erp5_core: standard security calculation to check if Assignment is expired or not

commit also extends tests in testErp5Security to reproduce the case

product/ERP5/bootstrap/erp5_core/ExtensionTemplateItem/portal_components/extension.erp5.StandardSecurity.py

@@ -27,6 +27,7 @@
 
 from Products.ERP5Security.ERP5GroupManager import ConsistencyError
 from Products.ZSQLCatalog.SQLCatalog import SimpleQuery
+from DateTime import DateTime
 
 def getSecurityCategoryFromAssignment(self, base_category_list, user_name, object, portal_type,
                                       child_category_list=[]):
@@ -66,10 +67,15 @@ def getSecurityCategoryFromAssignment(self, base_category_list, user_name, objec
     return []
   user_path, = user_path_set
   person_object = self.getPortalObject().unrestrictedTraverse(user_path)
+  now = DateTime()
 
   # We look for every valid assignments of this user
   for assignment in person_object.contentValues(filter={'portal_type': 'Assignment'}):
-    if assignment.getValidationState() == 'open':
+    if assignment.getValidationState() == "open" and (
+      not assignment.hasStartDate() or assignment.getStartDate() <= now
+    ) and (
+      not assignment.hasStopDate() or assignment.getStopDate() >= now
+    ):
       category_dict = {}
       for base_category in base_category_list:
         category_value_list = assignment.getAcquiredValueList(base_category)

product/ERP5Security/tests/testERP5Security.py

@@ -105,7 +105,7 @@ class TestUserManagement(ERP5TypeTestCase):
     newSecurityManager(None, user)
 
   def _makePerson(self, login=AUTO_LOGIN, open_assignment=1, assignment_start_date=None,
-                  assignment_stop_date=None, tic=True, password='secret', **kw):
+                  assignment_stop_date=None, tic=True, password='secret', group_value=None, **kw):
     """Creates a person in person module, and returns the object, after
     indexing is done. """
     person_module = self.getPersonModule()
@@ -113,7 +113,8 @@ class TestUserManagement(ERP5TypeTestCase):
                      portal_type='Person', **kw)
     assignment = new_person.newContent(portal_type = 'Assignment',
                                        start_date=assignment_start_date,
-                                       stop_date=assignment_stop_date,)
+                                       stop_date=assignment_stop_date,
+                                       group_value=group_value,)
     if open_assignment:
       assignment.open()
     if login is not None:
@@ -160,6 +161,48 @@ class TestUserManagement(ERP5TypeTestCase):
            "Plugin %s should not have authenticated '%s' with password '%s'" %
            (plugin_name, login, password))
 
+  def _getOrCreateGroupValue(self):
+    group_id = 'dummy_group'
+    group = self.portal.portal_categories.group
+    if group_id in group.objectIds():
+      return group[group_id]
+    else:
+      return self.portal.portal_categories.group.newContent(
+        id=group_id
+      )
+
+  def _createDummyDocument(self):
+    types_tool = self.portal.portal_types
+    # Create Portal Types if needed
+    if 'Dummy Object' not in types_tool.objectIds():
+      dummy_type = types_tool.newContent(
+        'Dummy Object',
+        'Base Type',
+        type_class='XMLObject'
+      )
+      dummy_type.newContent(
+        portal_type='Role Information',
+        role_category_list=self.portal.portal_categories.\
+          group.dummy_group.getRelativeUrl(),
+        role_name_list=('Assignee', )
+      )
+    if 'Dummy Module' not in types_tool.objectIds():
+      types_tool.newContent(
+        'Dummy Module',
+        'Base Type',
+        type_class='Folder',
+        type_filter_content_type=1,
+        type_allowed_content_type_list=('Dummy Object', ),
+      )
+    # clean-up dummy_module in any way
+    if 'dummy_module' in self.portal.objectIds():
+      self.portal.manage_delObjects(['dummy_module'])
+    self.tic()
+    self.portal.newContent(portal_type='Dummy Module', id='dummy_module')
+    dummy_document = self.portal.dummy_module.newContent(portal_type='Dummy Object')
+    self.tic()
+    return dummy_document
+
   def test_PersonWithLoginPasswordAreUsers(self):
     """Tests a person with a login & password is a valid user."""
     _, login, password = self._makePerson()
@@ -546,6 +589,57 @@ class TestUserManagement(ERP5TypeTestCase):
     )
     self._assertUserDoesNotExists(login, password)
 
+  def test_securityGroupAssignmentCorrectDate(self):
+    """
+      Tests a person with an assignment with correct date
+      gets correctly assigned to security groups.
+    """
+    date = DateTime()
+    user_id, login, password = self._makePerson(
+      assignment_start_date=date - 5,
+      assignment_stop_date=date + 5,
+      group_value=self._getOrCreateGroupValue()
+    )
+    self.assertIn(
+      'Assignee',
+      self.portal.acl_users.getUserById(user_id).\
+        getRolesInContext(self._createDummyDocument())
+    )
+
+  def test_securityGroupAssignmentBadStartDate(self):
+    """
+      Tests a person with an assignment with bad (future) start date
+      does not get assigned to security groups.
+    """
+    date = DateTime()
+    user_id, login, password = self._makePerson(
+      assignment_start_date=date + 1,
+      assignment_stop_date=date + 5,
+      group_value=self._getOrCreateGroupValue()
+    )
+    self.assertNotIn(
+      'Assignee',
+      self.portal.acl_users.getUserById(user_id).\
+        getRolesInContext(self._createDummyDocument())
+    )
+
+  def test_securityGroupAssignmentBadStopDate(self):
+    """
+      Tests a person with an assignment with bad (past) stop date
+      does not get assigned to security groups.
+    """
+    date = DateTime()
+    user_id, login, password = self._makePerson(
+      assignment_start_date=date - 5,
+      assignment_stop_date=date - 1,
+      group_value=self._getOrCreateGroupValue()
+    )
+    self.assertNotIn(
+      'Assignee',
+      self.portal.acl_users.getUserById(user_id).\
+        getRolesInContext(self._createDummyDocument())
+    )
+
   def test_DeletedPersonIsNotUser(self):
     user_id, login, password = self._makePerson()
     self._assertUserExists(login, password)