Commit 20401527 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! erp5_dms: update document_publication_workflow permissions

parent 3df8074d
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
import hashlib, httplib import hashlib, httplib
from Products.ERP5Type.UnrestrictedMethod import super_user
def WebSection_getDocumentValue(self, key, portal=None, language=None,\ def WebSection_getDocumentValue(self, key, portal=None, language=None,\
...@@ -105,6 +106,8 @@ def WebSite_viewAsWebPost(self, *args, **kwargs): ...@@ -105,6 +106,8 @@ def WebSite_viewAsWebPost(self, *args, **kwargs):
document = portal.portal_contributions.newContent(file=file, document = portal.portal_contributions.newContent(file=file,
filename='shacache', discover_metadata=False, reference=sha512sum, filename='shacache', discover_metadata=False, reference=sha512sum,
content_type='application/octet-stream') content_type='application/octet-stream')
with super_user():
# security check should be done already.
document.publish() document.publish()
self.REQUEST.RESPONSE.setStatus(httplib.CREATED) self.REQUEST.RESPONSE.setStatus(httplib.CREATED)
......
...@@ -30,6 +30,7 @@ import hashlib ...@@ -30,6 +30,7 @@ import hashlib
import json import json
import validictory import validictory
from Products.ERP5Type.Document import newTempFile from Products.ERP5Type.Document import newTempFile
from Products.ERP5Type.UnrestrictedMethod import super_user
def WebSection_getDocumentValue(self, key, portal=None, language=None,\ def WebSection_getDocumentValue(self, key, portal=None, language=None,\
...@@ -99,6 +100,8 @@ def WebSection_setObject(self, id, ob, **kw): ...@@ -99,6 +100,8 @@ def WebSection_setObject(self, id, ob, **kw):
if data_set is None: if data_set is None:
data_set = portal.data_set_module.newContent(portal_type='Data Set', data_set = portal.data_set_module.newContent(portal_type='Data Set',
reference=id) reference=id)
with super_user():
# security check should be done already.
data_set.publish() data_set.publish()
...@@ -109,6 +112,8 @@ def WebSection_setObject(self, id, ob, **kw): ...@@ -109,6 +112,8 @@ def WebSection_setObject(self, id, ob, **kw):
ob.setReference(reference) ob.setReference(reference)
if expiration_date is not None: if expiration_date is not None:
ob.setExpirationDate(expiration_date) ob.setExpirationDate(expiration_date)
with super_user():
# security check should be done already.
ob.publish() ob.publish()
return ob return ob
......
...@@ -65,6 +65,20 @@ return "%s/?key=%s" % (base_url, context.getReference())\n ...@@ -65,6 +65,20 @@ return "%s/?key=%s" % (base_url, context.getReference())\n
<key> <string>_params</string> </key> <key> <string>_params</string> </key>
<value> <string></string> </value> <value> <string></string> </value>
</item> </item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Assignor</string>
</tuple>
</value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item> <item>
<key> <string>id</string> </key> <key> <string>id</string> </key>
<value> <string>WebPage_shareDocument</string> </value> <value> <string>WebPage_shareDocument</string> </value>
...@@ -72,4 +86,23 @@ return "%s/?key=%s" % (base_url, context.getReference())\n ...@@ -72,4 +86,23 @@ return "%s/?key=%s" % (base_url, context.getReference())\n
</dictionary> </dictionary>
</pickle> </pickle>
</record> </record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="Guard" module="Products.DCWorkflow.Guard"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>roles</string> </key>
<value>
<tuple>
<string>Assignor</string>
<string>Auditor</string>
<string>Manager</string>
</tuple>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData> </ZopeData>
...@@ -129,18 +129,20 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -129,18 +129,20 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase):
It also must check if document can be published alive. It also must check if document can be published alive.
""" """
self.changeUser(self.lucas_user)
for module in ('image_module', 'document_module',): for module in ('image_module', 'document_module',):
module = getattr(self.portal, module) module = getattr(self.portal, module)
for portal_type in module.getVisibleAllowedContentTypeList(): for portal_type in module.getVisibleAllowedContentTypeList():
self.changeUser(self.lucas_user)
document = module.newContent(portal_type=portal_type) document = module.newContent(portal_type=portal_type)
document() document()
document.view() document.view()
self.login()
document.publishAlive() document.publishAlive()
self.tic() self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published Alive', self.assertEqual('Published Alive',
document.getValidationStateTitle()) document.getValidationStateTitle())
...@@ -181,6 +183,7 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -181,6 +183,7 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase):
self.changeUser(self.toto_user) self.changeUser(self.toto_user)
document = module.newContent(portal_type=portal_type) document = module.newContent(portal_type=portal_type)
self.login()
document.publishAlive() document.publishAlive()
self.tic() self.tic()
......
...@@ -120,8 +120,10 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -120,8 +120,10 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
data_set() data_set()
data_set.view() data_set.view()
self.login()
data_set.publish() data_set.publish()
self.tic() self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published', data_set.getValidationStateTitle()) self.assertEqual('Published', data_set.getValidationStateTitle())
self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', data_set) self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', data_set)
...@@ -147,6 +149,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -147,6 +149,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
data_set = self.portal.data_set_module.newContent( data_set = self.portal.data_set_module.newContent(
portal_type='Data Set', portal_type='Data Set',
reference=self.key) reference=self.key)
self.login()
data_set.publish() data_set.publish()
self.tic() self.tic()
...@@ -167,9 +170,11 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -167,9 +170,11 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
document() document()
document.view() document.view()
self.login()
document.publishAlive() document.publishAlive()
self.tic() self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published Alive', document.getValidationStateTitle()) self.assertEqual('Published Alive', document.getValidationStateTitle())
self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', document) self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', document)
...@@ -191,6 +196,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase): ...@@ -191,6 +196,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
""" """
self.changeUser(self.toto_user) self.changeUser(self.toto_user)
document = self.portal.document_module.newContent(portal_type='Text') document = self.portal.document_module.newContent(portal_type='Text')
self.login()
document.publishAlive() document.publishAlive()
self.tic() self.tic()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment