Commit 9371393b authored by Jérome Perrin's avatar Jérome Perrin

SecurityTestCase: fix username / user_id confusion

Theses methods have always been using user_id, but where written at
a time where there was not such disctinction
parent 913e0ba7
Pipeline #19846 failed with stage
in 0 seconds
......@@ -56,11 +56,11 @@ class AssertPermissionMethod(object):
self._instance = instance
return self
def __call__(self, username, document):
def __call__(self, user_id, document):
# type: (str, Base) -> None
sm = getSecurityManager()
try:
self._instance._loginAsUser(username)
self._instance._loginAsUser(user_id)
user = getSecurityManager().getUser()
if not user.has_permission(self._permission_name, document):
groups = []
......@@ -70,7 +70,7 @@ class AssertPermissionMethod(object):
'User %s does NOT have %s permission on %s %s (user roles: [%s], '
'roles needed: [%s], existing local roles:\n%s\n'
'your user groups: [%s])' %
(username, self._permission_name, document.getPortalTypeName(),
(user_id, self._permission_name, document.getPortalTypeName(),
document, ', '.join(user.getRolesInContext(document)),
', '.join([x['name'] for x in
document.rolesOfPermission(self._permission_name)
......@@ -93,16 +93,16 @@ class AssertNoPermissionMethod(object):
self._instance = instance
return self
def __call__(self, username, document):
def __call__(self, user_id, document):
# type: (str, Base) -> None
sm = getSecurityManager()
try:
self._instance._loginAsUser(username)
self._instance._loginAsUser(user_id)
user = getSecurityManager().getUser()
if user.has_permission(self._permission_name, document):
self._instance.fail(
'User %s has %s permission on %s %s (roles: [%s])' %
(username, self._permission_name, document.getPortalTypeName(),
(user_id, self._permission_name, document.getPortalTypeName(),
document, ', '.join(user.getRolesInContext(document))))
finally:
setSecurityManager(sm)
......@@ -124,16 +124,16 @@ class SecurityTestCase(ERP5TypeTestCase):
self.portal.portal_caches.clearAllCache()
super(SecurityTestCase, self).tearDown()
def _loginAsUser(self, username):
"""Login as a given username. The user must exist.
In case Username is None, we consider test as Anonymous.
def _loginAsUser(self, user_id):
"""Login as a given user_id. The user must exist.
In case user_id is None, we consider test as Anonymous.
"""
if username is None:
if user_id is None:
newSecurityManager(None, SpecialUsers.nobody)
else:
uf = self.portal.acl_users
user = uf.getUserById(username)
self.assertNotEquals(user, None, 'No user %s' % username)
user = uf.getUserById(user_id)
self.assertNotEquals(user, None, 'No user %s' % user_id)
newSecurityManager(None, user.__of__(uf))
# Permission methods
......@@ -150,14 +150,14 @@ class SecurityTestCase(ERP5TypeTestCase):
failIfUserCanDeleteDocument = assertUserCanNotDeleteDocument = AssertNoPermissionMethod(
Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None]
def failIfUserHavePermissionOnDocument(self, permission_name, username, document):
def failIfUserHavePermissionOnDocument(self, permission_name, user_id, document):
# type: (str, str, Base) -> None
"""Fail If the user have a permission on document.
XXX why isn't it a method object ?
"""
method = AssertNoPermissionMethod(permission_name)
method._instance = self
return method(username, document)
return method(user_id, document)
failUnlessUserCanViewDocument = assertUserCanViewDocument =\
AssertPermissionMethod(Permissions.View) # type: Callable[[SecurityTestCase, str, Base], None]
......@@ -172,41 +172,41 @@ class SecurityTestCase(ERP5TypeTestCase):
failUnlessUserCanDeleteDocument = assertUserCanDeleteDocument =\
AssertPermissionMethod(Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None]
def failUnlessUserHavePermissionOnDocument(self, permission_name, username, document):
def failUnlessUserHavePermissionOnDocument(self, permission_name, user_id, document):
# type: (str, str, Base) -> None
"""Fail Unless the user have a permission on document."""
method = AssertPermissionMethod(permission_name)
method._instance = self
return method(username, document)
return method(user_id, document)
assertUserHavePermissionOnDocument = failUnlessUserHavePermissionOnDocument
# Workflow Transition Methods
def failIfUserCanPassWorkflowTransition(self, username, transition, document):
def failIfUserCanPassWorkflowTransition(self, user_id, transition, document):
# type: (str, str, Base) -> None
"""Fails if the user can pass the workflow transition on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
user = getSecurityManager().getUser()
valid_transition_list =[ai['id'] for ai in
self.workflow_tool.listActions(object=document) if
ai['category'] == 'workflow']
if transition in valid_transition_list:
self.fail('User %s can pass %s transition on %s %s. Roles: [%s]' % (
username, transition, document.getPortalTypeName(), document,
user_id, transition, document.getPortalTypeName(), document,
", ".join(user.getRolesInContext(document))))
finally:
setSecurityManager(sm)
assertUserCanNotPassWorkflowTransition = failIfUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None]
def failUnlessUserCanPassWorkflowTransition(self, username,
def failUnlessUserCanPassWorkflowTransition(self, user_id,
transition, document):
# type: (str, str, Base) -> None
"""Fails unless the user can pass the workflow transition on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
user = getSecurityManager().getUser()
valid_transition_list =[ai['id'] for ai in
self.workflow_tool.listActions(object=document) if
......@@ -244,7 +244,7 @@ class SecurityTestCase(ERP5TypeTestCase):
", ".join(workflow_states_description))
self.fail('User %s can NOT pass %s transition on %s.\n '
'Roles: [%s]\n Available transitions:\n\t%s' % ( username,
'Roles: [%s]\n Available transitions:\n\t%s' % ( user_id,
transition, document_description,
", ".join(user.getRolesInContext(document)),
"\n\t".join(workflow_transitions_description)))
......@@ -253,13 +253,13 @@ class SecurityTestCase(ERP5TypeTestCase):
assertUserCanPassWorkflowTransition = failUnlessUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None]
def assertUserHasWorklist(self, username, worklist_id, document_count):
def assertUserHasWorklist(self, user_id, worklist_id, document_count):
# type: (str, str, int) -> None
self.portal.portal_workflow.refreshWorklistCache()
self.portal.portal_caches.clearAllCache()
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
global_action_list = [x for x in
self.portal.portal_workflow.listActions(object=self.portal)
if x['category'] == 'global']
......@@ -267,55 +267,55 @@ class SecurityTestCase(ERP5TypeTestCase):
if x['worklist_id'] == worklist_id]
if not(worklist_action_list):
self.fail("User %s does not have worklist %s.\nWorklists: %s" % (
username, worklist_id, pformat(global_action_list)))
user_id, worklist_id, pformat(global_action_list)))
worklist_action, = worklist_action_list
self.assertEquals(document_count, worklist_action['count'],
"User %s has %s documents in her %s worklist, not %s" % (
username, worklist_action['count'], worklist_id, document_count))
user_id, worklist_action['count'], worklist_id, document_count))
finally:
setSecurityManager(sm)
def assertUserHasNoWorklist(self, username, worklist_id):
def assertUserHasNoWorklist(self, user_id, worklist_id):
# type: (str, str) -> None
self.portal.portal_workflow.refreshWorklistCache()
self.portal.portal_caches.clearAllCache()
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
worklist_action_list = [x for x in
self.portal.portal_workflow.listActions(object=self.portal)
if x['category'] == 'global' and x['worklist_id'] == worklist_id]
if worklist_action_list:
self.fail("User %s has worklist %s: %s" % (username, worklist_id, pformat(worklist_action_list)))
self.fail("User %s has worklist %s: %s" % (user_id, worklist_id, pformat(worklist_action_list)))
finally:
setSecurityManager(sm)
# Simple check for an user Role
def failIfUserHaveRoleOnDocument(self, username, role, document):
def failIfUserHaveRoleOnDocument(self, user_id, role, document):
# type: (str, str, Base) -> None
"""Fails if the user have the role on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
user = getSecurityManager().getUser()
if role in user.getRolesInContext(document):
self.fail('User %s have %s role on %s at %s' % (
username, role, document.getPortalType(), document.getRelativeUrl()))
user_id, role, document.getPortalType(), document.getRelativeUrl()))
finally:
setSecurityManager(sm)
assertUserDoesNotHaveRoleOnDocument = failIfUserHaveRoleOnDocument # type: Callable[[SecurityTestCase, str, str, Base], None]
def failUnlessUserHaveRoleOnDocument(self, username, role, document):
def failUnlessUserHaveRoleOnDocument(self, user_id, role, document):
# type: (str, str, Base) -> None
"""Fails if the user does not have the role on the document."""
sm = getSecurityManager()
try:
self._loginAsUser(username)
self._loginAsUser(user_id)
user = getSecurityManager().getUser()
if role not in user.getRolesInContext(document):
self.fail('User %s does not have %s role on %s at %s '
'(user roles: %s)' % ( username, role,
'(user roles: %s)' % ( user_id, role,
document.getPortalType(), document.getRelativeUrl(),
user.getRolesInContext(document)))
finally:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment