Check that only manager has access to the tool.

Tool is provided by erp5 bt5.

master/bt5/slapos_erp5/TestTemplateItem/testSlapOSERP5GroupRoleSecurity.py

@@ -22,11 +22,20 @@ class TestSlapOSGroupRoleSecurityMixin(testSlapOSMixin):
     return [x['name'] for x in context.permissionsOfRole(role) \
           if x['selected'] == 'SELECTED']
 
+  def _acquirePermissions(self, context):
+    return [x['name'] for x in context.permission_settings() \
+          if x['acquire'] == 'CHECKED']
+
   def assertPermissionsOfRole(self, context, role, permission_list):
     self.assertSameSet(
       permission_list,
       self._permissionsOfRole(context, role))
 
+  def assertAcquiredPermissions(self, context, permission_list):
+    self.assertSameSet(
+      permission_list,
+      self._acquirePermissions(context))
+
   def assertSecurityGroup(self, context, security_group_list, acquired):
     self.assertEquals(acquired, context._getAcquireLocalRoles())
     self.assertSameSet(
@@ -1468,3 +1477,19 @@ class TestPayzenEvent(TestSlapOSGroupRoleSecurityMixin):
     self.assertRoles(product, 'G-COMPANY', ['Assignor'])
     self.assertRoles(product, shadow_reference, ['Assignee'])
     self.assertRoles(product, self.user_id, ['Owner'])
+
+class TestSecurePaymentTool(TestSlapOSGroupRoleSecurityMixin):
+  def test_no_permissions_for_users(self):
+    tool = self.portal.portal_secure_payments
+    self.assertPermissionsOfRole(tool, 'Anonymous', [])
+    self.assertPermissionsOfRole(tool, 'Assignee', [])
+    self.assertPermissionsOfRole(tool, 'Assignor', [])
+    self.assertPermissionsOfRole(tool, 'Associate', [])
+    self.assertPermissionsOfRole(tool, 'Auditor', [])
+    self.assertPermissionsOfRole(tool, 'Authenticated', [])
+    self.assertPermissionsOfRole(tool, 'Author', [])
+    self.assertPermissionsOfRole(tool, 'Member', [])
+    self.assertPermissionsOfRole(tool, 'Owner', [])
+    self.assertPermissionsOfRole(tool, 'Reviewer', [])
+
+    self.assertAcquiredPermissions(tool, [])

master/bt5/slapos_erp5/bt/revision

-149
\ No newline at end of file
+150
\ No newline at end of file

master/bt5/slapos_payzen/ToolTemplateItem/portal_secure_payments.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Secure Payment Tool" module="erp5.portal_type"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_count</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>_mt_index</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>_tree</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>portal_secure_payments</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="2" aka="AAAAAAAAAAI=">
-    <pickle>
-      <global name="Length" module="BTrees.Length"/>
-    </pickle>
-    <pickle> <int>0</int> </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
-    <pickle>
-      <global name="OOBTree" module="BTrees.OOBTree"/>
-    </pickle>
-    <pickle>
-      <none/>
-    </pickle>
-  </record>
-  <record id="4" aka="AAAAAAAAAAQ=">
-    <pickle>
-      <global name="OOBTree" module="BTrees.OOBTree"/>
-    </pickle>
-    <pickle>
-      <none/>
-    </pickle>
-  </record>
-</ZopeData>

master/bt5/slapos_payzen/bt/revision

-93
\ No newline at end of file
+94
\ No newline at end of file

master/bt5/slapos_payzen/bt/template_tool_id_list

-portal_secure_payments
\ No newline at end of file