Commit 5f7ee128 authored by Ivan Tyagov's avatar Ivan Tyagov

Make it possible to show a login form to user in case user can't find a...

Make it possible to show a login form to user in case user can't find a document by its reference in URL traversal.
Introduce a new property of Web Section for that purpose.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@21026 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 4d5d236c
......@@ -308,6 +308,17 @@ class PermanentURLMixIn(ExtensibleTraversableMixIn):
original_id=document.getId(),
editable_absolute_url=document.absolute_url()))
return document.__of__(self)
# no document found for current user, still such document may exists
# in some cases user (like Anonymous) can not view document according to portal catalog
# but we may ask him to login if such a document exists
# XXX: make sure document exists
if getattr(self, 'isAuthorizationForced', None) is not None:
if self.isAuthorizationForced():
# force user to login as specified in Web Section
raise Unauthorized
else:
# force user to login unconditionally of context
raise Unauthorized
security.declareProtected(Permissions.View, 'getDocumentValue')
def getDocumentValue(self, name=None, portal=None, **kw):
......
......@@ -74,6 +74,11 @@ class WebSection:
'acquisition_accessor_id' : 'getLayoutConfigurationFormId',
'acquisition_depends' : None,
'mode' : '' },
{ 'id' : 'authorization_forced',
'description' : 'Force authorization for anonymous user if document can not be found.',
'type' : 'boolean',
'default': 0,
'mode' : 'rw' },
)
_categories = ('aggregate', )
......
......@@ -30,6 +30,7 @@
import os
import unittest
from AccessControl import Unauthorized
from AccessControl.SecurityManagement import newSecurityManager
from Testing import ZopeTestCase
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
......@@ -314,6 +315,54 @@ class TestERP5Web(ERP5TypeTestCase, ZopeTestCase.Functional):
self.assertEquals('0.2', default_document.getVersion())
self.assertEquals('published', default_document.getValidationState())
def test_06_WebSectionAuthorizationForced(self, quiet=quiet, run=run_all_test):
""" Check that when a document is requested within a Web Section we have a chance to
require user to login.
Whether or not an user will login is controlled by a property on Web Section (authorization_forced).
"""
if not run:
return
if not quiet:
message = '\ntest_06_WebSectionAuthorizationForced'
ZopeTestCase._print(message)
request = self.app.REQUEST
website = self.setupWebSite()
websection = self.setupWebSection()
webpage_list = self.setupWebSitePages(prefix = 'test-web-page')
webpage = webpage_list[0]
document_reference = 'default-document-reference'
document = self.portal.web_page_module.newContent(
portal_type = 'Web Page',
reference = document_reference)
website.setAuthorizationForced(0)
websection.setAuthorizationForced(0)
get_transaction().commit()
self.tic()
# make sure that _getExtensibleContent will return the same document
# there's not other way to test otherwise URL traversal
self.assertEqual(document.getUid(),
websection._getExtensibleContent(request, document_reference).getUid())
# Anonymous User should have in the request header for not found when
# viewing non available document in Web Section (with no authorization_forced)
self.logout()
self.assertEqual(None, websection._getExtensibleContent(request, document_reference))
self.assertEqual('404 Not Found', request.RESPONSE.getHeader('status'))
# Anonymous user should be prompted to login when viewing non available document
# contained in a Web Page (like ..web_page_module/1/<document_reference>)
self.assertRaises(Unauthorized, webpage._getExtensibleContent, request, document_reference)
# set authorization_forced flag
self.login()
websection.setAuthorizationForced(1)
# check Unauthorized exception is raised for anonymous
# this exception is usually caught and user is redirecetd to login form
self.logout()
self.assertRaises(Unauthorized, websection._getExtensibleContent, request, document_reference)
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestERP5Web))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment