def test_query_ex_filter():
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', 'like', 'b')
sqi.parse_then_add_condition('nickname', 'like', 'b')
sqi.check_query_permission_full(None, 'user', ab, None)
assert sqi.conditions == [['nickname', SQL_OP.LIKE, 'b']]
def test_query_add_func():
ab1 = Ability({}, based_on=ab)
def func1(ability: Ability, user, query: 'SQLQueryInfo', view: "AbstractSQLView"):
query.add_condition('nickname', '=', 'aa')
ab1.add_query_condition('user', func=func1)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
ab2 = Ability({}, based_on=ab)
def func2(ability: Ability, user, query: 'SQLQueryInfo'):
query.add_condition('nickname', '=', 'aa')
ab2.add_query_condition('user', func=func2)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
async def test_condition_bind_error_column_not_found():
sqi = SQLQueryInfo()
sqi.parse_then_add_condition('name1', '=', '1')
view: PeeweeView = await make_mocked_view_instance(app, ATestView, 'GET',
'/api/test1')
with pytest.raises(ColumnNotFound) as e:
sqi.bind(view)
assert 'name1' in e.value.args[0]
async def test_condition_bind_error_convert_failed():
sqi = SQLQueryInfo()
sqi.parse_then_add_condition('name', '=', {})
view: PeeweeView = await make_mocked_view_instance(app, ATestView, 'GET',
'/api/test1')
with pytest.raises(InvalidParams) as e:
sqi.bind(view)
assert 'name' in e.value.args[0]
assert "Couldn't interpret" in str(e.value)
def test_query_condition_add2():
"""
测试添加多个条件
"""
ab2 = Ability({}, based_on=ab)
ab2.add_query_condition('user', [
['username', 'like', '1%'],
['nickname', 'like', '1%'],
])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['username', SQL_OP.LIKE, '1%'], ['nickname', SQL_OP.LIKE, '1%']]
def test_query_condition_add1():
"""
测试添加单个条件
:return:
"""
ab1 = Ability({}, based_on=ab)
ab1.add_query_condition('user', ['phone', '>=', '123456'])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
assert sqi.conditions[-1] == ['username', SQL_OP.EQ, 'b']
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions[-1] == ['phone', SQL_OP.GE, '123456']
async def test_very_simple_condition():
sqi = SQLQueryInfo()
sqi.parse_then_add_condition('a', '=', 'b')
assert sqi.conditions[0] == ['a', SQL_OP.EQ, 'b']
sqi = SQLQueryInfo()
sqi.parse_then_add_condition('a', 'like', 'b')
assert sqi.conditions[0] == ['a', SQL_OP.LIKE, 'b']
for i in SQL_OP.ALL:
sqi = SQLQueryInfo()
if i in SQL_OP.IN.value or i in SQL_OP.CONTAINS.value or i in SQL_OP.CONTAINS_ANY.value:
sqi.parse_then_add_condition('a', i, '[1,2]')
assert sqi.conditions[0] == ['a', SQL_OP.txt2op[i], [1, 2]]
else:
sqi.parse_then_add_condition('a', i, 'b')
assert sqi.conditions[0] == ['a', SQL_OP.txt2op[i], 'b']
async def test_condition_bind_error_in_or_not_in_value():
sqi = SQLQueryInfo()
with pytest.raises(InvalidParams) as e:
sqi.parse_then_add_condition('name', 'in', [1, 2])
assert 'name' in e.value.args[0]
async def test_condition_bind():
sqi = SQLQueryInfo()
sqi.parse_then_add_condition('name', '=', '1')
view: PeeweeView = await make_mocked_view_instance(app, ATestView, 'GET',
'/api/test1')
sqi.bind(view)
def test_query_condition_clear_by_check():
"""
查询权限被检查机制清空的情况
:return:
"""
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('phone', '>', '100')
# # 所有查询条件都被权限机制清空
with pytest.raises(PermissionDenied) as excinfo:
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=True)
assert sqi.conditions == []
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=True)
with pytest.raises(PermissionDenied) as excinfo:
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=False)