diff --git a/product/ERP5Type/Accessor/Accessor.py b/product/ERP5Type/Accessor/Accessor.py index cf7d279b63de1ab14b13dca913fc16efe66e9406..7093a6458cd5eae588b8d5589dfe7bcb2eba9c69 100644 --- a/product/ERP5Type/Accessor/Accessor.py +++ b/product/ERP5Type/Accessor/Accessor.py @@ -65,16 +65,3 @@ class Accessor(Method): # Returns a reindexing alias from Alias import ReindexAlias return ReindexAlias(id, self.__name__) - -try: - from ZODB.Transaction import Transaction - # Zope 2.7 do not patch -except ImportError: - # Zope 2.8, patch - class __roles__: - @staticmethod - def rolesForPermissionOn(ob): - return getattr(ob.im_self, '%s__roles__' % ob.__name__) - - Accessor.__roles__ = __roles__ - diff --git a/product/ERP5Type/tests/testERP5Type.py b/product/ERP5Type/tests/testERP5Type.py index 6e8180abc23a33bb94ac8e6beaddc75df111a305..3867861a7ce74bda4434dd97f8d79d99a5787007 100644 --- a/product/ERP5Type/tests/testERP5Type.py +++ b/product/ERP5Type/tests/testERP5Type.py @@ -2095,136 +2095,6 @@ class TestPropertySheet: finally: removeZODBPythonScript(script_container, script_id) - def test_DefaultSecurityOnAccessors(self): - # Test accessors are protected correctly - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'type': 'string', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertFalse(guarded_hasattr(obj, 'getFooBar')) - - def test_DefaultSecurityOnListAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test list accessors are protected correctly - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'type': 'lines', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setFooBarList')) - self.assertTrue(guarded_hasattr(obj, 'getFooBarList')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBarList')) - self.assertTrue(guarded_hasattr(obj, 'getFooBarList')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBarList')) - self.assertFalse(guarded_hasattr(obj, 'getFooBarList')) - - def test_DefaultSecurityOnCategoryAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test category accessors are protected correctly - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setRegion')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'setRegionList')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegion')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'getRegionList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - # setter is protected by default with modify portal content - obj.manage_permission(Permissions.ModifyPortalContent, [], 0) - self.assertFalse(guarded_hasattr(obj, 'setRegion')) - self.assertFalse(guarded_hasattr(obj, 'setRegionValue')) - self.assertFalse(guarded_hasattr(obj, 'setRegionList')) - self.assertFalse(guarded_hasattr(obj, 'setRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegion')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'getRegionList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionValueList')) - self.assertTrue(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - # getter is protected with Access content information - obj.manage_permission(Permissions.ModifyPortalContent, ['Manager'], 1) - obj.manage_permission(Permissions.AccessContentsInformation, [], 0) - self.assertTrue(guarded_hasattr(obj, 'setRegion')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValue')) - self.assertTrue(guarded_hasattr(obj, 'setRegionList')) - self.assertTrue(guarded_hasattr(obj, 'setRegionValueList')) - self.assertFalse(guarded_hasattr(obj, 'getRegion')) - self.assertFalse(guarded_hasattr(obj, 'getRegionValue')) - self.assertFalse(guarded_hasattr(obj, 'getRegionList')) - self.assertFalse(guarded_hasattr(obj, 'getRegionValueList')) - self.assertFalse(guarded_hasattr(obj, 'getRegionRelatedValueList')) - - def test_PropertySheetSecurityOnAccessors(self): - try: - from ZODB.Transaction import Transaction - return - # Zope 2.7 do not test - except ImportError: - pass - - # Test accessors are protected correctly when you specify the permission - # in the property sheet. - self._addProperty('Person', - ''' { 'id': 'foo_bar', - 'write_permission' : 'Set own password', - 'read_permission' : 'Manage users', - 'type': 'string', - 'mode': 'w', }''') - obj = self.getPersonModule().newContent(portal_type='Person') - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - obj.manage_permission('Set own password', [], 0) - self.assertFalse(guarded_hasattr(obj, 'setFooBar')) - self.assertTrue(guarded_hasattr(obj, 'getFooBar')) - - obj.manage_permission('Set own password', ['Manager'], 1) - obj.manage_permission('Manage users', [], 0) - self.assertTrue(guarded_hasattr(obj, 'setFooBar')) - self.assertFalse(guarded_hasattr(obj, 'getFooBar')) def test_suite(): suite = unittest.TestSuite()