From bcde640d3ef0efcf1285dfba14a79b7c1082befb Mon Sep 17 00:00:00 2001
From: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
Date: Fri, 6 Nov 2009 14:22:28 +0000
Subject: [PATCH] add a test to check if PropertyTypeValidity (that is enabled
 everywhere) works fine if property is not accessible by user (eg.
 source_title property in Arrow property sheet is not accessible if source
 value is not accessible). Currently this test raises Unauthorized error, and
 will be fixed later.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@30373 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Type/tests/testConstraint.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/product/ERP5Type/tests/testConstraint.py b/product/ERP5Type/tests/testConstraint.py
index 3544cd8ecb..704156ce03 100644
--- a/product/ERP5Type/tests/testConstraint.py
+++ b/product/ERP5Type/tests/testConstraint.py
@@ -58,6 +58,12 @@ class TestConstraint(PropertySheetTestCase):
     user = uf.getUserById('rc').__of__(uf)
     newSecurityManager(None, user)
 
+  def stepLoginAsAssignee(self, sequence=None, sequence_list=None, **kw):
+    uf = self.getPortal().acl_users
+    uf._doAddUser('member', '', ['Member', 'Assignee'], [])
+    user = uf.getUserById('member').__of__(uf)
+    newSecurityManager(None, user)
+
   def afterSetUp(self):
     self.login()
     self.portal = self.getPortal()
@@ -65,6 +71,7 @@ class TestConstraint(PropertySheetTestCase):
     self.createCategories()
 
   def beforeTearDown(self):
+    self.login()
     transaction.abort()
     module = self.portal.organisation_module
     module.manage_delObjects(list(module.objectIds()))
@@ -1432,6 +1439,22 @@ class TestConstraint(PropertySheetTestCase):
     self.assertEquals('Attribute title does not match',
                   str(message.getTranslatedMessage()))
 
+  def test_PropertyTypeValidityWithUnauthorizedCategory(self):
+    person = self.portal.person_module.newContent(portal_type='Person')
+    assignment = person.newContent(portal_type='Assignment')
+    self.assertEquals([], person.checkConsistency())
+    group3 = self.category_tool.restrictedTraverse(
+      'group/testGroup3', self.category_tool.group.newContent(
+      portal_type='Category',
+      id='testGroup3'))
+    group3.manage_permission('Access contents information', ['Manager'], 0)
+    assignment.setSourceValue(group3)
+    # Manager can access testGroup3
+    self.assertEquals([], person.checkConsistency())
+    self.stepLoginAsAssignee()
+    # Assignee cannot access testGroup3
+    self.assertEquals([], person.checkConsistency())
+
 def test_suite():
   suite = unittest.TestSuite()
   suite.addTest(unittest.makeSuite(TestConstraint))
-- 
GitLab