Commit 9371393b authored by Jérome Perrin's avatar Jérome Perrin

SecurityTestCase: fix username / user_id confusion

Theses methods have always been using user_id, but where written at
a time where there was not such disctinction
parent 913e0ba7
Pipeline #19846 failed with stage
in 0 seconds
...@@ -56,11 +56,11 @@ class AssertPermissionMethod(object): ...@@ -56,11 +56,11 @@ class AssertPermissionMethod(object):
self._instance = instance self._instance = instance
return self return self
def __call__(self, username, document): def __call__(self, user_id, document):
# type: (str, Base) -> None # type: (str, Base) -> None
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._instance._loginAsUser(username) self._instance._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
if not user.has_permission(self._permission_name, document): if not user.has_permission(self._permission_name, document):
groups = [] groups = []
...@@ -70,7 +70,7 @@ class AssertPermissionMethod(object): ...@@ -70,7 +70,7 @@ class AssertPermissionMethod(object):
'User %s does NOT have %s permission on %s %s (user roles: [%s], ' 'User %s does NOT have %s permission on %s %s (user roles: [%s], '
'roles needed: [%s], existing local roles:\n%s\n' 'roles needed: [%s], existing local roles:\n%s\n'
'your user groups: [%s])' % 'your user groups: [%s])' %
(username, self._permission_name, document.getPortalTypeName(), (user_id, self._permission_name, document.getPortalTypeName(),
document, ', '.join(user.getRolesInContext(document)), document, ', '.join(user.getRolesInContext(document)),
', '.join([x['name'] for x in ', '.join([x['name'] for x in
document.rolesOfPermission(self._permission_name) document.rolesOfPermission(self._permission_name)
...@@ -93,16 +93,16 @@ class AssertNoPermissionMethod(object): ...@@ -93,16 +93,16 @@ class AssertNoPermissionMethod(object):
self._instance = instance self._instance = instance
return self return self
def __call__(self, username, document): def __call__(self, user_id, document):
# type: (str, Base) -> None # type: (str, Base) -> None
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._instance._loginAsUser(username) self._instance._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
if user.has_permission(self._permission_name, document): if user.has_permission(self._permission_name, document):
self._instance.fail( self._instance.fail(
'User %s has %s permission on %s %s (roles: [%s])' % 'User %s has %s permission on %s %s (roles: [%s])' %
(username, self._permission_name, document.getPortalTypeName(), (user_id, self._permission_name, document.getPortalTypeName(),
document, ', '.join(user.getRolesInContext(document)))) document, ', '.join(user.getRolesInContext(document))))
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
...@@ -124,16 +124,16 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -124,16 +124,16 @@ class SecurityTestCase(ERP5TypeTestCase):
self.portal.portal_caches.clearAllCache() self.portal.portal_caches.clearAllCache()
super(SecurityTestCase, self).tearDown() super(SecurityTestCase, self).tearDown()
def _loginAsUser(self, username): def _loginAsUser(self, user_id):
"""Login as a given username. The user must exist. """Login as a given user_id. The user must exist.
In case Username is None, we consider test as Anonymous. In case user_id is None, we consider test as Anonymous.
""" """
if username is None: if user_id is None:
newSecurityManager(None, SpecialUsers.nobody) newSecurityManager(None, SpecialUsers.nobody)
else: else:
uf = self.portal.acl_users uf = self.portal.acl_users
user = uf.getUserById(username) user = uf.getUserById(user_id)
self.assertNotEquals(user, None, 'No user %s' % username) self.assertNotEquals(user, None, 'No user %s' % user_id)
newSecurityManager(None, user.__of__(uf)) newSecurityManager(None, user.__of__(uf))
# Permission methods # Permission methods
...@@ -150,14 +150,14 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -150,14 +150,14 @@ class SecurityTestCase(ERP5TypeTestCase):
failIfUserCanDeleteDocument = assertUserCanNotDeleteDocument = AssertNoPermissionMethod( failIfUserCanDeleteDocument = assertUserCanNotDeleteDocument = AssertNoPermissionMethod(
Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None] Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None]
def failIfUserHavePermissionOnDocument(self, permission_name, username, document): def failIfUserHavePermissionOnDocument(self, permission_name, user_id, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fail If the user have a permission on document. """Fail If the user have a permission on document.
XXX why isn't it a method object ? XXX why isn't it a method object ?
""" """
method = AssertNoPermissionMethod(permission_name) method = AssertNoPermissionMethod(permission_name)
method._instance = self method._instance = self
return method(username, document) return method(user_id, document)
failUnlessUserCanViewDocument = assertUserCanViewDocument =\ failUnlessUserCanViewDocument = assertUserCanViewDocument =\
AssertPermissionMethod(Permissions.View) # type: Callable[[SecurityTestCase, str, Base], None] AssertPermissionMethod(Permissions.View) # type: Callable[[SecurityTestCase, str, Base], None]
...@@ -172,41 +172,41 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -172,41 +172,41 @@ class SecurityTestCase(ERP5TypeTestCase):
failUnlessUserCanDeleteDocument = assertUserCanDeleteDocument =\ failUnlessUserCanDeleteDocument = assertUserCanDeleteDocument =\
AssertPermissionMethod(Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None] AssertPermissionMethod(Permissions.DeleteObjects) # type: Callable[[SecurityTestCase, str, Base], None]
def failUnlessUserHavePermissionOnDocument(self, permission_name, username, document): def failUnlessUserHavePermissionOnDocument(self, permission_name, user_id, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fail Unless the user have a permission on document.""" """Fail Unless the user have a permission on document."""
method = AssertPermissionMethod(permission_name) method = AssertPermissionMethod(permission_name)
method._instance = self method._instance = self
return method(username, document) return method(user_id, document)
assertUserHavePermissionOnDocument = failUnlessUserHavePermissionOnDocument assertUserHavePermissionOnDocument = failUnlessUserHavePermissionOnDocument
# Workflow Transition Methods # Workflow Transition Methods
def failIfUserCanPassWorkflowTransition(self, username, transition, document): def failIfUserCanPassWorkflowTransition(self, user_id, transition, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fails if the user can pass the workflow transition on the document.""" """Fails if the user can pass the workflow transition on the document."""
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
valid_transition_list =[ai['id'] for ai in valid_transition_list =[ai['id'] for ai in
self.workflow_tool.listActions(object=document) if self.workflow_tool.listActions(object=document) if
ai['category'] == 'workflow'] ai['category'] == 'workflow']
if transition in valid_transition_list: if transition in valid_transition_list:
self.fail('User %s can pass %s transition on %s %s. Roles: [%s]' % ( self.fail('User %s can pass %s transition on %s %s. Roles: [%s]' % (
username, transition, document.getPortalTypeName(), document, user_id, transition, document.getPortalTypeName(), document,
", ".join(user.getRolesInContext(document)))) ", ".join(user.getRolesInContext(document))))
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
assertUserCanNotPassWorkflowTransition = failIfUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None] assertUserCanNotPassWorkflowTransition = failIfUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None]
def failUnlessUserCanPassWorkflowTransition(self, username, def failUnlessUserCanPassWorkflowTransition(self, user_id,
transition, document): transition, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fails unless the user can pass the workflow transition on the document.""" """Fails unless the user can pass the workflow transition on the document."""
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
valid_transition_list =[ai['id'] for ai in valid_transition_list =[ai['id'] for ai in
self.workflow_tool.listActions(object=document) if self.workflow_tool.listActions(object=document) if
...@@ -244,7 +244,7 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -244,7 +244,7 @@ class SecurityTestCase(ERP5TypeTestCase):
", ".join(workflow_states_description)) ", ".join(workflow_states_description))
self.fail('User %s can NOT pass %s transition on %s.\n ' self.fail('User %s can NOT pass %s transition on %s.\n '
'Roles: [%s]\n Available transitions:\n\t%s' % ( username, 'Roles: [%s]\n Available transitions:\n\t%s' % ( user_id,
transition, document_description, transition, document_description,
", ".join(user.getRolesInContext(document)), ", ".join(user.getRolesInContext(document)),
"\n\t".join(workflow_transitions_description))) "\n\t".join(workflow_transitions_description)))
...@@ -253,13 +253,13 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -253,13 +253,13 @@ class SecurityTestCase(ERP5TypeTestCase):
assertUserCanPassWorkflowTransition = failUnlessUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None] assertUserCanPassWorkflowTransition = failUnlessUserCanPassWorkflowTransition # type: Callable[[SecurityTestCase, str, str, Base], None]
