testSecurity: adjust test_workflow_transition_protection

Only "user action" methods needs a security declaration.

testSecurity: adjust test_workflow_transition_protection
Only "user action" methods needs a security declaration.
f932c89f · Jérome Perrin · 007de00c · f932c89f
Commit f932c89f authored Jan 23, 2020 by Jérome Perrin
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

product/ERP5/tests/testSecurity.py product/ERP5/tests/testSecurity.py +3 -2

No files found.
--- a/product/ERP5/tests/testSecurity.py
+++ b/product/ERP5/tests/testSecurity.py
@@ -31,6 +31,7 @@ import unittest
 from types import MethodType
 from Acquisition import aq_base
 from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
+from Products.ERP5Type.Core.WorkflowTransition import TRIGGER_USER_ACTION
 # You can invoke security tests in your favourite collection of business templates
 # by using TestSecurityMixin like the following :
@@ -121,8 +122,8 @@ class TestSecurityMixin(ERP5TypeTestCase):
      if wf.__class__.__name__ in ['InteractionWorkflowDefinition', 'Interaction Workflow']:
        continue
      for transition in wf.getTransitionValueList():
-        if transition.getTriggerType() == 0:
+        if transition.getTriggerType() != TRIGGER_USER_ACTION:
-          # Automatic transition without guard is safe
+          # Only user action workflow transitions needs a security definition.
          continue
        if not transition.isGuarded():
          error_list.append('%s/transitions/%s' % (wf.getId(), transition.getId()))