6
0
mirror of https://github.com/FirebirdSQL/firebird-qa.git synced 2025-01-23 05:53:06 +01:00
firebird-qa/tests/functional/syspriv/test_change_header_settings.py

125 lines
4.0 KiB
Python

#coding:utf-8
"""
ID: syspriv.change-header-settings
TITLE: Check ability to change some database header attributes by non-sysdba user who is granted with necessary system privileges
DESCRIPTION:
NB: attributes should be changed one at a time, i.e. one Services API call should change only ONE atribute.
FBTEST: functional.syspriv.change_header_settings
NOTES:
[18.05.2022] pzotov: refactored to be used in firebird-qa suite.
Checked on 4.0.1.2692, 5.0.0.489.
"""
import pytest
from firebird.qa import *
from firebird.driver import DbSpaceReservation
from firebird.driver.types import DatabaseError
substitutions = [('[ \t]+', ' ')]
db = db_factory()
tmp_user = user_factory('db', name='tmp_syspriv_user', password='123')
tmp_role = role_factory('db', name='tmp_role_for_change_db_header')
act = python_act('db', substitutions = substitutions)
expected_stdout_isql = """
MON$SWEEP_INTERVAL 54321
MON$SQL_DIALECT 1
MON$RESERVE_SPACE 0
"""
@pytest.mark.version('>=4.0')
def test_1(act: Action, tmp_user: User, tmp_role:Role, capsys):
init_script = \
f'''
set wng off;
set bail on;
set list on;
set count on;
create or alter view v_check as
select
current_user as who_ami
,r.rdb$role_name
,rdb$role_in_use(r.rdb$role_name) as RDB_ROLE_IN_USE
,r.rdb$system_privileges
from mon$database m cross join rdb$roles r;
commit;
alter user {tmp_user.name} password '123' revoke admin role;
revoke all on all from {tmp_user.name};
create or alter trigger trg_connect active on connect as
begin
end;
commit;
recreate table att_log (
att_id int,
att_name varchar(255),
att_user varchar(255),
att_addr varchar(255),
att_prot varchar(255),
att_dts timestamp default 'now'
);
commit;
grant select on v_check to public;
grant all on att_log to public;
commit;
set term ^;
create or alter trigger trg_connect active on connect as
begin
if ( upper(current_user) <> upper('SYSDBA') ) then
in autonomous transaction do
insert into att_log(att_id, att_name, att_user, att_prot)
select
mon$attachment_id
,mon$attachment_name
,mon$user
,mon$remote_protocol
from mon$attachments
where mon$user = current_user
;
end
^
set term ;^
commit;
-- NB: Privilege 'IGNORE_DB_TRIGGERS' is needed when we return database to ONLINE
-- and this DB has DB-level trigger.
alter role {tmp_role.name}
set system privileges to CHANGE_HEADER_SETTINGS, USE_GFIX_UTILITY, IGNORE_DB_TRIGGERS;
commit;
grant default {tmp_role.name} to user {tmp_user.name};
commit;
'''
act.isql(switches=['-q'], input=init_script)
with act.connect_server(user = tmp_user.name, password = tmp_user.password, role = tmp_role.name) as srv_nondba:
# All subsequent actions must not issue any output:
try:
# change SWEEP interval:
srv_nondba.database.set_sweep_interval(database=act.db.db_path, interval = 54321)
# set SQL dialect to 1:
srv_nondba.database.set_sql_dialect(database=act.db.db_path, dialect = 1)
# change default DB cache size:
srv_nondba.database.set_space_reservation(database=act.db.db_path, mode = DbSpaceReservation.USE_FULL)
except DatabaseError as e:
print(e.__str__())
sql_check = "set list on; select m.mon$sweep_interval, m.mon$sql_dialect, m.mon$reserve_space from mon$database m;"
act.isql(switches=['-q'], input=sql_check)
act.expected_stdout = expected_stdout_isql
assert act.clean_stdout == act.clean_expected_stdout