From 4f275edf6d4488a0a0f7d3bfbfc74977eed05b50 Mon Sep 17 00:00:00 2001
From: Nicolas Delaby <nicolas@nexedi.com>
Date: Fri, 8 Feb 2008 12:46:34 +0000
Subject: [PATCH] Test Security Cataloging with ERP5Security

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@19173 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Catalog/tests/testERP5Catalog.py | 67 ++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/product/ERP5Catalog/tests/testERP5Catalog.py b/product/ERP5Catalog/tests/testERP5Catalog.py
index ef0c01fd42..08bf2b7ede 100644
--- a/product/ERP5Catalog/tests/testERP5Catalog.py
+++ b/product/ERP5Catalog/tests/testERP5Catalog.py
@@ -1708,6 +1708,73 @@ class TestERP5Catalog(ERP5TypeTestCase, LogInterceptor):
                                              local_roles='Assignee')[0][0])
 
 
+  def test_50_bis_LocalRolesArgumentWithERP5Security(self, quiet=quiet, run=run_all_test):
+    """test local_roles= argument with ERP5Security
+    """
+    if not run: return
+    if not quiet:
+      message = 'local_roles= argument with ERP5Security'
+      ZopeTestCase._print('\n%s ' % message)
+      LOG('Testing... ',0,message)
+    login = PortalTestCase.login
+    #Testing Security By ERP5Security Role Generation
+    #Create Categories and PortalType RoleInformation
+    self.login()
+    folder = self.getOrganisationModule()
+    ob1 = folder.newContent(title='Object Title')
+    ob2 = folder.newContent(title='Object Title')
+    ob2.manage_addLocalRoles('bob', ['Assignee'])
+    cat_tool = self.getPortal().portal_categories
+    cat_tool.group.newContent(id='company', portal_type='Category')
+    cat_tool.function.newContent(id='employee', portal_type='Category')
+
+    from Products.ERP5Type.RoleInformation import RoleInformation
+    role_auditor_inf = RoleInformation(id='Auditor',
+                                        title='Auditor',
+                                        category=('group/company',))
+    role_assignee_inf = RoleInformation(id='Assignee',
+                                        title='Assignee',
+                                        category=('group/company',
+                                                  'function/employee',))
+
+    pt = self.getPortal().portal_types.Organisation
+    pt._roles = (role_auditor_inf, role_assignee_inf)
+
+    uf = self.getPortal().acl_users
+    uf._doAddUser('bob', '', ['Member'], [])
+    get_transaction().commit()
+    self.tic()
+    #Now Update Security
+    ob1.updateLocalRolesOnSecurityGroups()
+    ob1.manage_permission('View', ['Auditor', 'Assignor'], 0)
+    ob1.reindexObject()
+    #Remove Roles On Organisation Portal Type
+    pt._roles = ()
+    get_transaction().commit()
+    self.tic()
+    login(self, 'bob')
+    ctool = self.getCatalogTool()
+    user = getSecurityManager().getUser()
+    user._groups.update({'company':1,
+                         'employee_company':1})
+    self.assertTrue(user.has_permission('View', ob1))
+    self.assertTrue(user.has_role('Auditor', ob1))
+    self.assertTrue(user.has_role('Assignee', ob1))
+    self.assertFalse(user.has_role('Assignor', ob1))
+    from AccessControl.PermissionRole import rolesForPermissionOn
+    self.assertTrue('Assignee' not in rolesForPermissionOn('View', ob1))
+    self.assertEquals(2, len(ctool(title='Object Title',
+                                   local_roles='Assignee')))
+    self.assertEquals(2,
+                ctool.countResults(title='Object Title',
+                                   local_roles='Assignee')[0][0])
+
+    # this also work for searchFolder and countFolder
+    self.assertEquals(2, len(folder.searchFolder(title='Object Title',
+                                             local_roles='Assignee')))
+    self.assertEquals(2, folder.countFolder(title='Object Title',
+                                             local_roles='Assignee')[0][0])
+
   def test_51_SearchWithKeyWords(self, quiet=quiet, run=run_all_test):
     if not run: return
     if not quiet:
-- 
2.30.9