firebird-qa/tests/bugs/core_1869_test.py

#coding:utf-8
#
# id:           bugs.core_1869
# title:        Roles granting/revoking logic
# decription:   
#                  Test for "grant ... to ... GRANTED BY ..." clause
#                  Checked on:
#                       2.5.9.27107: OK, 0.656s.
#                       3.0.4.32924: OK, 4.313s.
#                       4.0.0.916: OK, 2.406s.
#                
# tracker_id:   CORE-1869
# min_versions: ['2.5.0']
# versions:     2.5
# qmid:         None

import pytest
from firebird.qa import db_factory, isql_act, Action

# version: 2.5
# resources: None

substitutions_1 = []

init_script_1 = """"""

db_1 = db_factory(sql_dialect=3, init=init_script_1)

test_script_1 = """
    create user tmp$c1869_u01 password '123';
    create user tmp$c1869_u02 password '123';
    set term ^;
    execute block as
    begin
      execute statement 'drop role boss';
      when any do begin end
    end
    ^
    set term ;^
    commit;
    create role boss;
    commit;

    recreate view v_grants as
    select
         p.rdb$user                      as who_was_granted
        ,p.rdb$privilege                 as privilege_type 
        ,p.rdb$relation_name             as role_name       
        ,r.rdb$owner_name                as role_owner
        ,p.rdb$grantor                   as granted_by
        ,p.rdb$grant_option              as grant_option   
    from rdb$user_privileges p
    left join rdb$roles r on p.rdb$relation_name = r.rdb$role_name
    where 
        p.rdb$object_type=13
        and upper(p.rdb$user) != upper('SYSDBA') -- we have to add this because role RDB$ADMIN is shown as granted to SYSDBA in 4.0.x
    ;
    commit;
    grant select on v_grants to public;
    commit;

    set list on;

    grant boss to tmp$c1869_u01;
    grant boss to tmp$c1869_u02 granted by tmp$c1869_u01;
    commit;

    -- TWO record should be printed:
    select 'init' as msg, v.* from v_grants v;
    commit;

    connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';

    select current_user, current_role from rdb$database;
    commit;

    connect '$(DSN)' user 'tmp$c1869_u01' password '123';

    -- this should PASS without error: user "_u01" was specified as GRANTOR in the statement: 
    -- "grant boss to ..._u02 granted by ..._u01" (see above):
    revoke boss from tmp$c1869_u02; 
    commit;

    connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';

    -- Now user ..._u02 should be connected WITHOUT any actual role:
    select current_user, current_role from rdb$database;

    -- now only ONE record should be printed:
    select 'fini' as msg, v.* from v_grants v;
    commit;

    connect '$(DSN)' user 'SYSDBA' password 'masterkey';
    drop user tmp$c1869_u01;
    drop user tmp$c1869_u02;
    commit;

"""

act_1 = isql_act('db_1', test_script_1, substitutions=substitutions_1)

expected_stdout_1 = """
    MSG                             init
    WHO_WAS_GRANTED                 TMP$C1869_U01
    PRIVILEGE_TYPE                  M
    ROLE_NAME                       BOSS
    ROLE_OWNER                      SYSDBA
    GRANTED_BY                      SYSDBA
    GRANT_OPTION                    0

    MSG                             init
    WHO_WAS_GRANTED                 TMP$C1869_U02
    PRIVILEGE_TYPE                  M
    ROLE_NAME                       BOSS
    ROLE_OWNER                      SYSDBA
    GRANTED_BY                      TMP$C1869_U01
    GRANT_OPTION                    0

    USER                            TMP$C1869_U02
    ROLE                            BOSS

    USER                            TMP$C1869_U02
    ROLE                            NONE

    MSG                             fini
    WHO_WAS_GRANTED                 TMP$C1869_U01
    PRIVILEGE_TYPE                  M
    ROLE_NAME                       BOSS
    ROLE_OWNER                      SYSDBA
    GRANTED_BY                      SYSDBA
    GRANT_OPTION                    0
"""

@pytest.mark.version('>=2.5')
def test_1(act_1: Action):
    act_1.expected_stdout = expected_stdout_1
    act_1.execute()
    assert act_1.clean_stdout == act_1.clean_expected_stdout
Firebird engine tests 2021-04-26 20:07:00 +02:00			`#coding:utf-8`
			`#`
			`# id: bugs.core_1869`
			`# title: Roles granting/revoking logic`
			`# decription:`
			`# Test for "grant ... to ... GRANTED BY ..." clause`
			`# Checked on:`
			`# 2.5.9.27107: OK, 0.656s.`
			`# 3.0.4.32924: OK, 4.313s.`
			`# 4.0.0.916: OK, 2.406s.`
			`#`
			`# tracker_id: CORE-1869`
			`# min_versions: ['2.5.0']`
			`# versions: 2.5`
			`# qmid: None`

			`import pytest`
			`from firebird.qa import db_factory, isql_act, Action`

			`# version: 2.5`
			`# resources: None`

			`substitutions_1 = []`

			`init_script_1 = """"""`

			`db_1 = db_factory(sql_dialect=3, init=init_script_1)`

			`test_script_1 = """`
			`create user tmp$c1869_u01 password '123';`
			`create user tmp$c1869_u02 password '123';`
			`set term ^;`
			`execute block as`
			`begin`
			`execute statement 'drop role boss';`
			`when any do begin end`
			`end`
			`^`
			`set term ;^`
			`commit;`
			`create role boss;`
			`commit;`

			`recreate view v_grants as`
			`select`
			`p.rdb$user as who_was_granted`
			`,p.rdb$privilege as privilege_type`
			`,p.rdb$relation_name as role_name`
			`,r.rdb$owner_name as role_owner`
			`,p.rdb$grantor as granted_by`
			`,p.rdb$grant_option as grant_option`
			`from rdb$user_privileges p`
			`left join rdb$roles r on p.rdb$relation_name = r.rdb$role_name`
			`where`
			`p.rdb$object_type=13`
			`and upper(p.rdb$user) != upper('SYSDBA') -- we have to add this because role RDB$ADMIN is shown as granted to SYSDBA in 4.0.x`
			`;`
			`commit;`
			`grant select on v_grants to public;`
			`commit;`

			`set list on;`

			`grant boss to tmp$c1869_u01;`
			`grant boss to tmp$c1869_u02 granted by tmp$c1869_u01;`
			`commit;`

			`-- TWO record should be printed:`
			`select 'init' as msg, v.* from v_grants v;`
			`commit;`

			`connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';`

			`select current_user, current_role from rdb$database;`
			`commit;`

			`connect '$(DSN)' user 'tmp$c1869_u01' password '123';`

			`-- this should PASS without error: user "_u01" was specified as GRANTOR in the statement:`
			`-- "grant boss to ..._u02 granted by ..._u01" (see above):`
			`revoke boss from tmp$c1869_u02;`
			`commit;`

			`connect '$(DSN)' user 'tmp$c1869_u02' password '123' role 'BOSS';`

			`-- Now user ..._u02 should be connected WITHOUT any actual role:`
			`select current_user, current_role from rdb$database;`

			`-- now only ONE record should be printed:`
			`select 'fini' as msg, v.* from v_grants v;`
			`commit;`

			`connect '$(DSN)' user 'SYSDBA' password 'masterkey';`
			`drop user tmp$c1869_u01;`
			`drop user tmp$c1869_u02;`
			`commit;`

refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
			`act_1 = isql_act('db_1', test_script_1, substitutions=substitutions_1)`

			`expected_stdout_1 = """`
			`MSG init`
			`WHO_WAS_GRANTED TMP$C1869_U01`
			`PRIVILEGE_TYPE M`
			`ROLE_NAME BOSS`
			`ROLE_OWNER SYSDBA`
			`GRANTED_BY SYSDBA`
			`GRANT_OPTION 0`

			`MSG init`
			`WHO_WAS_GRANTED TMP$C1869_U02`
			`PRIVILEGE_TYPE M`
			`ROLE_NAME BOSS`
			`ROLE_OWNER SYSDBA`
			`GRANTED_BY TMP$C1869_U01`
			`GRANT_OPTION 0`

			`USER TMP$C1869_U02`
			`ROLE BOSS`

			`USER TMP$C1869_U02`
			`ROLE NONE`

			`MSG fini`
			`WHO_WAS_GRANTED TMP$C1869_U01`
			`PRIVILEGE_TYPE M`
			`ROLE_NAME BOSS`
			`ROLE_OWNER SYSDBA`
			`GRANTED_BY SYSDBA`
			`GRANT_OPTION 0`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`"""`
Firebird engine tests 2021-04-26 20:07:00 +02:00
			`@pytest.mark.version('>=2.5')`
Change name scheme for tests 2021-04-28 12:42:11 +02:00			`def test_1(act_1: Action):`
Firebird engine tests 2021-04-26 20:07:00 +02:00			`act_1.expected_stdout = expected_stdout_1`
			`act_1.execute()`
refactoring and other changes 2021-12-22 20:23:11 +01:00			`assert act_1.clean_stdout == act_1.clean_expected_stdout`
Firebird engine tests 2021-04-26 20:07:00 +02:00