Commit 3b1eb041 authored by Arnaud Fontaine's avatar Arnaud Fontaine

ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.

parent 1f9debe6
...@@ -69,9 +69,7 @@ ...@@ -69,9 +69,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -65,9 +65,7 @@ ...@@ -65,9 +65,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -65,9 +65,7 @@ ...@@ -65,9 +65,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
2013-07-09 arnaud.fontaine
* ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.
2013-07-04 arnaud.fontaine 2013-07-04 arnaud.fontaine
* ZODB Components: Version was not displayed properly in Component view. * ZODB Components: Version was not displayed properly in Component view.
......
41115 41116
\ No newline at end of file \ No newline at end of file
...@@ -1348,26 +1348,75 @@ class _TestZodbComponent(SecurityTestCase): ...@@ -1348,26 +1348,75 @@ class _TestZodbComponent(SecurityTestCase):
The new Component should only be in erp5.component.XXX when validated, The new Component should only be in erp5.component.XXX when validated,
otherwise it should not be importable at all otherwise it should not be importable at all
""" """
uf = self.portal.acl_users
if not uf.getUser('ERP5TypeTestCase_NonDeveloper'):
uf._doAddUser('ERP5TypeTestCase_NonDeveloper',
'', ['Manager', 'Member', 'Assignee',
'Assignor', 'Author', 'Auditor', 'Associate'], [])
test_component = self._newComponent( test_component = self._newComponent(
'TestValidateInvalidateComponent', 'TestValidateInvalidateComponent',
'def foobar(*args, **kwargs):\n return "ValidateInvalidate"') 'def foobar(*args, **kwargs):\n return "ValidateInvalidate"')
test_component.validate() self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
'validate_action',
test_component)
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
'invalidate_action',
test_component)
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from Products.CMFCore.WorkflowCore import WorkflowException
sm = getSecurityManager()
try:
self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
finally:
setSecurityManager(sm)
self.failIfModuleImportable('TestValidateInvalidateComponent')
self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
self.tic() self.tic()
self.assertModuleImportable('TestValidateInvalidateComponent') self.assertModuleImportable('TestValidateInvalidateComponent')
test_component.invalidate()
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
'invalidate_action',
test_component)
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
'validate_action',
test_component)
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
test_component.validate() self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
self.tic() self.tic()
self.assertModuleImportable('TestValidateInvalidateComponent') self.assertModuleImportable('TestValidateInvalidateComponent')
test_component.invalidate() self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
sm = getSecurityManager()
try:
self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
finally:
setSecurityManager(sm)
self.portal.portal_workflow.doActionFor(test_component, 'delete_action') self.portal.portal_workflow.doActionFor(test_component, 'delete_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment