Skip to content

Commit ba7dc0d

Browse files
nyalldawsonnyalldawson
committedFeb 21, 2016
Add unit tests for #13919
·
ltr-3_40archive/master_2
1 parent 0446f50 commit ba7dc0d

File tree

6 files changed

+707
-934
lines changed

6 files changed

+707
-934
lines changed
 

‎tests/src/python/test_qgsserver_accesscontrol.py

Lines changed: 231 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,12 @@ def layerFilterSubsetString(self, layer):
103103
if not self._active:
104104
return super(RestrictedAccessControl, self).layerFilterSubsetString(layer)
105105

106-
return "pk = 1" if layer.name() == "Hello_SubsetString" else None
106+
if layer.name() == "Hello_SubsetString":
107+
return "pk = 1"
108+
elif layer.name() == "Hello_Project_SubsetString":
109+
return "pkuid = 6 or pkuid = 7"
110+
else:
111+
return None
107112

108113
def layerPermissions(self, layer):
109114
""" Return the layer rights """
@@ -861,6 +866,42 @@ def test_wms_getmap_subsetstring(self):
861866
response, headers = self._get_restricted(query_string)
862867
self._img_diff_error(response, headers, "Restricted_WMS_GetMap")
863868

869+
def test_wms_getmap_projectsubsetstring(self):
870+
""" test that project set layer subsetStrings are honored"""
871+
query_string = "&".join(["%s=%s" % i for i in {
872+
"MAP": urllib.quote(self.projectPath),
873+
"SERVICE": "WMS",
874+
"VERSION": "1.1.1",
875+
"REQUEST": "GetMap",
876+
"LAYERS": "Hello_Project_SubsetString",
877+
"STYLES": "",
878+
"FORMAT": "image/png",
879+
"BBOX": "-16817707,-4710778,5696513,14587125",
880+
"HEIGHT": "500",
881+
"WIDTH": "500",
882+
"SRS": "EPSG:3857"
883+
}.items()])
884+
885+
response, headers = self._get_fullaccess(query_string)
886+
self._img_diff_error(response, headers, "WMS_GetMap_projectsubstring")
887+
888+
query_string = "&".join(["%s=%s" % i for i in {
889+
"MAP": urllib.quote(self.projectPath),
890+
"SERVICE": "WMS",
891+
"VERSION": "1.1.1",
892+
"REQUEST": "GetMap",
893+
"LAYERS": "Hello_Project_SubsetString",
894+
"STYLES": "",
895+
"FORMAT": "image/png",
896+
"BBOX": "-16817707,-4710778,5696513,14587125",
897+
"HEIGHT": "500",
898+
"WIDTH": "500",
899+
"SRS": "EPSG:3857"
900+
}.items()])
901+
902+
response, headers = self._get_restricted(query_string)
903+
self._img_diff_error(response, headers, "Restricted_WMS_GetMap_projectsubstring")
904+
864905
def test_wms_getfeatureinfo_subsetstring(self):
865906
query_string = "&".join(["%s=%s" % i for i in {
866907
"SERVICE": "WMS",
@@ -930,6 +971,113 @@ def test_wms_getfeatureinfo_subsetstring2(self):
930971
str(response).find("<qgs:pk>") != -1,
931972
"Unexpected result result in GetFeatureInfo Hello/2\n%s" % response)
932973

974+
def test_wms_getfeatureinfo_projectsubsetstring(self):
975+
"""test that layer subsetStrings set in projects are honored. This test checks for a feature which should be filtered
976+
out by the project set layer subsetString
977+
"""
978+
query_string = "&".join(["%s=%s" % i for i in {
979+
"SERVICE": "WMS",
980+
"VERSION": "1.1.1",
981+
"REQUEST": "GetFeatureInfo",
982+
"LAYERS": "Hello_Project_SubsetString",
983+
"QUERY_LAYERS": "Hello_Project_SubsetString",
984+
"STYLES": "",
985+
"FORMAT": "image/png",
986+
"BBOX": "-16817707,-4710778,5696513,14587125",
987+
"HEIGHT": "500",
988+
"WIDTH": "500",
989+
"SRS": "EPSG:3857",
990+
"FEATURE_COUNT": "10",
991+
"INFO_FORMAT": "application/vnd.ogc.gml",
992+
"X": "56",
993+
"Y": "144",
994+
"MAP": urllib.quote(self.projectPath)
995+
}.items()])
996+
997+
response, headers = self._get_fullaccess(query_string)
998+
self.assertFalse(
999+
str(response).find("<qgs:pk>") != -1,
1000+
"Project set layer subsetString not honored in WMS GetFeatureInfo/1\n%s" % response)
1001+
1002+
response, headers = self._get_restricted(query_string)
1003+
self.assertFalse(
1004+
str(response).find("<qgs:pk>") != -1,
1005+
"Project set layer subsetString not honored in WMS GetFeatureInfo when access control applied/1\n%s" % response)
1006+
1007+
def test_wms_getfeatureinfo_projectsubsetstring2(self):
1008+
"""test that layer subsetStrings set in projects are honored. This test checks for a feature which should be pass
1009+
both project set layer subsetString and access control filters
1010+
"""
1011+
query_string = "&".join(["%s=%s" % i for i in {
1012+
"SERVICE": "WMS",
1013+
"VERSION": "1.1.1",
1014+
"REQUEST": "GetFeatureInfo",
1015+
"LAYERS": "Hello_Project_SubsetString",
1016+
"QUERY_LAYERS": "Hello_Project_SubsetString",
1017+
"STYLES": "",
1018+
"FORMAT": "image/png",
1019+
"BBOX": "-1623412,3146330,-1603412,3166330",
1020+
"HEIGHT": "500",
1021+
"WIDTH": "500",
1022+
"SRS": "EPSG:3857",
1023+
"FEATURE_COUNT": "10",
1024+
"INFO_FORMAT": "application/vnd.ogc.gml",
1025+
"X": "146",
1026+
"Y": "160",
1027+
"MAP": urllib.quote(self.projectPath)
1028+
}.items()])
1029+
1030+
response, headers = self._get_fullaccess(query_string)
1031+
self.assertTrue(
1032+
str(response).find("<qgs:pk>") != -1,
1033+
"No result result in GetFeatureInfo Hello/2\n%s" % response)
1034+
self.assertTrue(
1035+
str(response).find("<qgs:pk>7</qgs:pk>") != -1,
1036+
"No good result result in GetFeatureInfo Hello/2\n%s" % response)
1037+
1038+
response, headers = self._get_restricted(query_string)
1039+
self.assertTrue(
1040+
str(response).find("<qgs:pk>") != -1,
1041+
"No result result in GetFeatureInfo Hello/2\n%s" % response)
1042+
self.assertTrue(
1043+
str(response).find("<qgs:pk>7</qgs:pk>") != -1,
1044+
"No good result result in GetFeatureInfo Hello/2\n%s" % response)
1045+
1046+
def test_wms_getfeatureinfo_projectsubsetstring2(self):
1047+
"""test that layer subsetStrings set in projects are honored. This test checks for a feature which should be pass
1048+
the project set layer subsetString but fail the access control checks
1049+
"""
1050+
query_string = "&".join(["%s=%s" % i for i in {
1051+
"SERVICE": "WMS",
1052+
"VERSION": "1.1.1",
1053+
"REQUEST": "GetFeatureInfo",
1054+
"LAYERS": "Hello_Project_SubsetString",
1055+
"QUERY_LAYERS": "Hello_Project_SubsetString",
1056+
"STYLES": "",
1057+
"FORMAT": "image/png",
1058+
"BBOX": "3415650,2018968,3415750,2019968",
1059+
"HEIGHT": "500",
1060+
"WIDTH": "500",
1061+
"SRS": "EPSG:3857",
1062+
"FEATURE_COUNT": "10",
1063+
"INFO_FORMAT": "application/vnd.ogc.gml",
1064+
"X": "146",
1065+
"Y": "160",
1066+
"MAP": urllib.quote(self.projectPath)
1067+
}.items()])
1068+
1069+
response, headers = self._get_fullaccess(query_string)
1070+
self.assertTrue(
1071+
str(response).find("<qgs:pk>") != -1,
1072+
"No result result in GetFeatureInfo Hello/2\n%s" % response)
1073+
self.assertTrue(
1074+
str(response).find("<qgs:pk>8</qgs:pk>") != -1,
1075+
"No good result result in GetFeatureInfo Hello/2\n%s" % response)
1076+
1077+
response, headers = self._get_restricted(query_string)
1078+
self.assertFalse(
1079+
str(response).find("<qgs:pk>") != -1,
1080+
"Unexpected result from GetFeatureInfo Hello/2\n%s" % response)
9331081

9341082
# # WFS # # WFS # # WFS # #
9351083

@@ -980,6 +1128,88 @@ def test_wfs_getfeature_subsetstring2(self):
9801128
str(response).find("<qgs:pk>") != -1,
9811129
"Unexpected result in GetFeature\n%s" % response)
9821130

1131+
def test_wfs_getfeature_project_subsetstring(self):
1132+
"""Tests access control with a subset string already applied to a layer in a project
1133+
'Hello_Project_SubsetString' layer has a subsetString of "pkuid in (7,8)"
1134+
This test checks for retrieving a feature which should be available in with/without access control
1135+
"""
1136+
data = """<?xml version="1.0" encoding="UTF-8"?>
1137+
<wfs:GetFeature {xml_ns}>
1138+
<wfs:Query typeName="Hello_Project_SubsetString" srsName="EPSG:3857" xmlns:feature="http://www.qgis.org/gml">
1139+
<ogc:Filter xmlns:ogc="http://www.opengis.net/ogc"><ogc:PropertyIsEqualTo>
1140+
<ogc:PropertyName>pkuid</ogc:PropertyName>
1141+
<ogc:Literal>7</ogc:Literal>
1142+
</ogc:PropertyIsEqualTo></ogc:Filter></wfs:Query></wfs:GetFeature>""".format(xml_ns=XML_NS)
1143+
1144+
# should be one result
1145+
response, headers = self._post_fullaccess(data)
1146+
self.assertTrue(
1147+
str(response).find("<qgs:pk>") != -1,
1148+
"No result in GetFeature\n%s" % response)
1149+
self.assertTrue(
1150+
str(response).find("<qgs:pk>7</qgs:pk>") != -1,
1151+
"Feature with pkuid=7 not found in GetFeature\n%s" % response)
1152+
1153+
response, headers = self._post_restricted(data)
1154+
self.assertTrue(
1155+
str(response).find("<qgs:pk>") != -1,
1156+
"No result in GetFeature\n%s" % response)
1157+
self.assertTrue(
1158+
str(response).find("<qgs:pk>7</qgs:pk>") != -1,
1159+
"Feature with pkuid=7 not found in GetFeature, has been incorrectly filtered out by access controls\n%s" % response)
1160+
1161+
def test_wfs_getfeature_project_subsetstring2(self):
1162+
"""Tests access control with a subset string already applied to a layer in a project
1163+
'Hello_Project_SubsetString' layer has a subsetString of "pkuid in (7,8)"
1164+
This test checks for a feature which should be filtered out by access controls
1165+
"""
1166+
data = """<?xml version="1.0" encoding="UTF-8"?>
1167+
<wfs:GetFeature {xml_ns}>
1168+
<wfs:Query typeName="Hello_Project_SubsetString" srsName="EPSG:3857" xmlns:feature="http://www.qgis.org/gml">
1169+
<ogc:Filter xmlns:ogc="http://www.opengis.net/ogc"><ogc:PropertyIsEqualTo>
1170+
<ogc:PropertyName>pkuid</ogc:PropertyName>
1171+
<ogc:Literal>8</ogc:Literal>
1172+
</ogc:PropertyIsEqualTo></ogc:Filter></wfs:Query></wfs:GetFeature>""".format(xml_ns=XML_NS)
1173+
1174+
# should be one result
1175+
response, headers = self._post_fullaccess(data)
1176+
self.assertTrue(
1177+
str(response).find("<qgs:pk>") != -1,
1178+
"No result in GetFeature\n%s" % response)
1179+
self.assertTrue(
1180+
str(response).find("<qgs:pk>8</qgs:pk>") != -1,
1181+
"Feature with pkuid=8 not found in GetFeature\n%s" % response)
1182+
1183+
response, headers = self._post_restricted(data)
1184+
self.assertFalse(
1185+
str(response).find("<qgs:pk>") != -1,
1186+
"Feature with pkuid=8 was found in GetFeature, but should have been filtered out by access controls\n%s" % response)
1187+
1188+
def test_wfs_getfeature_project_subsetstring3(self):
1189+
"""Tests access control with a subset string already applied to a layer in a project
1190+
'Hello_Project_SubsetString' layer has a subsetString of "pkuid in (7,8)"
1191+
This test checks for a features which should be filtered out by project subsetStrings.
1192+
Eg pkuid 6 passes the access control checks, but should not be shown because of project layer subsetString
1193+
"""
1194+
data = """<?xml version="1.0" encoding="UTF-8"?>
1195+
<wfs:GetFeature {xml_ns}>
1196+
<wfs:Query typeName="Hello_Project_SubsetString" srsName="EPSG:3857" xmlns:feature="http://www.qgis.org/gml">
1197+
<ogc:Filter xmlns:ogc="http://www.opengis.net/ogc"><ogc:PropertyIsEqualTo>
1198+
<ogc:PropertyName>pkuid</ogc:PropertyName>
1199+
<ogc:Literal>6</ogc:Literal>
1200+
</ogc:PropertyIsEqualTo></ogc:Filter></wfs:Query></wfs:GetFeature>""".format(xml_ns=XML_NS)
1201+
1202+
# should be no results, since pkuid 1 should be filtered out by project subsetString
1203+
response, headers = self._post_fullaccess(data)
1204+
self.assertTrue(
1205+
str(response).find("<qgs:pk>") == -1,
1206+
"Project based layer subsetString not respected in GetFeature\n%s" % response)
1207+
1208+
response, headers = self._post_restricted(data)
1209+
self.assertFalse(
1210+
str(response).find("<qgs:pk>") != -1,
1211+
"Project based layer subsetString not respected in GetFeature with restricted access\n%s" % response)
1212+
9831213
def _handle_request(self, restricted, *args):
9841214
accesscontrol._active = restricted
9851215
result = self._result(server.handleRequest(*args))

‎tests/testdata/qgis_server_accesscontrol/_helloworld.db

0 Bytes
Binary file not shown.

‎tests/testdata/qgis_server_accesscontrol/helloworld.db

0 Bytes
Binary file not shown.

‎tests/testdata/qgis_server_accesscontrol/project.qgs

Lines changed: 476 additions & 933 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)
Please sign in to comment.