOR in the statement:
2021-04-26 20:07:00 +02:00
-- "grant boss to ..._u02 granted by ..._u01" (see above):
2022-01-20 17:32:14 +01:00
revoke boss from tmp$c1869_u02;
2021-04-26 20:07:00 +02:00
commit;
connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';
-- Now user ..._u02 should be connected WITHOUT any actual role:
select current_user, current_role from rdb$database;
-- now only ONE record should be printed:
select 'fini' as msg, v.* from v_grants v;
commit;
2021-12-22 20:23:11 +01:00
"""
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
act = isql_act('db', test_script)
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
expected_stdout = """
2021-04-26 20:07:00 +02:00
MSG init
WHO_WAS_GRANTED TMP$C1869_U01
PRIVILEGE_TYPE M
ROLE_NAME BOSS
ROLE_OWNER SYSDBA
GRANTED_BY SYSDBA
GRANT_OPTION 0
MSG init
WHO_WAS_GRANTED TMP$C1869_U02
PRIVILEGE_TYPE M
ROLE_NAME BOSS
ROLE_OWNER SYSDBA
GRANTED_BY TMP$C1869_U01
GRANT_OPTION 0
USER TMP$C1869_U02
ROLE BOSS
USER TMP$C1869_U02
ROLE NONE
MSG fini
WHO_WAS_GRANTED TMP$C1869_U01
PRIVILEGE_TYPE M
ROLE_NAME BOSS
ROLE_OWNER SYSDBA
GRANTED_BY SYSDBA
GRANT_OPTION 0
2021-12-22 20:23:11 +01:00
"""
2021-04-26 20:07:00 +02:00
2022-01-20 17:32:14 +01:00
@pytest.mark.version('>=3')
def test_1(act: Action, tmp_user_1: User, tmp_user_2: User):
act.expected_stdout = expected_stdout
act.execute()
assert act.clean_stdout == act.clean_expected_stdout
2021-04-26 20:07:00 +02:00