to prevent user preferences to be enabled for manager, we were only

considering preference where the user had an Owner role, but as we sometimes have manager users that are also owner globally, it's better to do this using ownership and not owner role. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@31641 20353a03-c40f-0410-a6d1-a30d3c3de9de

to prevent user preferences to be enabled for manager, we were only
considering preference where the user had an Owner role, but as we sometimes have manager users that are also owner globally, it's better to do this using ownership and not owner role. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@31641 20353a03-c40f-0410-a6d1-a30d3c3de9de
d353fed4 · Jérome Perrin · 69ee3928 · d353fed4 · d353fed4
Commit d353fed4 authored Jan 07, 2010 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

product/ERP5Form/PreferenceTool.py product/ERP5Form/PreferenceTool.py +2 -2

product/ERP5Form/tests/testPreferences.py product/ERP5Form/tests/testPreferences.py +12 -0

No files found.
--- a/product/ERP5Form/PreferenceTool.py
+++ b/product/ERP5Form/PreferenceTool.py
@@ -204,12 +204,12 @@ class PreferenceTool(BaseTool):
        # XXX quick workaround so that manager only see user preference
        # they actually own.
        if user_is_manager and pref.getPriority() == Priority.USER :
-          if user.allowed(pref, ('Owner',)):
+          if pref.getOwnerTuple()[1] == user.getId():
            prefs.append(pref)
        else :
          prefs.append(pref)
    prefs.sort(key=lambda x: x.getPriority(), reverse=True)
-    # add system preferences after user preferences
+    # add system preferences before user preferences
    sys_prefs = [x.getObject() for x in self.searchFolder(portal_type='System Preference', sql_catalog_id=sql_catalog_id) \
                 if x.getObject().getProperty('preference_state', 'broken') in ('enabled', 'global')]
    sys_prefs.sort(key=lambda x: x.getPriority(), reverse=True)

--- a/product/ERP5Form/tests/testPreferences.py
+++ b/product/ERP5Form/tests/testPreferences.py
@@ -335,12 +335,24 @@ class TestPreferences(ERP5TypeTestCase):
    portal_workflow.doActionFor(
       manager_pref, 'enable_action', wf_id='preference_workflow')
    self.assertEquals(manager_pref.getPreferenceState(), 'enabled')
+    transaction.commit(); self.tic()
    # check users preferences are still enabled
    self.assertEquals(user_a_1.getPreferenceState(), 'enabled')
    self.assertEquals(user_b_1.getPreferenceState(), 'enabled')
    self.assertEquals(user_a_2.getPreferenceState(), 'disabled')
+    # A user with Manager and Owner can view all preferences, because this user
+    # is Manager and Owner, but for Manager, we have an exception, only
+    # preferences actually owned by the user are taken into account.
+    uf._doAddUser('manager_and_owner', '', ['Manager', 'Owner'], [])
+    self.login('manager_and_owner')
+    self.assert_('Owner' in
+      getSecurityManager().getUser().getRolesInContext(manager_pref))
+    self.assertEquals(None,
+        portal_preferences.getPreferredAccountingTransactionAtDate())
  def test_GlobalPreference(self):
    # globally enabled preference are preference for anonymous users.
    ptool = self.getPreferenceTool()