Commit d353fed4 authored by Jérome Perrin's avatar Jérome Perrin

to prevent user preferences to be enabled for manager, we were only

considering preference where the user had an Owner role, but as we sometimes
have manager users that are also owner globally, it's better to do this using
ownership and not owner role.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@31641 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 69ee3928
...@@ -204,12 +204,12 @@ class PreferenceTool(BaseTool): ...@@ -204,12 +204,12 @@ class PreferenceTool(BaseTool):
# XXX quick workaround so that manager only see user preference # XXX quick workaround so that manager only see user preference
# they actually own. # they actually own.
if user_is_manager and pref.getPriority() == Priority.USER : if user_is_manager and pref.getPriority() == Priority.USER :
if user.allowed(pref, ('Owner',)): if pref.getOwnerTuple()[1] == user.getId():
prefs.append(pref) prefs.append(pref)
else : else :
prefs.append(pref) prefs.append(pref)
prefs.sort(key=lambda x: x.getPriority(), reverse=True) prefs.sort(key=lambda x: x.getPriority(), reverse=True)
# add system preferences after user preferences # add system preferences before user preferences
sys_prefs = [x.getObject() for x in self.searchFolder(portal_type='System Preference', sql_catalog_id=sql_catalog_id) \ sys_prefs = [x.getObject() for x in self.searchFolder(portal_type='System Preference', sql_catalog_id=sql_catalog_id) \
if x.getObject().getProperty('preference_state', 'broken') in ('enabled', 'global')] if x.getObject().getProperty('preference_state', 'broken') in ('enabled', 'global')]
sys_prefs.sort(key=lambda x: x.getPriority(), reverse=True) sys_prefs.sort(key=lambda x: x.getPriority(), reverse=True)
......
...@@ -335,12 +335,24 @@ class TestPreferences(ERP5TypeTestCase): ...@@ -335,12 +335,24 @@ class TestPreferences(ERP5TypeTestCase):
portal_workflow.doActionFor( portal_workflow.doActionFor(
manager_pref, 'enable_action', wf_id='preference_workflow') manager_pref, 'enable_action', wf_id='preference_workflow')
self.assertEquals(manager_pref.getPreferenceState(), 'enabled') self.assertEquals(manager_pref.getPreferenceState(), 'enabled')
transaction.commit(); self.tic()
# check users preferences are still enabled # check users preferences are still enabled
self.assertEquals(user_a_1.getPreferenceState(), 'enabled') self.assertEquals(user_a_1.getPreferenceState(), 'enabled')
self.assertEquals(user_b_1.getPreferenceState(), 'enabled') self.assertEquals(user_b_1.getPreferenceState(), 'enabled')
self.assertEquals(user_a_2.getPreferenceState(), 'disabled') self.assertEquals(user_a_2.getPreferenceState(), 'disabled')
# A user with Manager and Owner can view all preferences, because this user
# is Manager and Owner, but for Manager, we have an exception, only
# preferences actually owned by the user are taken into account.
uf._doAddUser('manager_and_owner', '', ['Manager', 'Owner'], [])
self.login('manager_and_owner')
self.assert_('Owner' in
getSecurityManager().getUser().getRolesInContext(manager_pref))
self.assertEquals(None,
portal_preferences.getPreferredAccountingTransactionAtDate())
def test_GlobalPreference(self): def test_GlobalPreference(self):
# globally enabled preference are preference for anonymous users. # globally enabled preference are preference for anonymous users.
ptool = self.getPreferenceTool() ptool = self.getPreferenceTool()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment