Commit da97fca5 authored by Romain Courteaud's avatar Romain Courteaud

User do not have access to portal_secure_payment.

Only handle relative_url to do get unauthorized.
parent b9848f38
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>from zExceptions import Unauthorized\n
if REQUEST is not None:\n
raise Unauthorized\n
\n
portal = context.getPortalObject()\n
payment_service = portal.portal_secure_payments.find(\n
service_reference=portal.portal_preferences.getPreferredPayzenPaymentServiceReference())\n
\n
return payment_service.getRelativeUrl()\n
</string> </value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>REQUEST=None, **kw</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getPayzenServiceRelativeUrl</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -55,12 +55,10 @@ if REQUEST is not None:\n
raise Unauthorized\n
\n
portal = context.getPortalObject()\n
payment_service = portal.portal_secure_payments.find(\n
service_reference=portal.portal_preferences.getPreferredPayzenPaymentServiceReference())\n
\n
kw.update({\n
\'portal_type\': \'Payzen Event\',\n
\'source_value\': payment_service,\n
\'source\': portal.Base_getPayzenServiceRelativeUrl(),\n
\'destination_value\': context,\n
})\n
\n
......
......@@ -573,3 +573,17 @@ class TestSlapOSPayzenEvent_processUpdate(testSlapOSMixin):
event.workflow_history['system_event_workflow'][-1]['comment'])
class TestSlapOSPayzenBase_getPayzenServiceRelativeUrl(testSlapOSMixin):
def beforeTearDown(self):
transaction.abort()
def test_getPayzenServiceRelativeUrl_REQUEST_disallowed(self):
self.assertRaises(
Unauthorized,
self.portal.Base_getPayzenServiceRelativeUrl,
REQUEST={})
def test_getPayzenServiceRelativeUrl_REQUEST_disallowed(self):
result = self.portal.Base_getPayzenServiceRelativeUrl()
self.assertEquals(result, 'portal_secure_payments/slapos_payzen_test')
95
\ No newline at end of file
96
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment