Commit 28e6be5a authored by Tristan Cavelier's avatar Tristan Cavelier

erp5_ui_test_core: increase script call restriction and add Manager proxy role to two scripts

for Zuite_addTest and Zuite_addZuite:
- protect from URL call
- protect from calling outside Test Tool context
- add Manager proxy role

for Zuite_addZuite:
- protect from None zuite_id
- protect from zuite meta type != ERP5 Test Tool
parent 8d5f36e3
...@@ -55,6 +55,11 @@ ...@@ -55,6 +55,11 @@
"""\n """\n
Include a page template contains a into a Zuite\n Include a page template contains a into a Zuite\n
"""\n """\n
if REQUEST:\n
raise RuntimeError("You can not call this script from the URL")\n
\n
assert context.getPortalType() == "Test Tool", "bad context"\n
\n
if test_id is None or test_id == \'\':\n if test_id is None or test_id == \'\':\n
test_id = \'\'.join(list(filter(lambda a: a not in ["\'",\'_\', \'-\',\'.\',\' \',\'~\', \':\', \'/\', \'?\', \'#\', \'[\', \']\', \'@\', \'!\', \'$\', \'&\', \'(\', \')\', \'*\',\'+\',\';\',\'=\'], title)))\n test_id = \'\'.join(list(filter(lambda a: a not in ["\'",\'_\', \'-\',\'.\',\' \',\'~\', \':\', \'/\', \'?\', \'#\', \'[\', \']\', \'@\', \'!\', \'$\', \'&\', \'(\', \')\', \'*\',\'+\',\';\',\'=\'], title)))\n
\n \n
...@@ -74,7 +79,15 @@ return test\n ...@@ -74,7 +79,15 @@ return test\n
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>test_id, title, text</string> </value> <value> <string>test_id, title, text, REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
......
...@@ -53,11 +53,21 @@ ...@@ -53,11 +53,21 @@
<value> <string>"""\n <value> <string>"""\n
Create a zuite or return an existing one after remove his contents.\n Create a zuite or return an existing one after remove his contents.\n
"""\n """\n
assert context.getPortalType() == "Test Tool", "bad context"\n
if REQUEST:\n
raise RuntimeError("You can not call this script from the URL")\n
\n
if zuite_id is None:\n
raise ValueError("Zuite_id cannot be None!")\n
\n
if zuite_id not in context.objectIds():\n if zuite_id not in context.objectIds():\n
factory = context.portal_tests.manage_addProduct[\'Zelenium\']\n factory = context.portal_tests.manage_addProduct[\'Zelenium\']\n
factory.manage_addZuite(id=zuite_id)\n factory.manage_addZuite(id=zuite_id)\n
\n \n
zuite = getattr(context.portal_tests, zuite_id, None)\n zuite = getattr(context.portal_tests, zuite_id)\n
if zuite.getMetaType() != "ERP5 Test Tool":\n
raise ValueError("Zuite is not a ERP5 Test Tool")\n
\n
zuite.manage_delObjects(zuite.objectIds())\n zuite.manage_delObjects(zuite.objectIds())\n
\n \n
return zuite\n return zuite\n
...@@ -65,7 +75,21 @@ return zuite\n ...@@ -65,7 +75,21 @@ return zuite\n
</item> </item>
<item> <item>
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string>zuite_id</string> </value> <value> <string>zuite_id, REQUEST=None</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<none/>
</value>
</item> </item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment