From 8cba95c2d74194f3cfc212cd5bbe04ad5b29b00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com> Date: Mon, 14 Jan 2008 14:12:46 +0000 Subject: [PATCH] Tests that interaction workflow methods are protected with "Access content information", unless we wrap a method that was already protected. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18686 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5/tests/testInteractionWorkflow.py | 63 ++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) diff --git a/product/ERP5/tests/testInteractionWorkflow.py b/product/ERP5/tests/testInteractionWorkflow.py index 22b02dcb63..a1c3415fbb 100644 --- a/product/ERP5/tests/testInteractionWorkflow.py +++ b/product/ERP5/tests/testInteractionWorkflow.py @@ -30,8 +30,8 @@ import unittest from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.Base import _aq_reset -from Products.ERP5.Document.Organisation import Organisation from AccessControl.SecurityManagement import newSecurityManager +import Products.ERP5Type class TestInteractionWorkflow(ERP5TypeTestCase): @@ -50,6 +50,14 @@ class TestInteractionWorkflow(ERP5TypeTestCase): def afterSetUp(self): self.login() + def beforeTearDown(self): + Organisation = Products.ERP5Type.Document.Organisation.Organisation + Organisation.security.names.pop('doSomethingStupid', None) + if hasattr(Organisation, 'doSomethingStupid'): + delattr(Organisation, 'doSomethingStupid') + if hasattr(Organisation, 'doSomethingStupid__roles__'): + delattr(Organisation, 'doSomethingStupid__roles__') + def login(self, quiet=0): uf = self.getPortal().acl_users uf._doAddUser('seb', '', ['Manager'], []) @@ -61,6 +69,7 @@ class TestInteractionWorkflow(ERP5TypeTestCase): """ """ self.setDescription(value) + Organisation = Products.ERP5Type.Document.Organisation.Organisation Organisation.doSomethingStupid = doSomethingStupid portal_type = self.getTypeTool()['Organisation'] portal_type.base_category_list = ['size'] @@ -501,6 +510,58 @@ context.setDescription('%s,%s,%s' % (d, args, result)) self.assertEquals(len(call_list), 3) + def test_security(self): + # wrapping a method in an interaction workflow adds a default security to + # this method if the method does not exists. + self.createInteractionWorkflow() + self.interaction.setProperties( + 'default', + method_id='nonExistantMethod', + after_script_name=('afterEdit',)) + self.script.ZPythonScript_edit('sci', '') + self.createData() + # the default security is "Access contents information" + self.organisation.manage_permission( + 'Access contents information', ['Role1'], 0) + self.assertEquals(self.organisation.nonExistantMethod__roles__, + ('Role1',)) + + def test_security_defined(self): + # wrapping a method in an interaction workflow adds a default security to + # this method, but does not override existing security definition + self.createInteractionWorkflow() + self.interaction.setProperties( + 'default', + method_id='setDescription', + after_script_name=('afterEdit',)) + self.script.ZPythonScript_edit('sci', '') + self.createData() + # This rely on the fact that 'setDescription' is protected with 'Modify + # portal content' + self.organisation.manage_permission( + 'Modify portal content', ['Role2'], 0) + self.assertEquals(self.organisation.setDescription__roles__, + ('Role2',)) + + def test_security_defined_on_class(self): + # wrapping a method in an interaction workflow adds a default security to + # this method, but does not override existing security definition (defined + # on the class) + Organisation = Products.ERP5Type.Document.Organisation.Organisation + Organisation.security.declarePrivate('doSomethingStupid') + Organisation.security.apply(Organisation) + + self.createInteractionWorkflow() + self.interaction.setProperties( + 'default', + method_id='doSomethingStupid', + after_script_name=('afterEdit',)) + self.script.ZPythonScript_edit('sci', '') + self.createData() + + self.assertEquals(self.organisation.doSomethingStupid__roles__, ()) + + def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(TestInteractionWorkflow)) -- 2.30.9