Commit e695947f authored by Arnaud Fontaine's avatar Arnaud Fontaine

ZODB Components: Only Manager or Developer Role should be able to access...

ZODB Components: Only Manager or Developer Role should be able to access Component Tools and Components.
parent 5df5fcf7
...@@ -82,12 +82,12 @@ class ComponentTool(BaseTool): ...@@ -82,12 +82,12 @@ class ComponentTool(BaseTool):
permission_function = lambda self: ('Manager',) permission_function = lambda self: ('Manager',)
elif permission_name in ('Change permissions', 'Define permissions'): elif permission_name in ('Change permissions', 'Define permissions'):
permission_function = lambda self: () permission_function = lambda self: ()
elif not (permission_name.startswith('Access ') or elif (permission_name.startswith('Access ') or
permission_name.startswith('View') or permission_name.startswith('View') or
permission_name.startswith('WebDAV')): permission_name == 'WebDAV access'):
permission_function = lambda self: ('Developer',) permission_function = lambda self: ('Developer', 'Manager')
else: else:
continue permission_function = lambda self: ('Developer',)
setattr(cls, pname(permission_name), property(permission_function)) setattr(cls, pname(permission_name), property(permission_function))
......
...@@ -1856,6 +1856,12 @@ def bar(*args, **kwargs): ...@@ -1856,6 +1856,12 @@ def bar(*args, **kwargs):
self.tic() self.tic()
# Anonymous should not even be able to view/access Component Tool
self.failIfUserCanViewDocument(None, self._component_tool)
self.failIfUserCanAccessDocument(None, self._component_tool)
self.failIfUserCanViewDocument(None, component)
self.failIfUserCanAccessDocument(None, component)
user_id = 'ERP5TypeTestCase' user_id = 'ERP5TypeTestCase'
self.assertUserCanChangeLocalRoles(user_id, self._component_tool) self.assertUserCanChangeLocalRoles(user_id, self._component_tool)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment