slapos_erp5: Don't set local roles if the Person isn't a real user.

Check if the user has a login subobject before set local roles on the user. Reference is never None.

slapos_erp5: Don't set local roles if the Person isn't a real user.
Check if the user has a login subobject before set local roles on the user. Reference is never None.
a4e218ee · Rafael Monnerat · def4fc25 · a4e218ee · a4e218ee · a4e218ee
Commit a4e218ee authored Oct 02, 2017 by Rafael Monnerat
6 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Person.xml
@@ -7,14 +7,14 @@
  <role id='Auditor'>
   <property id='title'>The Shadow User Himself</property>
   <property id='description'>Monovalued role</property>
-   <property id='condition'>python: here.getReference('') != ''</property>
+   <property id='condition'>python: here.objectValues(portal_type=["ERP5 Login", "Google Login", "Facebook Login"])</property>
   <property id='base_category_script'>PersonType_getSecurityCategoryFromSelfShadow</property>
   <multi_property id='base_category'>group</multi_property>
  </role>
  <role id='Associate'>
   <property id='title'>The User Himself</property>
   <property id='description'>Monovalued role</property>
-   <property id='condition'>python: here.getReference('') != ''</property>
+   <property id='condition'>python: here.objectValues(portal_type=["ERP5 Login", "Google Login", "Facebook Login"])</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromSelf</property>
   <multi_property id='base_category'>group</multi_property>
  </role>

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -495,13 +495,12 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(person, 'G-COMPANY', ['Assignor'])
    self.assertRoles(person, self.user_id, ['Owner'])
-  def test_TheUserHimself(self):
+  def test_TheUserHimself(self, login_portal_type="ERP5 Login"):
-    reference = 'TESTPERSON-%s' % self.generateNewId()
+    person = self.portal.person_module.newContent(portal_type='Person')
-    person = self.portal.person_module.newContent(portal_type='Person',
+    person.newContent(portal_type=login_portal_type)
-        reference=reference)
    person.updateLocalRolesOnSecurityGroups()
-    shadow_reference = 'SHADOW-%s' % reference
+    shadow_reference = 'SHADOW-%s' % person.getUserId()
    self.assertSecurityGroup(person,
        ['G-COMPANY', self.user_id, person.getUserId(), shadow_reference], False)
    self.assertRoles(person, 'G-COMPANY', ['Assignor'])
@@ -509,6 +508,13 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(person, shadow_reference, ['Auditor'])
    self.assertRoles(person, self.user_id, ['Owner'])
+  # XXX Uncommment once facebook and google login be merged.
+  # def test_TheUserHimself_Facebook(self):
+  #   self.test_TheUserHimself(login_portal_type="Facebook Login")
+  # def test_TheUserHimself_Google(self):
+  #   self.test_TheUserHimself(login_portal_type="Google Login")
 class TestPersonModule(TestSlapOSGroupRoleSecurityMixin):
  def test(self):
    module = self.portal.person_module

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5LocalPermissionSlapOSInteractionWorkflow.py
@@ -141,12 +141,24 @@ class TestSlapOSLocalPermissionSlapOSInteractionWorkflow(
        False)
  def test_Person_setReference(self):
+    # Due the change of security the interaction workflow don't trigger
+    # updateLocalRolesOnSecurityGroups.
    person = self.portal.person_module.newContent(portal_type='Person')
    self.assertSecurityGroup(person, [self.user_id, 'G-COMPANY'], False)
    person.edit(reference='TESTPER-%s' % self.generateNewId())
    transaction.commit()
+    self.assertSecurityGroup(person, [self.user_id, 'G-COMPANY'], False)
+  def test_Person_newContent(self):
+    person = self.portal.person_module.newContent(portal_type='Person')
+    self.assertSecurityGroup(person, [self.user_id, 'G-COMPANY'], False)
+    person.newContent(portal_type="ERP5 Login")
+    transaction.commit()
    self.assertSecurityGroup(person, [self.user_id, 'G-COMPANY',
        person.getUserId(), 'SHADOW-%s' % person.getReference()], False)

--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interactions/Person_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interactions/Person_edit.xml
@@ -52,13 +52,13 @@
        </item>
        <item>
            <key> <string>id</string> </key>
-            <value> <string>Person_edit</string> </value>
+            <value> <string>Person_newContent</string> </value>
        </item>
        <item>
            <key> <string>method_id</string> </key>
            <value>
              <list>
-                <string>_setReference</string>
+                <string>newContent</string>
              </list>
            </value>
        </item>
@@ -74,6 +74,12 @@
              </list>
            </value>
        </item>
+        <item>
+            <key> <string>portal_type_group_filter</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
        <item>
            <key> <string>script_name</string> </key>
            <value>

--- a/master/bt5/slapos_web/TestTemplateItem/portal_components/test.erp5.testSlapOSWebSkins.py
+++ b/master/bt5/slapos_web/TestTemplateItem/portal_components/test.erp5.testSlapOSWebSkins.py
@@ -37,23 +37,6 @@ from DateTime import DateTime
 class SlapOSWebMixin(testSlapOSMixin, SecurityTestCase):
-  def createPerson(self):
-    person_user = self.portal.person_module.template_member.\
-                                 Base_createCloneDocument(batch_mode=1)
-    person_user.edit(
-      title="live_test_%s" % self.new_id,
-      reference="live_test_%s" % self.new_id,
-      default_email_text="live_test_%s@example.org" % self.new_id,
-    )
-    person_user.validate()
-    for assignment in person_user.contentValues(portal_type="Assignment"):
-      assignment.open()
-    person_user.immediateReindexObject()
-    transaction.commit()
-    return person_user
  def createComputer(self, person=None):
    computer = self.portal.computer_module.newContent(
        portal_type="Computer",
@@ -134,7 +117,7 @@ class SlapOSWebMixin(testSlapOSMixin, SecurityTestCase):
    if getattr(self, "person", None) is None:
      self.new_id = self.generateNewId()
-      self.person = self.createPerson()
+      self.person = self.makePerson(new_id=self.new_id)
      self.computer = self.createComputer(person=self.person)
      self.hosting_subscription = self.createHostingSubscription(
                                                           person=self.person)

--- a/master/product/SlapOS/tests/testSlapOSMixin.py
+++ b/master/product/SlapOS/tests/testSlapOSMixin.py
@@ -27,6 +27,7 @@
 ##############################################################################
 import random
+import transaction
 import unittest
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
 import functools
@@ -216,6 +217,39 @@ class testSlapOSMixin(ERP5TypeTestCase):
    ]
    return result
+  def makePerson(self, new_id=None, index=True, user=True):
+    if new_id is None:
+      new_id = self.generateNewId()
+    # Clone person document
+    person_user = self.portal.person_module.template_member.\
+                                 Base_createCloneDocument(batch_mode=1)
+    person_user.edit(
+      title="live_test_%s" % new_id,
+      reference="live_test_%s" % new_id,
+      default_email_text="live_test_%s@example.org" % new_id,
+    )
+    person_user.validate()
+    for assignment in person_user.contentValues(portal_type="Assignment"):
+      assignment.open()
+    if user:
+      login = person_user.newContent(
+        portal_type="ERP5 Login",
+        reference=person_user.getReference())
+      login.validate()
+    if index:
+      transaction.commit()
+      person_user.immediateReindexObject()
+      if user:
+        login.immediateReindexObject()
+    return person_user
  def _makeTree(self, requested_template_id='template_software_instance'):
    new_id = self.generateNewId()
@@ -229,18 +263,7 @@ class testSlapOSMixin(ERP5TypeTestCase):
        state="started"
    )
-    # Clone person document
+    self.person_user = self.makePerson(new_id=new_id, index=False)
-    self.person_user = self.portal.person_module.template_member.\
-                                 Base_createCloneDocument(batch_mode=1)
-    self.person_user.edit(
-      title="live_test_%s" % new_id,
-      reference="live_test_%s" % new_id,
-      default_email_text="live_test_%s@example.org" % new_id,
-    )
-    self.person_user.validate()
-    for assignment in self.person_user.contentValues(portal_type="Assignment"):
-      assignment.open()
    self.commit()
    # prepare part of tree
    self.hosting_subscription = self.portal.hosting_subscription_module\