def assertUserHasWorklist(self, username, worklist_id, document_count): def assertUserHasWorklist(self, user_id, worklist_id, document_count):
# type: (str, str, int) -> None # type: (str, str, int) -> None
self.portal.portal_workflow.refreshWorklistCache() self.portal.portal_workflow.refreshWorklistCache()
self.portal.portal_caches.clearAllCache() self.portal.portal_caches.clearAllCache()
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
global_action_list = [x for x in global_action_list = [x for x in
self.portal.portal_workflow.listActions(object=self.portal) self.portal.portal_workflow.listActions(object=self.portal)
if x['category'] == 'global'] if x['category'] == 'global']
...@@ -267,55 +267,55 @@ class SecurityTestCase(ERP5TypeTestCase): ...@@ -267,55 +267,55 @@ class SecurityTestCase(ERP5TypeTestCase):
if x['worklist_id'] == worklist_id] if x['worklist_id'] == worklist_id]
if not(worklist_action_list): if not(worklist_action_list):
self.fail("User %s does not have worklist %s.\nWorklists: %s" % ( self.fail("User %s does not have worklist %s.\nWorklists: %s" % (
username, worklist_id, pformat(global_action_list))) user_id, worklist_id, pformat(global_action_list)))
worklist_action, = worklist_action_list worklist_action, = worklist_action_list
self.assertEquals(document_count, worklist_action['count'], self.assertEquals(document_count, worklist_action['count'],
"User %s has %s documents in her %s worklist, not %s" % ( "User %s has %s documents in her %s worklist, not %s" % (
username, worklist_action['count'], worklist_id, document_count)) user_id, worklist_action['count'], worklist_id, document_count))
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
def assertUserHasNoWorklist(self, username, worklist_id): def assertUserHasNoWorklist(self, user_id, worklist_id):
# type: (str, str) -> None # type: (str, str) -> None
self.portal.portal_workflow.refreshWorklistCache() self.portal.portal_workflow.refreshWorklistCache()
self.portal.portal_caches.clearAllCache() self.portal.portal_caches.clearAllCache()
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
worklist_action_list = [x for x in worklist_action_list = [x for x in
self.portal.portal_workflow.listActions(object=self.portal) self.portal.portal_workflow.listActions(object=self.portal)
if x['category'] == 'global' and x['worklist_id'] == worklist_id] if x['category'] == 'global' and x['worklist_id'] == worklist_id]
if worklist_action_list: if worklist_action_list:
self.fail("User %s has worklist %s: %s" % (username, worklist_id, pformat(worklist_action_list))) self.fail("User %s has worklist %s: %s" % (user_id, worklist_id, pformat(worklist_action_list)))
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
# Simple check for an user Role # Simple check for an user Role
def failIfUserHaveRoleOnDocument(self, username, role, document): def failIfUserHaveRoleOnDocument(self, user_id, role, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fails if the user have the role on the document.""" """Fails if the user have the role on the document."""
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
if role in user.getRolesInContext(document): if role in user.getRolesInContext(document):
self.fail('User %s have %s role on %s at %s' % ( self.fail('User %s have %s role on %s at %s' % (
username, role, document.getPortalType(), document.getRelativeUrl())) user_id, role, document.getPortalType(), document.getRelativeUrl()))
finally: finally:
setSecurityManager(sm) setSecurityManager(sm)
assertUserDoesNotHaveRoleOnDocument = failIfUserHaveRoleOnDocument # type: Callable[[SecurityTestCase, str, str, Base], None] assertUserDoesNotHaveRoleOnDocument = failIfUserHaveRoleOnDocument # type: Callable[[SecurityTestCase, str, str, Base], None]
def failUnlessUserHaveRoleOnDocument(self, username, role, document): def failUnlessUserHaveRoleOnDocument(self, user_id, role, document):
# type: (str, str, Base) -> None # type: (str, str, Base) -> None
"""Fails if the user does not have the role on the document.""" """Fails if the user does not have the role on the document."""
sm = getSecurityManager() sm = getSecurityManager()
try: try:
self._loginAsUser(username) self._loginAsUser(user_id)
user = getSecurityManager().getUser() user = getSecurityManager().getUser()
if role not in user.getRolesInContext(document): if role not in user.getRolesInContext(document):
self.fail('User %s does not have %s role on %s at %s ' self.fail('User %s does not have %s role on %s at %s '
'(user roles: %s)' % ( username, role, '(user roles: %s)' % ( user_id, role,
document.getPortalType(), document.getRelativeUrl(), document.getPortalType(), document.getRelativeUrl(),
user.getRolesInContext(document))) user.getRolesInContext(document)))
finally: finally:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment