From d2ad86d2fe897ad83ffd1e13f3979de1ceadaf08 Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Tue, 10 Jan 2023 17:44:06 +0530
Subject: [PATCH] test: Add tests for permlevel handing in get_list

---
 frappe/tests/test_db_query.py | 174 +++++++++++++++++++++++++---------
 1 file changed, 127 insertions(+), 47 deletions(-)

diff --git a/frappe/tests/test_db_query.py b/frappe/tests/test_db_query.py
index 1964792ea8..4821e11665 100644
--- a/frappe/tests/test_db_query.py
+++ b/frappe/tests/test_db_query.py
@@ -1,6 +1,7 @@
 # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
 # License: MIT. See LICENSE
 import datetime
+from contextlib import contextmanager
 
 import frappe
 from frappe.core.page.permission_manager.permission_manager import add, reset, update
@@ -16,6 +17,32 @@ from frappe.utils.testutils import add_custom_field, clear_custom_fields
 test_dependencies = ["User", "Blog Post", "Blog Category", "Blogger"]
 
 
+@contextmanager
+def setup_test_user(set_user=False):
+	test_user = frappe.get_doc("User", "test@example.com")
+	user_roles = frappe.get_roles()
+	test_user.remove_roles(*user_roles)
+	test_user.add_roles("Blogger")
+
+	if set_user:
+		frappe.set_user(test_user.name)
+
+	yield test_user
+
+	test_user.remove_roles("Blogger")
+	test_user.add_roles(*user_roles)
+
+
+@contextmanager
+def setup_patched_blog_post():
+	add_child_table_to_blog_post()
+	make_property_setter("Blog Post", "published", "permlevel", 1, "Int")
+	reset("Blog Post")
+	add("Blog Post", "Website Manager", 1)
+	update("Blog Post", "Website Manager", 1, "write", 1)
+	yield
+
+
 class TestReportview(FrappeTestCase):
 	def setUp(self):
 		frappe.set_user("Administrator")
@@ -728,67 +755,120 @@ class TestReportview(FrappeTestCase):
 		self.assertEqual(users_unedited[0].modified, users_unedited[0].creation)
 		self.assertNotEqual(users_edited[0].modified, users_edited[0].creation)
 
-	def test_reportview_get(self):
-		user = frappe.get_doc("User", "test@example.com")
-		add_child_table_to_blog_post()
+	def test_permlevel_fields(self):
+		with setup_patched_blog_post(), setup_test_user(set_user=True):
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "published"], limit=1
+			)
+			self.assertFalse("published" in data[0])
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		user_roles = frappe.get_roles()
-		user.remove_roles(*user_roles)
-		user.add_roles("Blogger")
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "`published`"], limit=1
+			)
+			self.assertFalse("published" in data[0])
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		make_property_setter("Blog Post", "published", "permlevel", 1, "Int")
-		reset("Blog Post")
-		add("Blog Post", "Website Manager", 1)
-		update("Blog Post", "Website Manager", 1, "write", 1)
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "`tabBlog Post`.`published`"], limit=1
+			)
+			self.assertFalse("published" in data[0])
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		frappe.set_user(user.name)
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "`tabTest Child`.`test_field`"], limit=1
+			)
+			self.assertFalse("test_field" in data[0])
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		frappe.local.request = frappe._dict()
-		frappe.local.request.method = "POST"
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "MAX(`published`)"], limit=1
+			)
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		frappe.local.form_dict = frappe._dict(
-			{
-				"doctype": "Blog Post",
-				"fields": ["published", "title", "`tabTest Child`.`test_field`"],
-			}
-		)
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "LAST(published)"], limit=1
+			)
+			self.assertTrue("name" in data[0])
+			self.assertEqual(len(data[0]), 1)
 
-		# even if * is passed, fields which are not accessible should be filtered out
-		response = execute_cmd("frappe.desk.reportview.get")
-		self.assertListEqual(response["keys"], ["title"])
-		frappe.local.form_dict = frappe._dict(
-			{
-				"doctype": "Blog Post",
-				"fields": ["*"],
-			}
-		)
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "MAX(`modified`)"], limit=1
+			)
+			self.assertEqual(len(data[0]), 2)
 
-		response = execute_cmd("frappe.desk.reportview.get")
-		self.assertNotIn("published", response["keys"])
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "now() abhi"], limit=1
+			)
+			self.assertIsInstance(data[0]["abhi"], datetime.datetime)
+			self.assertEqual(len(data[0]), 2)
 
-		frappe.set_user("Administrator")
-		user.add_roles("Website Manager")
-		frappe.set_user(user.name)
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "'LABEL'"], limit=1
+			)
+			self.assertTrue("name" in data[0])
+			self.assertTrue("LABEL" in data[0])
+			self.assertEqual(len(data[0]), 2)
 
-		frappe.set_user("Administrator")
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "COUNT(*) as count"], limit=1
+			)
+			self.assertTrue("count" in data[0])
+			self.assertEqual(len(data[0]), 2)
 
+			data = frappe.get_list(
+				"Blog Post", filters={"published": 1}, fields=["name", "COUNT(*) count"], limit=1
+			)
+			self.assertTrue("count" in data[0])
+			self.assertEqual(len(data[0]), 2)
+
+	def test_reportview_get_permlevel_system_users(self):
+		with setup_patched_blog_post(), setup_test_user(set_user=True):
+			frappe.local.request = frappe._dict()
+			frappe.local.request.method = "POST"
+			frappe.local.form_dict = frappe._dict(
+				{
+					"doctype": "Blog Post",
+					"fields": ["published", "title", "`tabTest Child`.`test_field`"],
+				}
+			)
+
+			# even if * is passed, fields which are not accessible should be filtered out
+			response = execute_cmd("frappe.desk.reportview.get")
+			self.assertListEqual(response["keys"], ["title"])
+			frappe.local.form_dict = frappe._dict(
+				{
+					"doctype": "Blog Post",
+					"fields": ["*"],
+				}
+			)
+
+			response = execute_cmd("frappe.desk.reportview.get")
+			self.assertNotIn("published", response["keys"])
+
+	def test_reportview_get_admin(self):
 		# Admin should be able to see access all fields
-		frappe.local.form_dict = frappe._dict(
-			{
-				"doctype": "Blog Post",
-				"fields": ["published", "title", "`tabTest Child`.`test_field`"],
-			}
-		)
-
-		response = execute_cmd("frappe.desk.reportview.get")
-		self.assertListEqual(response["keys"], ["published", "title", "test_field"])
-
-		# reset user roles
-		user.remove_roles("Blogger", "Website Manager")
-		user.add_roles(*user_roles)
+		with setup_patched_blog_post():
+			frappe.local.request = frappe._dict()
+			frappe.local.request.method = "POST"
+			frappe.local.form_dict = frappe._dict(
+				{
+					"doctype": "Blog Post",
+					"fields": ["published", "title", "`tabTest Child`.`test_field`"],
+				}
+			)
+			response = execute_cmd("frappe.desk.reportview.get")
+			self.assertListEqual(response["keys"], ["published", "title", "test_field"])
 
 	def test_reportview_get_aggregation(self):
 		# test aggregation based on child table field
+		frappe.local.request = frappe._dict()
+		frappe.local.request.method = "POST"
 		frappe.local.form_dict = frappe._dict(
 			{
 				"doctype": "DocType",