mirror of
https://github.com/FirebirdSQL/firebird-qa.git
synced 2025-01-22 21:43:06 +01:00
84 lines
3.1 KiB
Python
84 lines
3.1 KiB
Python
#coding:utf-8
|
|
|
|
"""
|
|
ID: syspriv.create-database
|
|
TITLE: Check ability to CREATE database by non-sysdba user who is granted with necessary system privilege
|
|
DESCRIPTION:
|
|
FBTEST: functional.syspriv.create_database
|
|
NOTES:
|
|
[20.05.2022] pzotov
|
|
One need to specify do_not_create=True and do_not_drop=True for db_temp, otherwise this DB will be created
|
|
and init_script will fail to check ability of DB creation. If testing machine have localized OS then such
|
|
attempt will raise status-vector which will have localized message:
|
|
Statement failed, SQLSTATE = 08001
|
|
I/O error during "CreateFile (create)" operation for file "..."
|
|
-Error while trying to create file
|
|
-<LOCALIZED MESSAGE HERE> // ~ "file exists"
|
|
But we will see UnicodeDecodeError instead of full lines and/or SQLSTATE or gdscode.
|
|
Checked on 4.0.1.2692, 5.0.0.497.
|
|
"""
|
|
|
|
import pytest
|
|
from firebird.qa import *
|
|
from firebird.driver.types import DatabaseError
|
|
|
|
substitutions = [('[ \\t]+', ' '), ('DB_NAME.*TMP4TEST.TMP', 'DB_NAME TMP4TEST.TMP'), ('TCPv(4|6)', 'TCP')]
|
|
db_main = db_factory()
|
|
tmp_user = user_factory('db_main', name='tmp_syspriv_user', password='123')
|
|
tmp_role = role_factory('db_main', name='tmp_role_for_create_database')
|
|
act = python_act('db_main', substitutions = substitutions)
|
|
|
|
db_temp = db_factory(filename = 'tmp4test.tmp', do_not_create=True, do_not_drop=True)
|
|
|
|
|
|
expected_stdout_isql = """
|
|
DB_OWNER TMP_SYSPRIV_USER
|
|
DB_NAME TMP4TEST.TMP
|
|
ATT_USER TMP_SYSPRIV_USER
|
|
ATT_PROT TCP
|
|
ATT_AUTH Srp
|
|
"""
|
|
|
|
@pytest.mark.version('>=4.0')
|
|
def test_1(act: Action, tmp_user: User, tmp_role:Role, db_temp: Database, capsys):
|
|
init_script = \
|
|
f"""
|
|
set wng off;
|
|
set bail on;
|
|
set list on;
|
|
connect '{act.db.dsn}' user '{act.db.user}' password '{act.db.password}';
|
|
alter user {tmp_user.name} grant admin role; -- this must be specified!
|
|
commit;
|
|
alter role {tmp_role.name} set system privileges to CREATE_DATABASE;
|
|
commit;
|
|
grant default {tmp_role.name} to user {tmp_user.name};
|
|
commit;
|
|
|
|
/*
|
|
connect 'localhost:security.db' user '{act.db.user}' password '{act.db.password}';
|
|
select
|
|
upper(d.mon$database_name) as security_db_name
|
|
,r.rdb$role_name
|
|
,rdb$role_in_use(r.rdb$role_name) as RDB_ROLE_IN_USE
|
|
,r.rdb$system_privileges
|
|
from mon$database d cross join rdb$roles r;
|
|
commit;
|
|
*/
|
|
|
|
create database '{db_temp.dsn}' user {tmp_user.name} password '{tmp_user.password}';
|
|
select d.mon$owner as db_owner
|
|
,upper(d.mon$database_name) as db_name
|
|
,a.mon$user as att_user
|
|
,a.mon$remote_protocol as att_prot
|
|
,a.mon$auth_method as att_auth
|
|
from mon$database d
|
|
cross join mon$attachments a
|
|
where a.mon$attachment_id = current_connection;
|
|
commit;
|
|
drop database;
|
|
"""
|
|
|
|
act.isql(switches=['-q'], input=init_script, connect_db = False, credentials = False, combine_output=True)
|
|
act.expected_stdout = expected_stdout_isql
|
|
assert act.clean_stdout == act.clean_expected_stdout
|