diff --git a/tests/bugs/gh_7217_test.py b/tests/bugs/gh_7217_test.py new file mode 100644 index 00000000..1e455682 --- /dev/null +++ b/tests/bugs/gh_7217_test.py @@ -0,0 +1,116 @@ +#coding:utf-8 + +""" +ID: issue-7217 +ISSUE: https://github.com/FirebirdSQL/firebird/issues/7217 +TITLE: user with DROP ANY PACKAGE privilege can not execute DROP PACKAGE BODY +NOTES: + [25.02.2023] pzotov + Confirmed bug on 5.0.0.520. + Checked on 5.0.0.959 - all OK. +""" + +import pytest +from firebird.qa import * + +init_script = """ + set term ^; + create package pg_test_1 as + begin + procedure pg_sp_1 returns(id int); + end + ^ + create package pg_test_2 as + begin + procedure pg_sp_2 returns(id int); + end + ^ + create package body pg_test_1 as + begin + procedure pg_sp_1 returns(id int) as + begin + id = 1; + suspend; + end + end + ^ + create package body pg_test_2 as + begin + procedure pg_sp_2 returns(id int) as + begin + id = 1; + suspend; + end + end + ^ + set term ;^ + commit; +""" +db = db_factory(init = init_script) + +tmp_usr1 = user_factory('db', name = 'tmp_user_7217_foo', password = '123') +tmp_usr2 = user_factory('db', name = 'tmp_user_7217_bar', password = '456') +tmp_role = role_factory('db', name = 'tmp_role_7217') + +act = python_act('db') + +expected_stdout = """ + RDB$PACKAGE_BODY_SOURCE + RDB$PACKAGE_BODY_SOURCE + Records affected: 2 +""" + +@pytest.mark.version('>=5.0') +def test_1(act: Action, tmp_usr1: User, tmp_usr2: User, tmp_role: Role): + + test_script = f""" + set bail on; + + connect '{act.db.dsn}' user {act.db.user} password '{act.db.password}'; + grant DROP ANY PACKAGE to {tmp_usr1.name}; + grant DROP ANY PACKAGE to {tmp_role.name}; + grant {tmp_role.name} to {tmp_usr2.name}; + commit; + set autoddl off; + set bail off; + ----------------------------------------------------- + -- 1. Check that user can drop package when this permission was granted to HIMSELF: + connect '{act.db.dsn}' user {tmp_usr1.name} password '{tmp_usr1.password}'; + drop package body pg_test_1; + rollback; + + set term ^; + execute block as + begin + execute statement 'drop package body pg_test_1'; + end + ^ + set term ;^ + commit; + ----------------------------------------------------- + -- 2. Check that user can drop package when this permission was granted to ROLE which, in turn, was granted to that user: + connect '{act.db.dsn}' user {tmp_usr2.name} password '{tmp_usr2.password}' role {tmp_role.name}; + drop package body pg_test_2; + rollback; + + set term ^; + execute block as + begin + execute statement 'drop package body pg_test_2'; + end + ^ + set term ;^ + commit; + ----------------------------------------------------- + -- 3. Check that both packages now have no bodies: + connect '{act.db.dsn}' user {act.db.user} password '{act.db.password}'; + set count on; + set list on; + set blob all; + -- must issue two rows, both with literals: + select p.rdb$package_body_source from rdb$packages p where p.rdb$package_name in ( upper('pg_test_1'),upper('pg_test_2') ); + """ + + act.expected_stdout = expected_stdout + act.isql(switches=['-q'], input = test_script, connect_db = False, credentials = False, combine_output = True) + assert act.clean_stdout == act.clean_expected_stdout