BusinessTemplate: install as System Processes user.

See merge request nexedi/erp5!1302

BusinessTemplate: install as System Processes user.
See merge request nexedi/erp5!1302
b3ad06f2 · Kazuhiko Shiozaki · bcb43861 · 49b9612b · b3ad06f2 · b3ad06f2
Commit b3ad06f2 authored Oct 28, 2020 by Kazuhiko Shiozaki
6 changed files
--- a/bt5/erp5_accounting/TestTemplateItem/portal_components/test.erp5.testAccountingReports.py
+++ b/bt5/erp5_accounting/TestTemplateItem/portal_components/test.erp5.testAccountingReports.py
@@ -31,6 +31,7 @@

 import unittest

+from AccessControl import getSecurityManager
 from DateTime import DateTime

 from erp5.component.test.testAccounting import AccountingTestCase
@@ -5119,6 +5120,13 @@ class TestAccountingReportsWithAnalytic(AccountingTestCase, ERP5ReportTestCase):
  def afterSetUp(self):
    AccountingTestCase.afterSetUp(self)
    self.login()
+
+    # change ownership of the preference
+    self.portal.portal_preferences.accounting_zuite_preference.changeOwnership(
+      getSecurityManager().getUser(),
+      True,
+    )
+
    # create some functions
    function = self.portal.portal_categories.function
    if function._getOb('a', None) is None:

--- a/bt5/erp5_accounting_renderjs_ui_test/TestTemplateItem/portal_components/test.erp5.testFunctionalRJSAccountingReport.py
+++ b/bt5/erp5_accounting_renderjs_ui_test/TestTemplateItem/portal_components/test.erp5.testFunctionalRJSAccountingReport.py
@@ -28,12 +28,21 @@
 ##############################################################################
 import unittest

+from AccessControl import getSecurityManager
 from Products.ERP5Type.tests.ERP5TypeFunctionalTestCase import ERP5TypeFunctionalTestCase

 class TestRenderJSAccountingReport(ERP5TypeFunctionalTestCase):
  foreground = 0
  run_only = "renderjs_ui_accounting_report_zuite"

+  def afterSetUp(self):
+    # change ownership of the preference
+    self.portal.portal_preferences.accounting_zuite_preference.changeOwnership(
+      getSecurityManager().getUser(),
+      True,
+    )
+    super(TestRenderJSAccountingReport, self).afterSetUp()
+
  def getBusinessTemplateList(self):
    return (
      'erp5_accounting_renderjs_ui_test',

--- a/bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testBusinessTemplate.py
+++ b/bt5/erp5_core_test/TestTemplateItem/portal_components/test.erp5.testBusinessTemplate.py
@@ -31,7 +31,6 @@ import unittest
 import logging
 from unittest import expectedFailure, skip

-from AccessControl import getSecurityManager
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
 from Acquisition import aq_base
 from App.config import getConfiguration
@@ -2335,7 +2334,7 @@ class BusinessTemplateMixin(ERP5TypeTestCase, LogInterceptor):
    # will be reset:
    expected_local_roles = {
      'ac': ['Manager'],
-      getSecurityManager().getUser().getId(): ['Owner'],
+      'System Processes': ['Owner'],
      'group_function': ['Auditor']
    }
    p = self.getPortal()

--- a/bt5/erp5_forge/TestTemplateItem/portal_components/test.erp5.testTemplateTool.py
+++ b/bt5/erp5_forge/TestTemplateItem/portal_components/test.erp5.testTemplateTool.py
@@ -837,6 +837,18 @@ class TestTemplateTool(ERP5TypeTestCase):
    erp5_test = self.portal.portal_skins['erp5_test']
    self.assertTrue(erp5_test.hasObject('test_file'))

+  def test_ownerhsip(self):
+    self.assertEqual(
+      self.portal.portal_skins.erp5_core.getOwnerTuple(),
+      ([self.portal.getId(), 'acl_users'], 'System Processes'),
+    )
+    bt = self.templates_tool.getInstalledBusinessTemplate("erp5_forge")
+    bt.reinstall(force=True)
+    self.commit()
+    self.assertEqual(
+      self.portal.portal_skins.erp5_forge.getOwnerTuple(),
+      ([self.portal.getId(), 'acl_users'], 'System Processes'),
+    )

 def test_suite():
  suite = unittest.TestSuite()

--- a/product/ERP5/Document/BusinessTemplate.py
+++ b/product/ERP5/Document/BusinessTemplate.py
@@ -33,14 +33,18 @@ from Shared.DC.ZRDB import Aqueduct
 from Shared.DC.ZRDB.Connection import Connection as RDBConnection
 from Products.ERP5Type.Globals import Persistent, PersistentMapping
 from Acquisition import Implicit, aq_base, aq_inner, aq_parent
-from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
+from AccessControl import ClassSecurityInfo, Unauthorized
 from AccessControl.SecurityInfo import ModuleSecurityInfo
+from AccessControl.SecurityManagement import getSecurityManager, \
+  newSecurityManager, setSecurityManager
+from AccessControl.User import nobody
 from Products.CMFCore.utils import getToolByName
 from Products.PythonScripts.PythonScript import PythonScript
 from Products.ZSQLMethods.SQL import SQL
 from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
 from Products.ERP5Type.Cache import transactional_cached
 from Products.ERP5Type.Message import translateString
+from Products.ERP5Type.UnrestrictedMethod import super_user
 from Products.ERP5Type.Utils import readLocalDocument, \
                                    writeLocalDocument, \
                                    importLocalDocument, \
@@ -5539,10 +5543,20 @@ Business Template is a set of definitions, such as skins, portal types and categ
      site.portal_caches.clearAllCache()

    security.declareProtected(Permissions.ManagePortal, 'install')
-    install = _install
+    def install(self, *args, **kw):
+      # switch to nobody temporarily so that unrestricted _install
+      # is always invoked by system user.
+      sm = getSecurityManager()
+      newSecurityManager(None, nobody)
+      try:
+        with super_user():
+          return self._install(*args, **kw)
+      finally:
+        # Restore the original user.
+        setSecurityManager(sm)

    security.declareProtected(Permissions.ManagePortal, 'reinstall')
-    reinstall = _install
+    reinstall = install

    security.declareProtected(Permissions.ManagePortal, 'trash')
    def trash(self, new_bt, **kw):

--- a/product/ERP5Type/tests/testFunctionalCore.py
+++ b/product/ERP5Type/tests/testFunctionalCore.py
@@ -29,12 +29,23 @@

 import unittest

+from AccessControl import getSecurityManager
 from Products.ERP5Type.tests.ERP5TypeFunctionalTestCase import \
        ERP5TypeFunctionalTestCase

 class TestZeleniumCore(ERP5TypeFunctionalTestCase):
    foreground = 0

+    def afterSetUp(self):
+        # change ownership of the preference
+        pref = self.portal.portal_preferences._getOb(
+            'accounting_zuite_preference',
+            None,
+        )
+        if pref is not None:
+            pref.changeOwnership(getSecurityManager().getUser(), True)
+        super(TestZeleniumCore, self).afterSetUp()
+
    def getBusinessTemplateList(self):
        """
          Return the list of business templates.