Commit d3964abe authored by Romain Courteaud's avatar Romain Courteaud

Add Computer Network security configuration.

parent cebe77f4
<local_roles_item>
<local_roles>
<role id='R-MEMBER'>
<item>Auditor</item>
<item>Author</item>
</role>
<role id='zope'>
<item>Owner</item>
</role>
</local_roles>
</local_roles_item>
\ No newline at end of file
...@@ -2,4 +2,7 @@ ...@@ -2,4 +2,7 @@
<portal_type id="Computer"> <portal_type id="Computer">
<item>source_administration</item> <item>source_administration</item>
</portal_type> </portal_type>
<portal_type id="Computer Network">
<item>source_administration</item>
</portal_type>
</base_category_list> </base_category_list>
\ No newline at end of file
<type_roles>
<role id='Auditor; Author'>
<property id='title'>Member</property>
<multi_property id='category'>role/member</multi_property>
<multi_property id='base_category'>role</multi_property>
</role>
</type_roles>
\ No newline at end of file
<type_roles>
<role id='Assignee'>
<property id='title'>Computer Agent</property>
<property id='description'>Monovalued role</property>
<property id='base_category_script'>ERP5Type_getSecurityCategoryFromContent</property>
<multi_property id='base_category'>source_administration</multi_property>
</role>
<role id='Assignor'>
<property id='title'>Group company</property>
<multi_property id='category'>group/company</multi_property>
<multi_property id='base_category'>group</multi_property>
</role>
</type_roles>
\ No newline at end of file
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
<type>Computer</type> <type>Computer</type>
<workflow>local_permission_vifib_interaction_workflow</workflow> <workflow>local_permission_vifib_interaction_workflow</workflow>
</chain> </chain>
<chain>
<type>Computer Network</type>
<workflow>local_permission_vifib_interaction_workflow</workflow>
</chain>
<chain> <chain>
<type>Hosting Subscription</type> <type>Hosting Subscription</type>
<workflow>local_permission_vifib_interaction_workflow</workflow> <workflow>local_permission_vifib_interaction_workflow</workflow>
......
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
import unittest
from Products.Vifib.tests.testVifibSlapWebService import \
TestVifibSlapWebServiceMixin
READ = 'Access contents information'
VIEW = 'View'
ADD = 'Add portal content'
WRITE = 'Modify portal content'
OTHER_AUDITOR = [
'Access Transient Objects',
'Access session data',
'Copy or Move',
'List folder contents',
'View History'
]
OTHER_AUTHOR = [
'Add portal folders',
]
class TestVifibComputerNetworkSecurity(TestVifibSlapWebServiceMixin):
def generateNewId(self):
return self.getPortalObject().portal_ids.generateNewId(
id_group=('slapos_core_test'))
def getTitle(self):
return "Test Vifib Computer Network Security"
def createMemberUser(self):
portal = self.getPortalObject()
new_id = self.generateNewId()
# Clone person document
person_user = portal.person_module.template_member.\
Base_createCloneDocument(batch_mode=1)
person_user.edit(
title="live_test_%s" % new_id,
reference="live_test_%s" % new_id,
default_email_text="live_test_%s@example.org" % new_id,
)
person_user.validate()
for assignment in person_user.contentValues(portal_type="Assignment"):
assignment.open()
return person_user
def afterSetUp(self):
pass
def beforeTearDown(self):
pass
def _getLocalRoles(self, context):
return [x[0] for x in context.get_local_roles()]
def _permissionsOfRole(self, context, role):
return [x['name'] for x in context.permissionsOfRole(role) \
if x['selected'] == 'SELECTED']
def assertPermissionsOfRole(self, context, role, permission_list):
self.assertSameSet(
permission_list,
self._permissionsOfRole(context, role))
def assertSecurityGroup(self, context, security_group_list, acquired):
self.assertEquals(acquired, context._getAcquireLocalRoles())
self.assertSameSet(
security_group_list,
self._getLocalRoles(context)
)
def assertRoles(self, context, security_group, role_list):
self.assertSameSet(
role_list,
context.get_local_roles_for_userid(security_group)
)
def test_ComputerNetworkModuleLocalRoles(self):
module = self.portal.computer_network_module
self.assertSecurityGroup(module, ['R-MEMBER', 'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Author', 'Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
def test_ComputerNetworkModulePermissions(self):
module = self.portal.computer_network_module
