Commit 20401527 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! erp5_dms: update document_publication_workflow permissions

parent 3df8074d
......@@ -28,6 +28,7 @@
import hashlib, httplib
from Products.ERP5Type.UnrestrictedMethod import super_user
def WebSection_getDocumentValue(self, key, portal=None, language=None,\
......@@ -105,7 +106,9 @@ def WebSite_viewAsWebPost(self, *args, **kwargs):
document = portal.portal_contributions.newContent(file=file,
filename='shacache', discover_metadata=False, reference=sha512sum,
content_type='application/octet-stream')
document.publish()
with super_user():
# security check should be done already.
document.publish()
self.REQUEST.RESPONSE.setStatus(httplib.CREATED)
return sha512sum
......
......@@ -30,6 +30,7 @@ import hashlib
import json
import validictory
from Products.ERP5Type.Document import newTempFile
from Products.ERP5Type.UnrestrictedMethod import super_user
def WebSection_getDocumentValue(self, key, portal=None, language=None,\
......@@ -99,7 +100,9 @@ def WebSection_setObject(self, id, ob, **kw):
if data_set is None:
data_set = portal.data_set_module.newContent(portal_type='Data Set',
reference=id)
data_set.publish()
with super_user():
# security check should be done already.
data_set.publish()
reference = hashlib.sha512(data).hexdigest()
......@@ -109,7 +112,9 @@ def WebSection_setObject(self, id, ob, **kw):
ob.setReference(reference)
if expiration_date is not None:
ob.setExpirationDate(expiration_date)
ob.publish()
with super_user():
# security check should be done already.
ob.publish()
return ob
def WebSection_putFactory(self, name, typ, body):
......
......@@ -65,6 +65,20 @@ return "%s/?key=%s" % (base_url, context.getReference())\n
<key> <string>_params</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Assignor</string>
</tuple>
</value>
</item>
<item>
<key> <string>guard</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>WebPage_shareDocument</string> </value>
......@@ -72,4 +86,23 @@ return "%s/?key=%s" % (base_url, context.getReference())\n
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="Guard" module="Products.DCWorkflow.Guard"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>roles</string> </key>
<value>
<tuple>
<string>Assignor</string>
<string>Auditor</string>
<string>Manager</string>
</tuple>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -129,18 +129,20 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase):
It also must check if document can be published alive.
"""
self.changeUser(self.lucas_user)
for module in ('image_module', 'document_module',):
module = getattr(self.portal, module)
for portal_type in module.getVisibleAllowedContentTypeList():
self.changeUser(self.lucas_user)
document = module.newContent(portal_type=portal_type)
document()
document.view()
self.login()
document.publishAlive()
self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published Alive',
document.getValidationStateTitle())
......@@ -181,6 +183,7 @@ class TestShaCacheSecurity(ShaCacheMixin, ShaSecurityMixin, SecurityTestCase):
self.changeUser(self.toto_user)
document = module.newContent(portal_type=portal_type)
self.login()
document.publishAlive()
self.tic()
......
......@@ -120,8 +120,10 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
data_set()
data_set.view()
self.login()
data_set.publish()
self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published', data_set.getValidationStateTitle())
self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', data_set)
......@@ -147,6 +149,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
data_set = self.portal.data_set_module.newContent(
portal_type='Data Set',
reference=self.key)
self.login()
data_set.publish()
self.tic()
......@@ -167,9 +170,11 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
document()
document.view()
self.login()
document.publishAlive()
self.tic()
self.changeUser(self.lucas_user)
self.assertEqual('Published Alive', document.getValidationStateTitle())
self.assertUserHaveRoleOnDocument(self.lucas_user, 'Auditor', document)
......@@ -191,6 +196,7 @@ class TestShaDirSecurity(ShaDirMixin, ShaSecurityMixin, SecurityTestCase):
"""
self.changeUser(self.toto_user)
document = self.portal.document_module.newContent(portal_type='Text')
self.login()
document.publishAlive()
self.tic()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment