testERP5Security.py 13.1 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
##############################################################################
#
# Copyright (c) 2004 Nexedi SARL and Contributors. All Rights Reserved.
#                                    Jerome Perrin <jerome@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################

"""Tests ERP5 User Management.
"""
import os, sys
if __name__ == '__main__':
  execfile(os.path.join(sys.path[0], 'framework.py'))

# Needed in order to have a log file inside the current folder
os.environ['EVENT_LOG_FILE'] = os.path.join(os.getcwd(), 'zLOG.log')
os.environ['EVENT_LOG_SEVERITY'] = '-300'

39 40
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase,\
                                                     get_request
41
from AccessControl.SecurityManagement import newSecurityManager
42
from AccessControl.SecurityManagement import getSecurityManager
43
from zLOG import LOG
44
from Products.ERP5Type.Cache import clearCache
45
from Products.PluggableAuthService import PluggableAuthService
46
try:
47
  from Interface.Verify import verifyClass
48
except ImportError:
49
  from zope.interface.verify import verifyClass
50

51 52 53
class TestUserManagement(ERP5TypeTestCase):
  """Tests User Management in ERP5Security.
  """
54 55 56 57 58
 
  RUN_ALL_TESTS = 1
  
  def getTitle(self):
    """Title of the test."""
59
    return "ERP5Security: User Management"
60 61 62 63 64
  
  def getBusinessTemplateList(self):
    """List of BT to install. """
    return ('erp5_base',)
  
65 66 67 68 69 70 71 72
  def beforeTearDown(self):
    """Clears person module and invalidate caches when tests are finished."""
    clearCache()
    self.getPersonModule().manage_delObjects([x for x in
                             self.getPersonModule().objectIds()])
    get_transaction().commit()
    self.tic()
  
73
  def login(self, quiet=0, run=1):
74
    uf = self.getUserFolder()
75 76 77 78
    uf._doAddUser('alex', '', ['Manager', 'Assignee', 'Assignor',
                               'Associate', 'Auditor', 'Author'], [])
    user = uf.getUserById('alex').__of__(uf)
    newSecurityManager(None, user)
79 80 81 82 83

  def getUserFolder(self):
    """Returns the acl_users. """
    return self.getPortal().acl_users

84
  def test_GroupManagerInterfaces(self, run=RUN_ALL_TESTS):
85
    """Tests group manager plugin respects interfaces."""
86 87
    if not run:
      return
88 89 90 91 92
    from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
    from Products.ERP5Security.ERP5GroupManager import ERP5GroupManager
    verifyClass(IGroupsPlugin, ERP5GroupManager)

  def test_UserManagerInterfaces(self, run=RUN_ALL_TESTS):
93
    """Tests user manager plugin respects interfaces."""
94 95 96 97 98 99 100 101 102
    if not run:
      return
    from Products.PluggableAuthService.interfaces.plugins import\
                IAuthenticationPlugin, IUserEnumerationPlugin
    from Products.ERP5Security.ERP5UserManager import ERP5UserManager
    verifyClass(IAuthenticationPlugin, ERP5UserManager)
    verifyClass(IUserEnumerationPlugin, ERP5UserManager)

  def test_RolesManagerInterfaces(self, run=RUN_ALL_TESTS):
103
    """Tests group manager plugin respects interfaces."""
104 105 106 107 108
    if not run:
      return
    from Products.PluggableAuthService.interfaces.plugins import IRolesPlugin
    from Products.ERP5Security.ERP5RoleManager import ERP5RoleManager
    verifyClass(IRolesPlugin, ERP5RoleManager)
109 110 111 112 113

  def test_UserFolder(self, run=RUN_ALL_TESTS):
    """Tests user folder has correct meta type."""
    if not run:
      return
114
    self.failUnless(isinstance(self.getUserFolder(),
115 116
        PluggableAuthService.PluggableAuthService))

117 118 119
  def _makePerson(self, **kw):
    """Creates a person in person module, and returns the object, after
    indexing is done. """
120 121
    person_module = self.getPersonModule()
    new_person = person_module.newContent(
122
                     portal_type='Person', **kw)
123 124
    get_transaction().commit()
    self.tic()
125 126
    return new_person

127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177
  def _assertUserExists(self, login, password):
    """Checks that a user with login and password exists and can log in to the
    system.
    """
    from Products.PluggableAuthService.interfaces.plugins import\
                                                      IAuthenticationPlugin
    uf = self.getUserFolder()
    self.assertNotEquals(uf.getUserById(login, None), None)
    for plugin_name, plugin in uf._getOb('plugins').listPlugins(
                                IAuthenticationPlugin ):
      if plugin.authenticateCredentials(
                  {'login':login, 'password':password}) is not None:
        break
    else:
      self.fail("No plugin could authenticate '%s' with password '%s'" %
              (login, password))
  
  def _assertUserDoesNotExists(self, login, password):
    """Checks that a user with login and password does not exists and cannot
    log in to the system.
    """
    from Products.PluggableAuthService.interfaces.plugins import\
                                                        IAuthenticationPlugin
    uf = self.getUserFolder()
    for plugin_name, plugin in uf._getOb('plugins').listPlugins(
                              IAuthenticationPlugin ):
      if plugin.authenticateCredentials(
                {'login':login, 'password':password}) is not None:
        self.fail(
           "Plugin %s should not have authenticated '%s' with password '%s'" %
           (plugin_name, login, password))

  def test_PersonWithLoginPasswordAreUsers(self, run=RUN_ALL_TESTS):
    """Tests a person with a login & password is a valid user."""
    p = self._makePerson(reference='the_user', password='secret',
                        career_role='internal')
    self._assertUserExists('the_user', 'secret')
    
  def test_PersonWithLoginWithEmptyPasswordAreNotUsers(self, run=RUN_ALL_TESTS):
    """Tests a person with a login but no password is not a valid user."""
    self._makePerson(reference='the_user', career_role='internal')
    self._assertUserDoesNotExists('the_user', None)
    self._makePerson(reference='another_user', password='',
                     career_role='internal')
    self._assertUserDoesNotExists('another_user', '')
  
  def test_PersonWithEmptyLoginAreNotUsers(self, run=RUN_ALL_TESTS):
    """Tests a person with a login & password is a valid user."""
    self._makePerson(reference='', password='secret', career_role='internal')
    self._assertUserDoesNotExists('', 'secret')
  
178
  def test_PersonWithSuperUserLoginCannotBeCreated(self, run=RUN_ALL_TESTS):
179 180 181 182 183 184 185 186 187
    """Tests one cannot create person with the "super user" special login."""
    from Products.ERP5Security.ERP5UserManager import SUPER_USER
    self.assertRaises(RuntimeError, self._makePerson, reference=SUPER_USER)
  
  def test_PersonWithSuperUserLogin(self, run=RUN_ALL_TESTS):
    """Tests one cannot use the "super user" special login."""
    from Products.ERP5Security.ERP5UserManager import SUPER_USER
    self._assertUserDoesNotExists(SUPER_USER, '')

188 189 190 191
  def test_MultiplePersonReference(self, run=RUN_ALL_TESTS):
    """Tests that it's refused to create two Persons with same reference."""
    self._makePerson(reference='new_person')
    self.assertRaises(RuntimeError, self._makePerson, reference='new_person')
192

193 194 195 196 197 198 199 200
  def test_PersonCopyAndPaste(self, run=RUN_ALL_TESTS):
    """If we copy and paste a person, login must not be copyied."""
    person = self._makePerson(reference='new_person')
    person_module = self.getPersonModule()
    copy_data = person_module.manage_copyObjects([person.getId()])
    changed, = person_module.manage_pasteObjects(copy_data)
    self.assertNotEquals(person_module[changed['new_id']].getReference(),
                         person_module[changed['id']].getReference())
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
  
class TestLocalRoleManagement(ERP5TypeTestCase):
  """Tests Local Role Management with ERP5Security.

  This test should probably part of ERP5Type ?
  """
  def getTitle(self):
    return "ERP5Security: User Role Management"

  def afterSetUp(self):
    """Called after setup completed.
    """
    self.portal = self.getPortal()
    # configure group, site, function categories
    for bc in ['group', 'site', 'function']:
      base_cat = self.getCategoryTool()[bc]
      code = bc[0].upper()
      base_cat.newContent(portal_type='Category',
                          id='subcat',
                          codification="%s1" % code)
    self.defined_category = "group/subcat\n"\
                            "site/subcat\n"\
                            "function/subcat"
    # any member can add organisations
    self.portal.organisation_module.manage_permission(
            'Add portal content', roles=['Member', 'Manager'], acquire=1)

    self.username = 'username'
    # create a user and open an assignement
    pers = self.getPersonModule().newContent(portal_type='Person',
                                             career_role='internal',
                                             reference=self.username,
                                             password=self.username)
    assignment = pers.newContent( portal_type='Assignment',
                                  group='subcat',
                                  site='subcat',
                                  function='subcat' )
    assignment.open()
    get_transaction().commit()
    self.tic()
  
  def beforeTearDown(self):
    """Called before teardown."""
    # clear base categories
    for bc in ['group', 'site', 'function']:
      base_cat = self.getCategoryTool()[bc]
      base_cat.manage_delObjects([x for x in base_cat.objectIds()])
    # clear role definitions
    for ti in self.getTypesTool().objectValues(spec=('ERP5 Type Information',)):
      ti._roles = ()
    # clear modules
    for module in self.portal.objectValues(spec=('ERP5 Folder',)):
      module.manage_delObjects([x for x in module.objectIds()])
    # commit this
    get_transaction().commit()
    clearCache()

  def loginAsUser(self, username):
    uf = self.portal.acl_users
    user = uf.getUserById(username).__of__(uf)
    newSecurityManager(None, user)
  
  def _getTypeInfo(self):
    return self.getTypesTool()['Organisation']
  
  def _makeOne(self):
    return self.getOrganisationModule().newContent(portal_type='Organisation')
  
  def getBusinessTemplateList(self):
    """List of BT to install. """
    return ('erp5_base',)
  
  def testMemberRole(self):
    """Test users have the Member role.
    """
    self.loginAsUser(self.username)
    self.failUnless('Member' in
            getSecurityManager().getUser().getRolesInContext(self.portal))
    self.failUnless('Member' in
            getSecurityManager().getUser().getRoles())
281

282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322
  def testSimpleLocalRole(self):
    """Test simple case of setting a role.
    """
    ti = self._getTypeInfo()
    ti.addRole(id='Assignor', description='desc.',
           name='an Assignor role for testing',
           condition='',
           category=self.defined_category,
           base_category_script='ERP5Type_getSecurityCategoryFromAssignment',
           base_category='')
    obj = self._makeOne()
    self.assertEquals(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
    
    self.loginAsUser(self.username)
    self.failUnless('Assignor' in
            getSecurityManager().getUser().getRolesInContext(obj))
        
  def testDynamicLocalRole(self):
    """Test simple case of setting a dynamic role.
    The site category is not defined explictly the role, and will have the
    current site of the user.
    """
    return NotImplemented # FIXME: currently this test raises error
                           
    ti = self._getTypeInfo()
    ti.addRole(id='Assignor', description='desc.',
           name='an Assignor role for testing',
           condition='',
           category='group/subcat\nfunction/subcat',
           base_category_script='ERP5Type_getSecurityCategoryFromAssignment',
           base_category='site')
    
    self.loginAsUser(self.username)
    obj = self._makeOne()
    self.assertEquals(['Assignor'], obj.__ac_local_roles__.get('F1_G1_S1'))
    self.failUnless('Assignor' in
            getSecurityManager().getUser().getRolesInContext(obj))
  
  def testAcquireLocalRoles(self):
    return NotImplemented # TODO
    
323 324 325 326 327 328
if __name__ == '__main__':
  framework()
else:
  import unittest
  def test_suite():
    suite = unittest.TestSuite()
329 330
    suite.addTest(unittest.makeSuite(TestUserManagement))
    suite.addTest(unittest.makeSuite(TestLocalRoleManagement))
331 332
    return suite