self.assertPermissionsOfRole(module, 'Owner', [])
self.assertPermissionsOfRole(module, 'Auditor',
[READ, VIEW] + OTHER_AUDITOR)
self.assertPermissionsOfRole(module, 'Author',
[READ, ADD] + OTHER_AUDITOR + OTHER_AUTHOR)
def test_ComputerNetworkLocalRoles(self):
module = self.portal.computer_network_module
network = module.newContent(portal_type="Computer Network")
self.assertSecurityGroup(network, ['ERP5TypeTestCase', 'G-COMPANY'], False)
self.assertRoles(network, 'ERP5TypeTestCase', ['Owner'])
self.assertRoles(network, 'G-COMPANY', ['Assignor'])
# Setting source administration give person the assignee role
person = self.createMemberUser()
network.edit(source_administration_value=person)
self.assertSecurityGroup(network,
['ERP5TypeTestCase', 'G-COMPANY', person.getReference()], False)
self.assertRoles(network, person.getReference(), ['Assignee'])
def test_ComputerNetworkPermission(self):
module = self.portal.computer_network_module
network = module.newContent(portal_type="Computer Network")
# Check draft state
self.assertEquals('draft', network.getValidationState())
self.assertPermissionsOfRole(network, 'Owner',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignee',
[READ, VIEW, ADD, WRITE])
# Check validated state
network.validate()
self.assertEquals('validated', network.getValidationState())
self.assertPermissionsOfRole(network, 'Owner', [])
self.assertPermissionsOfRole(network, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignee',
[READ, VIEW, ADD, WRITE])
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestVifibComputerNetworkSecurity))
return suite
...@@ -69,6 +69,7 @@ ...@@ -69,6 +69,7 @@
<value> <value>
<list> <list>
<string>Computer</string> <string>Computer</string>
<string>Computer Network</string>
<string>Internal Packing List</string> <string>Internal Packing List</string>
<string>Purchase Packing List</string> <string>Purchase Packing List</string>
</list> </list>
......
459 460
\ No newline at end of file \ No newline at end of file
...@@ -17,6 +17,7 @@ business_process_module/vifib_sale_business_process ...@@ -17,6 +17,7 @@ business_process_module/vifib_sale_business_process
campaign_module campaign_module
component_module component_module
computer_module computer_module
computer_network_module
credential_update_module credential_update_module
currency_module currency_module
currency_module/EUR currency_module/EUR
......
...@@ -4,6 +4,7 @@ account_module/capital ...@@ -4,6 +4,7 @@ account_module/capital
account_module/coll_vat account_module/coll_vat
account_module/equipments account_module/equipments
account_module/inventories account_module/inventories
computer_network_module
account_module/payable account_module/payable
account_module/profit_loss account_module/profit_loss
account_module/purchase account_module/purchase
......
Computer Network | source_administration
Computer | source_administration Computer | source_administration
\ No newline at end of file
...@@ -16,6 +16,8 @@ Component ...@@ -16,6 +16,8 @@ Component
Component Module Component Module
Computer Computer
Computer Module Computer Module
Computer Network
Computer Network Module
Computer Partition Computer Partition
Contribution Tool Contribution Tool
Credential Update Module Credential Update Module
......
Account Account
Account Module Account Module
Computer Network
Computer Network Module
Accounting Period Accounting Period
Accounting Transaction Accounting Transaction
Accounting Transaction Module Accounting Transaction Module
......
Computer Network | local_permission_vifib_interaction_workflow
Computer | local_permission_vifib_interaction_workflow Computer | local_permission_vifib_interaction_workflow
Hosting Subscription | local_permission_vifib_interaction_workflow Hosting Subscription | local_permission_vifib_interaction_workflow
Internal Packing List | local_permission_vifib_interaction_workflow Internal Packing List | local_permission_vifib_interaction_workflow
......
...@@ -4,5 +4,6 @@ testVifibModuleSecurity ...@@ -4,5 +4,6 @@ testVifibModuleSecurity
testVifibUserAdmin testVifibUserAdmin
testVifibUserCustomer testVifibUserCustomer
testVifibUserDeveloper testVifibUserDeveloper
testVifibComputerNetworkSecurity
testVifibConstraint testVifibConstraint
testVifibPayZen testVifibPayZen
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment