testDataProtection.py 7.51 KB
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved.
#
#                     Nicolas Delaby <nicolas@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################

import unittest
import transaction
from Products.ERP5Type.tests.Sequence import Sequence, SequenceList
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase

clear_module_name_list = """
data_protection_request_module
""".strip().split()

class TestDataProtection(ERP5TypeTestCase):

  document_edit_kw = {'description': 'Description with compromised data'}
  # Selection name of listbox's form
  # DataProtectionRequest_viewEraseSomeOriginalDataDialog
  selection_name = 'data_protection_request_erase_data_selection'

  def getTitle(self):
    return "Data Protection"

  def getBusinessTemplateList(self):
    return ('erp5_base',
            'erp5_data_protection',)

  def beforeTearDown(self):
    # clear modules if necessary
    for module_name in clear_module_name_list:
      module = getattr(self.portal, module_name)
      module.manage_delObjects(list(module.objectIds()))

    self.tic()

  def stepCreatePersonDocument(self, sequence=None, sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    portal_type = 'Person'
    module = portal.getDefaultModule(portal_type)
    person = module.newContent(portal_type=portal_type)
    sequence.set('document_relative_url', person.getRelativeUrl())

  def stepEditDocument(self, sequence=None, sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    document = portal.restrictedTraverse(sequence.get('document_relative_url'))
    document.edit(**self.document_edit_kw)

  def stepValidateDocument(self, sequence=None, sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    document = portal.restrictedTraverse(sequence.get('document_relative_url'))
    portal.portal_workflow.doActionFor(document, 'validate_action',
                                       comment='Comment with compromised data')

  def stepCreateDataProtectionRequest(self, sequence=None,
                                      sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    portal_type = 'Data Protection Request'
    document = portal.restrictedTraverse(sequence.get('document_relative_url'))
    document.Base_addDataProtectionRequest(
                          description='I think the description is compromised')
    transaction.commit()
    self.tic()
    data_protection = document.getFollowUpRelatedValueList(
                                                    portal_type=portal_type)[0]
    sequence.set('data_protection_request_relative_url',
                 data_protection.getRelativeUrl())

  def stepSubmitDataProtectionRequest(self, sequence=None,
                                      sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    data_protection = portal.restrictedTraverse(
                          sequence.get('data_protection_request_relative_url'))
    data_protection.submit()

  def stepEraseDocumentProperties(self, sequence=None,
                                  sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    data_protection = portal.restrictedTraverse(
                          sequence.get('data_protection_request_relative_url'))
    portal.portal_selections.setSelectionCheckedUidsFor(self.selection_name,
                                                  self.document_edit_kw.keys())
    # False means keep workflow history comments
    data_protection.DataProtectionRequest_eraseSomeOriginalData('View', False)

  def stepCheckErasedDataProperties(self, sequence=None,
                                  sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    document = portal.restrictedTraverse(sequence.get('document_relative_url'))
    for property_id in self.document_edit_kw.keys():
      # Properties are now deleted, so check that None 
      # or default value is returned.
      self.assertFalse(document.getProperty(property_id))
    # View History permission is now granted only for Manager
    self.assertEquals(document._View_History_Permission, ('Manager',))

  def stepEraseWorkflowHistoryCommentList(self, sequence=None,
                                  sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    data_protection = portal.restrictedTraverse(
                          sequence.get('data_protection_request_relative_url'))
    # True means delete workflow history comments
    data_protection.DataProtectionRequest_eraseSomeOriginalData('View', True)

  def stepCheckErasedWorkflowHistoryCommentList(self, sequence=None,
                                  sequence_list=None, **kw):
    """
    """
    portal = self.getPortal()
    document = portal.restrictedTraverse(sequence.get('document_relative_url'))
    workflow_history = document.workflow_history
    for workflow_id in workflow_history:
      # All comments are removed except last one
      self.assertFalse([history for history in
                       workflow_history[workflow_id][:-1]
                       if history.get('comment')])
    # Last comment of edit workflow is filled by data protection action
    self.assertTrue(workflow_history['edit_workflow'][-1].get('comment'))
    # View History permission is now granted only for Manager
    self.assertEquals(document._View_History_Permission, ('Manager',))

  def test_01_dataProtectionRequest(self):
    """This test create a person with a compromised description.
    A data protection request is create from this document.
    Then user erase properties and workflow history and check
    expected result.
      - property on object are deleted
      - Worlkflow history comments are deleted
      - Permission "View History" is granted only for Manager
    """
    sequence_list = SequenceList()
    sequence_string = '\
    CreatePersonDocument \
    EditDocument \
    ValidateDocument \
    Tic \
    CreateDataProtectionRequest \
    Tic \
    SubmitDataProtectionRequest \
    Tic \
    EraseDocumentProperties \
    Tic \
    CheckErasedDataProperties \
    EraseWorkflowHistoryCommentList \
    Tic \
    CheckErasedWorkflowHistoryCommentList \
    '
    sequence_list.addSequenceString(sequence_string)
    sequence_list.play(self)

def test_suite():
  suite = unittest.TestSuite()
  suite.addTest(unittest.makeSuite(TestDataProtection))
  return suite