Commit 4f5bbf7d authored by Romain Courteaud's avatar Romain Courteaud

Check that only manager has access to the tool.

Tool is provided by erp5 bt5.
parent 0c48bf53
...@@ -22,11 +22,20 @@ class TestSlapOSGroupRoleSecurityMixin(testSlapOSMixin): ...@@ -22,11 +22,20 @@ class TestSlapOSGroupRoleSecurityMixin(testSlapOSMixin):
return [x['name'] for x in context.permissionsOfRole(role) \ return [x['name'] for x in context.permissionsOfRole(role) \
if x['selected'] == 'SELECTED'] if x['selected'] == 'SELECTED']
def _acquirePermissions(self, context):
return [x['name'] for x in context.permission_settings() \
if x['acquire'] == 'CHECKED']
def assertPermissionsOfRole(self, context, role, permission_list): def assertPermissionsOfRole(self, context, role, permission_list):
self.assertSameSet( self.assertSameSet(
permission_list, permission_list,
self._permissionsOfRole(context, role)) self._permissionsOfRole(context, role))
def assertAcquiredPermissions(self, context, permission_list):
self.assertSameSet(
permission_list,
self._acquirePermissions(context))
def assertSecurityGroup(self, context, security_group_list, acquired): def assertSecurityGroup(self, context, security_group_list, acquired):
self.assertEquals(acquired, context._getAcquireLocalRoles()) self.assertEquals(acquired, context._getAcquireLocalRoles())
self.assertSameSet( self.assertSameSet(
...@@ -1468,3 +1477,19 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin): ...@@ -1468,3 +1477,19 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
self.assertRoles(product, 'G-COMPANY', ['Assignor']) self.assertRoles(product, 'G-COMPANY', ['Assignor'])
self.assertRoles(product, shadow_reference, ['Assignee']) self.assertRoles(product, shadow_reference, ['Assignee'])
self.assertRoles(product, self.user_id, ['Owner']) self.assertRoles(product, self.user_id, ['Owner'])
class TestSecurePaymentTool(TestSlapOSGroupRoleSecurityMixin):
def test_no_permissions_for_users(self):
tool = self.portal.portal_secure_payments
self.assertPermissionsOfRole(tool, 'Anonymous', [])
self.assertPermissionsOfRole(tool, 'Assignee', [])
self.assertPermissionsOfRole(tool, 'Assignor', [])
self.assertPermissionsOfRole(tool, 'Associate', [])
self.assertPermissionsOfRole(tool, 'Auditor', [])
self.assertPermissionsOfRole(tool, 'Authenticated', [])
self.assertPermissionsOfRole(tool, 'Author', [])
self.assertPermissionsOfRole(tool, 'Member', [])
self.assertPermissionsOfRole(tool, 'Owner', [])
self.assertPermissionsOfRole(tool, 'Reviewer', [])
self.assertAcquiredPermissions(tool, [])
149 150
\ No newline at end of file \ No newline at end of file
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Secure Payment Tool" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_count</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_mt_index</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>_tree</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>portal_secure_payments</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="Length" module="BTrees.Length"/>
</pickle>
<pickle> <int>0</int> </pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
<record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
</ZopeData>
93 94
\ No newline at end of file \ No newline at end of file
portal_secure_payments
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment