def test_query_ex_filter():
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', 'like', 'b')
sqi.parse_then_add_condition('nickname', 'like', 'b')
sqi.check_query_permission_full(None, 'user', ab, None)
assert sqi.conditions == [['nickname', SQL_OP.LIKE, 'b']]
def test_query_add_func():
ab1 = Ability({}, based_on=ab)
def func1(ability: Ability, user, query: 'SQLQueryInfo', view: "AbstractSQLView"):
query.add_condition('nickname', '=', 'aa')
ab1.add_query_condition('user', func=func1)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
ab2 = Ability({}, based_on=ab)
def func2(ability: Ability, user, query: 'SQLQueryInfo'):
query.add_condition('nickname', '=', 'aa')
ab2.add_query_condition('user', func=func2)
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['nickname', SQL_OP.EQ, 'aa'],]
def test_query_condition_add2():
"""
测试添加多个条件
"""
ab2 = Ability({}, based_on=ab)
ab2.add_query_condition('user', [
['username', 'like', '1%'],
['nickname', 'like', '1%'],
])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab2, None)
assert sqi.conditions == [['username', SQL_OP.EQ, 'b'], ['username', SQL_OP.LIKE, '1%'], ['nickname', SQL_OP.LIKE, '1%']]
def test_query_condition_add1():
"""
测试添加单个条件
:return:
"""
ab1 = Ability({}, based_on=ab)
ab1.add_query_condition('user', ['phone', '>=', '123456'])
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('username', '=', 'b')
assert sqi.conditions[-1] == ['username', SQL_OP.EQ, 'b']
sqi.check_query_permission_full(None, 'user', ab1, None)
assert sqi.conditions[-1] == ['phone', SQL_OP.GE, '123456']
def test_query_condition_clear_by_check():
"""
查询权限被检查机制清空的情况
:return:
"""
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('phone', '>', '100')
# # 所有查询条件都被权限机制清空
with pytest.raises(PermissionDenied) as excinfo:
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=True)
assert sqi.conditions == []
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=True)
with pytest.raises(PermissionDenied) as excinfo:
sqi = SQLQueryInfo()
sqi.select = sqi.parse_select('username, nickname, password')
sqi.parse_then_add_condition('phone', '=', 'b')
sqi.parse_then_add_condition('username', '=', 'b')
sqi.check_query_permission_full(None, 'user', ab, None, ignore_error=False)
