Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alecs_myu
erp5
Commits
e167ed2a
Commit
e167ed2a
authored
Oct 04, 2017
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
updateLocalRolesOnDocument: Do not modify document when local_roles_group_id_group_id is not empty
parent
d20bde9a
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
102 additions
and
7 deletions
+102
-7
product/ERP5Type/ERP5Type.py
product/ERP5Type/ERP5Type.py
+8
-7
product/ERP5Type/tests/testERP5Type.py
product/ERP5Type/tests/testERP5Type.py
+94
-0
No files found.
product/ERP5Type/ERP5Type.py
View file @
e167ed2a
...
@@ -103,13 +103,14 @@ class LocalRoleAssignorMixIn(object):
...
@@ -103,13 +103,14 @@ class LocalRoleAssignorMixIn(object):
if
ac_local_roles
!=
ob
.
__ac_local_roles__
:
if
ac_local_roles
!=
ob
.
__ac_local_roles__
:
ob
.
__ac_local_roles__
=
ac_local_roles
ob
.
__ac_local_roles__
=
ac_local_roles
if
local_roles_group_id_group_id
:
if
local_roles_group_id_group_id
!=
getattr
(
ob
,
'__ac_local_roles_group_id_dict__'
,
{}):
ob
.
__ac_local_roles_group_id_dict__
=
local_roles_group_id_group_id
if
local_roles_group_id_group_id
:
else
:
ob
.
__ac_local_roles_group_id_dict__
=
local_roles_group_id_group_id
try
:
else
:
del
ob
.
__ac_local_roles_group_id_dict__
try
:
except
AttributeError
:
del
ob
.
__ac_local_roles_group_id_dict__
pass
except
AttributeError
:
pass
## Make sure that the object is reindexed if modified
## Make sure that the object is reindexed if modified
# XXX: Document modification detection assumes local roles are always
# XXX: Document modification detection assumes local roles are always
...
...
product/ERP5Type/tests/testERP5Type.py
View file @
e167ed2a
...
@@ -3149,6 +3149,100 @@ return True''')
...
@@ -3149,6 +3149,100 @@ return True''')
self
.
assertEqual
(
script
(
1
),
2
)
self
.
assertEqual
(
script
(
1
),
2
)
self
.
assertTrue
(
script
.
checkGuard
())
self
.
assertTrue
(
script
.
checkGuard
())
def
test_updateLocalRolesOnSecurityGroups
(
self
):
# Boilerplate stuff...
category_script_id
=
'ERP5Type_getSecurityCategoryFromContentRelatedList'
createZODBPythonScript
(
self
.
getSkinsTool
().
custom
,
category_script_id
,
'base_category_list, user_name, document, portal_type'
,
'''
\
return [
{
base_category: [x.getRelativeUrl() for x in document.getRelatedValueList(base_category_list=base_category)]
}
for base_category in base_category_list
]
'''
)
role1
=
'Auditor'
role2
=
'Associate'
alternate
=
self
.
portal
.
portal_categories
.
local_role_group
.
newContent
(
portal_type
=
'Category'
,
reference
=
'Alternate'
,
id
=
'Alternate'
,
)
function
=
self
.
portal
.
portal_categories
.
function
.
newContent
(
portal_type
=
'Category'
,
id
=
'some_function'
,
codification
=
'SF1'
,
)
# End of boilerplate stuff
organisation
=
self
.
portal
.
organisation_module
.
newContent
(
portal_type
=
'Organisation'
,
)
person
=
self
.
portal
.
person_module
.
newContent
(
portal_type
=
'Person'
,
career_subordination_value
=
organisation
,
)
person
.
newContent
(
portal_type
=
'Assignment'
,
function_value
=
function
,
).
open
()
self
.
tic
()
user
=
self
.
portal
.
acl_users
.
getUserById
(
person
.
Person_getUserId
())
hasRole
=
lambda
role
:
user
.
has_role
(
role
,
organisation
)
# No role given, so no role present
self
.
assertFalse
(
hasRole
(
role1
))
self
.
assertFalse
(
hasRole
(
role2
))
# Recomputing roles does not modify organisation
tid_before
=
organisation
.
_p_serial
organisation
.
updateLocalRolesOnSecurityGroups
()
self
.
tic
()
self
.
assertEqual
(
tid_before
,
organisation
.
_p_serial
)
# Giving roles and recomputing makes these roles present
self
.
portal
.
portal_types
.
Organisation
.
newContent
(
portal_type
=
'Role Information'
,
role_name
=
role1
,
role_base_category_list
=
[
'subordination'
],
role_base_category_script_id
=
category_script_id
,
)
self
.
portal
.
portal_types
.
Organisation
.
newContent
(
portal_type
=
'Role Information'
,
role_name
=
role2
,
local_role_group_value
=
alternate
,
role_category
=
function
.
getRelativeUrl
(),
)
organisation
.
updateLocalRolesOnSecurityGroups
()
self
.
tic
()
self
.
assertTrue
(
hasRole
(
role1
))
self
.
assertTrue
(
hasRole
(
role2
))
# Test self-check: document modification detection actually works
self
.
assertNotEqual
(
tid_before
,
organisation
.
_p_serial
)
# Re-computing roles without role definition (nor category) change does
# not modify the document.
tid_before
=
organisation
.
_p_serial
organisation
.
updateLocalRolesOnSecurityGroups
()
self
.
tic
()
self
.
assertEqual
(
tid_before
,
organisation
.
_p_serial
)
self
.
assertTrue
(
hasRole
(
role1
))
self
.
assertTrue
(
hasRole
(
role2
))
# Re-computing roles after relation change removes role
person
.
setCareerSubordinationValue
(
None
)
# XXX: Person reindexation is needed as it acquires categories from
# Career subobject. This does not automatically happens, and should
# likely happen (by interaction workflow maybe ?).
person
.
recursiveReindexObject
()
self
.
tic
()
# Note: in a proper setup, updateLocalRolesOnSecurityGroups would
# automatically get called, likely by interaction workflow, whenever
# any role condition changes onrelated documents.
organisation
.
updateLocalRolesOnSecurityGroups
()
self
.
tic
()
self
.
assertFalse
(
hasRole
(
role1
))
# but this did not affect the other role
self
.
assertTrue
(
hasRole
(
role2
))
class
TestAccessControl
(
ERP5TypeTestCase
):
class
TestAccessControl
(
ERP5TypeTestCase
):
# Isolate test in a dedicaced class in order not to break other tests
# Isolate test in a dedicaced class in order not to break other tests
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment