ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.

3b1eb041 · Arnaud Fontaine · 1f9debe6 · 3b1eb041 · 3b1eb041 · 3b1eb041
Commit 3b1eb041 authored Jul 09, 2013 by Arnaud Fontaine
6 changed files
--- a/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/delete_action.xml
+++ b/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/delete_action.xml
@@ -69,9 +69,7 @@
            <key> <string>roles</string> </key>
            <value>
              <tuple>
-                <string>Assignee</string>
+                <string>Developer</string>
-                <string>Assignor</string>
-                <string>Manager</string>
              </tuple>
            </value>
        </item>

--- a/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/invalidate_action.xml
+++ b/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/invalidate_action.xml
@@ -65,9 +65,7 @@
            <key> <string>roles</string> </key>
            <value>
              <tuple>
-                <string>Assignee</string>
+                <string>Developer</string>
-                <string>Assignor</string>
-                <string>Manager</string>
              </tuple>
            </value>
        </item>

--- a/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/validate_action.xml
+++ b/product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/component_validation_workflow/transitions/validate_action.xml
@@ -65,9 +65,7 @@
            <key> <string>roles</string> </key>
            <value>
              <tuple>
-                <string>Assignee</string>
+                <string>Developer</string>
-                <string>Assignor</string>
-                <string>Manager</string>
              </tuple>
            </value>
        </item>

--- a/product/ERP5/bootstrap/erp5_core/bt/change_log
+++ b/product/ERP5/bootstrap/erp5_core/bt/change_log
+2013-07-09 arnaud.fontaine
+* ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.
 2013-07-04 arnaud.fontaine
 * ZODB Components: Version was not displayed properly in Component view.

--- a/product/ERP5/bootstrap/erp5_core/bt/revision
+++ b/product/ERP5/bootstrap/erp5_core/bt/revision
-41115
+41116
\ No newline at end of file
--- a/product/ERP5Type/tests/testDynamicClassGeneration.py
+++ b/product/ERP5Type/tests/testDynamicClassGeneration.py
@@ -1348,26 +1348,75 @@ class _TestZodbComponent(SecurityTestCase):
    The new Component should only be in erp5.component.XXX when validated,
    otherwise it should not be importable at all
    """
+    uf = self.portal.acl_users
+    if not uf.getUser('ERP5TypeTestCase_NonDeveloper'):
+      uf._doAddUser('ERP5TypeTestCase_NonDeveloper',
+                    '', ['Manager', 'Member', 'Assignee',
+                         'Assignor', 'Author', 'Auditor', 'Associate'], [])
    test_component = self._newComponent(
      'TestValidateInvalidateComponent',
      'def foobar(*args, **kwargs):\n  return "ValidateInvalidate"')
-    test_component.validate()
+    self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
+                                             'validate_action',
+                                             test_component)
+    self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
+                                             'invalidate_action',
+                                             test_component)
+    from AccessControl.SecurityManagement import getSecurityManager
+    from AccessControl.SecurityManagement import setSecurityManager
+    from Products.CMFCore.WorkflowCore import WorkflowException
+    sm = getSecurityManager()
+    try:
+      self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
+      self.assertRaises(WorkflowException,
+                        self.portal.portal_workflow.doActionFor,
+                        test_component, 'delete_action')
+    finally:
+      setSecurityManager(sm)
+    self.failIfModuleImportable('TestValidateInvalidateComponent')
+    self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
    self.tic()
    self.assertModuleImportable('TestValidateInvalidateComponent')
-    test_component.invalidate()
+    self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
+                                             'invalidate_action',
+                                             test_component)
+    self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
+                                             'validate_action',
+                                             test_component)
+    self.assertRaises(WorkflowException,
+                      self.portal.portal_workflow.doActionFor,
+                      test_component, 'delete_action')
+    self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
    self.tic()
    self.failIfModuleImportable('TestValidateInvalidateComponent')
-    test_component.validate()
+    self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
    self.tic()
    self.assertModuleImportable('TestValidateInvalidateComponent')
-    test_component.invalidate()
+    self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
    self.tic()
    self.failIfModuleImportable('TestValidateInvalidateComponent')
+    sm = getSecurityManager()
+    try:
+      self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
+      self.assertRaises(WorkflowException,
+                        self.portal.portal_workflow.doActionFor,
+                        test_component, 'delete_action')
+    finally:
+      setSecurityManager(sm)
    self.portal.portal_workflow.doActionFor(test_component, 'delete_action')
    self.tic()
    self.failIfModuleImportable('TestValidateInvalidateComponent')