Commit 422d6ebc authored by Romain Courteaud's avatar Romain Courteaud

Deprecated tests.

parent 6c747121
##############################################################################
#
# Copyright (c) 2011 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from VifibMixin import testVifibMixin
from AccessControl import Unauthorized
from Products.ERP5Type.tests.SecurityTestCase import SecurityTestCase
sale_login_id = 'test_sale_agent'
member_login_id = 'test_vifib_customer'
class TestVifibCRMSecurity(testVifibMixin, SecurityTestCase):
def getTitle(self):
return "Vifib CRM Security"
def test_CampaignSecurity(self):
"""
Sale division should be able to manage campaign.
Anonymous/member has no permission to any campaign.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the campaign module through restrictedTraverse
# This will test the security of the module
campaign_module_id = self.portal.getDefaultModuleId(portal_type='Campaign')
campaign_module = self.portal.restrictedTraverse(campaign_module_id)
# Add campaign
campaign = campaign_module.newContent(portal_type='Campaign')
# Edit the campaign
campaign.edit(
title='Test Vifib Campaign',
)
campaign_relative_url = campaign.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=campaign_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", campaign)
self.logout()
# Member
self.login(user_name=member_login_id)
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[campaign_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=campaign_relative_url)))
self.logout()
# Anonymous
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[campaign_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=campaign_relative_url)))
def test_SupportRequestSecurity(self):
"""
Sale division should be able to manage support request.
Anonymous/member has no permission to any support request.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the support_request module through restrictedTraverse
# This will test the security of the module
support_request_module_id = self.portal.getDefaultModuleId(
portal_type='Support Request')
support_request_module = self.portal.restrictedTraverse(
support_request_module_id)
# Add support_request
support_request = support_request_module.newContent(
portal_type='Support Request')
# Edit the support_request
support_request.edit(
title='Test Vifib Support Request',
)
support_request_relative_url = support_request.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=support_request_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor",
support_request)
self.logout()
# Member
self.login(user_name=member_login_id)
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[support_request_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=support_request_relative_url)))
self.logout()
# Anonymous
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[support_request_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=support_request_relative_url)))
def test_NotificationMessageSecurity(self):
"""
Sale division should be able to manage notification message.
Anonymous/member has no permission to any notification message.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the notification_message module through restrictedTraverse
# This will test the security of the module
notification_message_module_id = self.portal.getDefaultModuleId(
portal_type='Notification Message')
notification_message_module = self.portal.restrictedTraverse(
notification_message_module_id)
# Add notification_message
notification_message = notification_message_module.newContent(
portal_type='Notification Message')
# Edit the notification_message
notification_message.edit(
title='Test Vifib Notification Message',
)
notification_message_relative_url = notification_message.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=notification_message_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor",
notification_message)
self.logout()
# Member
self.login(user_name=member_login_id)
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[notification_message_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=notification_message_relative_url)))
self.logout()
# Anonymous
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[notification_message_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=notification_message_relative_url)))
def test_EventSecurity(self):
"""
Sale division should be able to manage event.
Anonymous/member has no permission to any event.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the event module through restrictedTraverse
# This will test the security of the module
event_module_id = self.portal.getDefaultModuleId(
portal_type='Fax Message')
event_module = self.portal.restrictedTraverse(
event_module_id)
self.logout()
for portal_type in self.portal.getPortalEventTypeList():
# Sale division
self.login(user_name=sale_login_id)
# Add event
event = event_module.newContent(
portal_type=portal_type)
# Edit the event
event.edit(
title='Test Vifib %s' % portal_type,
)
event_relative_url = event.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=event_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", event)
self.logout()
# Member
self.login(user_name=member_login_id)
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[event_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=event_relative_url)))
self.logout()
# Anonymous
self.assertRaises(Unauthorized,
self.portal.restrictedTraverse,
[event_module_id]
)
self.assertEquals(0, len(self.portal.portal_catalog(
relative_url=event_relative_url)))
def test_PersonSecurity(self):
"""
Sale division should be able to manage person.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the person module through restrictedTraverse
# This will test the security of the module
person_module_id = self.portal.getDefaultModuleId(
portal_type='Person')
person_module = self.portal.restrictedTraverse(
person_module_id)
# Add person
person = person_module.newContent(
portal_type="Person")
# Edit the person
person.edit(
title='Test Vifib Person'
)
person_relative_url = person.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=person_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", person)
self.logout()
def test_OrganisationSecurity(self):
"""
Sale division should be able to manage organisation.
"""
# Sale division
self.login(user_name=sale_login_id)
# Try to acceed the organisation module through restrictedTraverse
# This will test the security of the module
organisation_module_id = self.portal.getDefaultModuleId(
portal_type='Organisation')
organisation_module = self.portal.restrictedTraverse(
organisation_module_id)
# Add organisation
organisation = organisation_module.newContent(
portal_type="Organisation")
# Edit the organisation
organisation.edit(
title='Test Vifib Organisation'
)
organisation_relative_url = organisation.getRelativeUrl()
self.stepTic()
self.assertEquals(1, len(self.portal.portal_catalog(
relative_url=organisation_relative_url)))
# XXX TODO: test real CRM use case related to the security
self.assertUserHaveRoleOnDocument(sale_login_id, "Assignor", organisation)
self.logout()
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
import unittest
from Products.Vifib.tests.testVifibSlapWebService import \
TestVifibSlapWebServiceMixin
READ = 'Access contents information'
VIEW = 'View'
ADD = 'Add portal content'
WRITE = 'Modify portal content'
OTHER_AUDITOR = [
'Access Transient Objects',
'Access session data',
'Copy or Move',
'List folder contents',
'View History'
]
OTHER_AUTHOR = [
'Add portal folders',
]
class TestVifibComputerModelSecurity(TestVifibSlapWebServiceMixin):
def generateNewId(self):
return self.getPortalObject().portal_ids.generateNewId(
id_group=('slapos_core_test'))
def getTitle(self):
return "Test Vifib Computer Model Security"
def createMemberUser(self):
portal = self.getPortalObject()
new_id = self.generateNewId()
# Clone person document
person_user = portal.person_module.template_member.\
Base_createCloneDocument(batch_mode=1)
person_user.edit(
title="live_test_%s" % new_id,
reference="live_test_%s" % new_id,
default_email_text="live_test_%s@example.org" % new_id,
)
person_user.validate()
for assignment in person_user.contentValues(portal_type="Assignment"):
assignment.open()
return person_user
def afterSetUp(self):
pass
def beforeTearDown(self):
pass
def _getLocalRoles(self, context):
return [x[0] for x in context.get_local_roles()]
def _permissionsOfRole(self, context, role):
return [x['name'] for x in context.permissionsOfRole(role) \
if x['selected'] == 'SELECTED']
def assertPermissionsOfRole(self, context, role, permission_list):
self.assertSameSet(
permission_list,
self._permissionsOfRole(context, role))
def assertSecurityGroup(self, context, security_group_list, acquired):
self.assertEquals(acquired, context._getAcquireLocalRoles())
self.assertSameSet(
security_group_list,
self._getLocalRoles(context)
)
def assertRoles(self, context, security_group, role_list):
self.assertSameSet(
role_list,
context.get_local_roles_for_userid(security_group)
)
def test_ComputerModelModuleLocalRoles(self):
module = self.portal.computer_model_module
self.assertSecurityGroup(module,
['R-MEMBER', 'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Author', 'Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
def test_ComputerModelModulePermissions(self):
module = self.portal.computer_model_module
self.assertPermissionsOfRole(module, 'Owner', [])
self.assertPermissionsOfRole(module, 'Auditor',
[READ, VIEW] + OTHER_AUDITOR)
self.assertPermissionsOfRole(module, 'Author',
[READ, ADD] + OTHER_AUDITOR + OTHER_AUTHOR)
def test_ComputerModelLocalRoles(self):
module = self.portal.computer_model_module
Model = module.newContent(portal_type="Computer Model")
self.assertSecurityGroup(Model,
['ERP5TypeTestCase', 'G-COMPANY'], False)
self.assertRoles(Model, 'ERP5TypeTestCase', ['Owner'])
self.assertRoles(Model, 'G-COMPANY', ['Assignor'])
# Setting source administration give person the assignee role
person = self.createMemberUser()
Model.edit(source_administration_value=person)
self.assertSecurityGroup(Model,
['ERP5TypeTestCase', 'G-COMPANY', person.getReference()], False)
self.assertRoles(Model, person.getReference(), ['Assignee'])
def test_ComputerModelPermission(self):
module = self.portal.computer_model_module
Model = module.newContent(portal_type="Computer Model")
# Check draft state
self.assertEquals('draft', Model.getValidationState())
self.assertPermissionsOfRole(Model, 'Owner',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(Model, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(Model, 'Assignee',
[READ, VIEW, ADD, WRITE])
# Check validated state
Model.validate()
self.assertEquals('validated', Model.getValidationState())
self.assertPermissionsOfRole(Model, 'Owner', [])
self.assertPermissionsOfRole(Model, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(Model, 'Assignee',
[READ, VIEW, ADD, WRITE])
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestVifibComputerModelSecurity))
return suite
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
import unittest
from Products.Vifib.tests.testVifibSlapWebService import \
TestVifibSlapWebServiceMixin
READ = 'Access contents information'
VIEW = 'View'
ADD = 'Add portal content'
WRITE = 'Modify portal content'
OTHER_AUDITOR = [
'Access Transient Objects',
'Access session data',
'Copy or Move',
'List folder contents',
'View History'
]
OTHER_AUTHOR = [
'Add portal folders',
]
class TestVifibComputerNetworkSecurity(TestVifibSlapWebServiceMixin):
def generateNewId(self):
return self.getPortalObject().portal_ids.generateNewId(
id_group=('slapos_core_test'))
def getTitle(self):
return "Test Vifib Computer Network Security"
def createMemberUser(self):
portal = self.getPortalObject()
new_id = self.generateNewId()
# Clone person document
person_user = portal.person_module.template_member.\
Base_createCloneDocument(batch_mode=1)
person_user.edit(
title="live_test_%s" % new_id,
reference="live_test_%s" % new_id,
default_email_text="live_test_%s@example.org" % new_id,
)
person_user.validate()
for assignment in person_user.contentValues(portal_type="Assignment"):
assignment.open()
return person_user
def afterSetUp(self):
pass
def beforeTearDown(self):
pass
def _getLocalRoles(self, context):
return [x[0] for x in context.get_local_roles()]
def _permissionsOfRole(self, context, role):
return [x['name'] for x in context.permissionsOfRole(role) \
if x['selected'] == 'SELECTED']
def assertPermissionsOfRole(self, context, role, permission_list):
self.assertSameSet(
permission_list,
self._permissionsOfRole(context, role))
def assertSecurityGroup(self, context, security_group_list, acquired):
self.assertEquals(acquired, context._getAcquireLocalRoles())
self.assertSameSet(
security_group_list,
self._getLocalRoles(context)
)
def assertRoles(self, context, security_group, role_list):
self.assertSameSet(
role_list,
context.get_local_roles_for_userid(security_group)
)
def test_ComputerNetworkModuleLocalRoles(self):
module = self.portal.computer_network_module
self.assertSecurityGroup(module, ['R-MEMBER', 'R-SHADOW',
'zope'], False)
self.assertRoles(module, 'R-MEMBER', ['Author', 'Auditor'])
self.assertRoles(module, 'R-SHADOW', ['Auditor'])
self.assertRoles(module, 'zope', ['Owner'])
def test_ComputerNetworkModulePermissions(self):
module = self.portal.computer_network_module
self.assertPermissionsOfRole(module, 'Owner', [])
self.assertPermissionsOfRole(module, 'Auditor',
[READ, VIEW] + OTHER_AUDITOR)
self.assertPermissionsOfRole(module, 'Author',
[READ, ADD] + OTHER_AUDITOR + OTHER_AUTHOR)
def test_ComputerNetworkLocalRoles(self):
module = self.portal.computer_network_module
network = module.newContent(portal_type="Computer Network")
self.assertSecurityGroup(network, ['ERP5TypeTestCase', 'G-COMPANY',
'R-SHADOW'], False)
self.assertRoles(network, 'ERP5TypeTestCase', ['Owner'])
self.assertRoles(network, 'G-COMPANY', ['Assignor'])
self.assertRoles(network, 'R-SHADOW', ['Auditor'])
# Setting source administration give person the assignee role
person = self.createMemberUser()
network.edit(source_administration_value=person)
self.assertSecurityGroup(network,
['ERP5TypeTestCase', 'G-COMPANY', 'R-SHADOW', person.getReference()], False)
self.assertRoles(network, person.getReference(), ['Assignee'])
def test_ComputerNetworkPermission(self):
module = self.portal.computer_network_module
network = module.newContent(portal_type="Computer Network")
# Check draft state
self.assertEquals('draft', network.getValidationState())
self.assertPermissionsOfRole(network, 'Owner',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignee',
[READ, VIEW, ADD, WRITE])
# Check validated state
network.validate()
self.assertEquals('validated', network.getValidationState())
self.assertPermissionsOfRole(network, 'Owner', [])
self.assertPermissionsOfRole(network, 'Assignor',
[READ, VIEW, ADD, WRITE])
self.assertPermissionsOfRole(network, 'Assignee',
[READ, VIEW, ADD, WRITE])
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestVifibComputerNetworkSecurity))
return suite
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
import unittest
from testERP5ComputerWithComputerModel import TestERP5ComputerWithComputerModel
class TestVifibComputerWithComputerModel(TestERP5ComputerWithComputerModel):
pass
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestVifibComputerWithComputerModel))
return suite
##############################################################################
#
# Copyright (c) 2002-2011 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from VifibMixin import testVifibMixin
import random
def rndstr():
return str(random.random())
def getMessageList(o):
return [str(q.getMessage()) for q in o.checkConsistency()]
class TestVifibSoftwareProductConstraint(testVifibMixin):
def getTitle(self):
return "Vifib Software Product Constraint checks"
def test_title_not_empty(self):
software_product = self.portal.software_product_module.newContent(
portal_type='Software Product')
consistency_message = 'Title should be defined'
self.assertTrue(consistency_message in getMessageList(software_product))
software_product.edit(title=rndstr())
self.assertFalse(consistency_message in getMessageList(software_product))
def test_title_unique(self):
title = rndstr()
title_2 = rndstr()
consistency_message = 'Title already exists'
software_product = self.portal.software_product_module.newContent(
portal_type='Software Product', title=title)
software_product_2 = self.portal.software_product_module.newContent(
portal_type='Software Product', title=title)
self.stepTic()
self.assertTrue(consistency_message in getMessageList(software_product))
self.assertTrue(consistency_message in getMessageList(software_product_2))
software_product_2.setTitle(title_2)
self.stepTic()
self.assertFalse(consistency_message in getMessageList(software_product))
self.assertFalse(consistency_message in getMessageList(software_product_2))
class TestVifibSoftwareReleaseConstraint(testVifibMixin):
def test_reference(self):
consistency_message = 'Reference must be defined'
software_release = self.portal.software_release_module.newContent(
portal_type='Software Release')
self.assertTrue(consistency_message in getMessageList(software_release))
software_release.setReference(rndstr())
self.assertFalse(consistency_message in getMessageList(software_release))
def test_language(self):
consistency_message = 'Language should be defined'
software_release = self.portal.software_release_module.newContent(
portal_type='Software Release')
self.assertTrue(consistency_message in getMessageList(software_release))
software_release.setLanguage(rndstr())
self.assertFalse(consistency_message in getMessageList(software_release))
def test_version(self):
consistency_message_existence = 'Version should be defined'
consistency_message_unicity = 'Version already exists'
reference = rndstr()
software_release = self.portal.software_release_module.newContent(
portal_type='Software Release', reference=reference)
self.assertTrue(consistency_message_existence in getMessageList(
software_release))
version = rndstr()
software_release.setVersion(version)
self.assertFalse(consistency_message_existence in getMessageList(
software_release))
software_release_2 = self.portal.software_release_module.newContent(
portal_type='Software Release', version=version, reference=reference)
software_release.publish()
software_release_2.publish()
self.stepTic()
self.assertTrue(consistency_message_unicity in getMessageList(
software_release))
self.assertTrue(consistency_message_unicity in getMessageList(
software_release_2))
software_release_2.setVersion(rndstr())
self.stepTic()
self.assertFalse(consistency_message_unicity in getMessageList(
software_release))
self.assertFalse(consistency_message_unicity in getMessageList(
software_release_2))
##############################################################################
#
# Copyright (c) 2002-2010 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from VifibMixin import testVifibMixin
from zExceptions import Unauthorized
from Products.ERP5Type.tests.backportUnittest import skip
class TestVifibModuleSecurity(testVifibMixin):
"""
Test Vifib Person security
"""
used_module_id_list = [
'accounting_module',
'account_module',
'campaign_module',
'component_module',
'currency_module',
'document_ingestion_module',
'document_module',
'event_module',
'image_module',
'inventory_module',
'knowledge_pad_module',
'meeting_module',
'notification_message_module',
'open_sale_order_module',
'organisation_module',
'person_module',
'product_module',
'purchase_order_module',
'purchase_trade_condition_module',
'query_module',
'sale_opportunity_module',
'sale_order_module',
'sale_packing_list_module',
'sale_trade_condition_module',
'service_module',
'software_product_module',
'software_release_module',
'support_request_module',
'transformation_module',
'web_page_module',
'web_site_module',
]
def getTitle(self):
return "Test Vifib Module security"
@skip('Ignored for now, as security changed a lot')
def test_VifibUserCanNotAccessModules(self):
"""
Check if member of vifib group can not access modules.
"""
portal = self.getPortal()
self.login(user_name='test_vifib_member')
error_list = []
for module_id in portal.objectIds(spec=('ERP5 Folder',)):
if module_id in self.used_module_id_list:
try:
portal.restrictedTraverse(module_id)
except Unauthorized:
error_list.append("User can not access '%s'" % module_id)
else:
try:
self.assertRaises(Unauthorized, portal.restrictedTraverse, module_id)
except AssertionError:
error_list.append("User can access '%s'" % module_id)
self.assertEqual([], error_list, '\n'.join(error_list))
# Copyright (c) 2002-2012 Nexedi SA and Contributors. All Rights Reserved.
import unittest
from Products.Vifib.tests.testVifibSlapWebService import \
TestVifibSlapWebServiceMixin
from Products.ERP5Type.tests.Sequence import SequenceList
from ZTUtils import make_query
import difflib
from Products.ERP5Type.tests.backportUnittest import skip
class TestVifibPayZen(TestVifibSlapWebServiceMixin):
def fakeSlapAuth(self):
pass
def unfakeSlapAuth(self):
pass
def stepCheckRelatedSystemEvent(self, sequence):
# use catalog to select exactly interesting events
# as there might be more because of running alarms
event = self.portal.portal_catalog(
portal_type='Payzen Event',
default_destination_uid=sequence['payment'].getUid(),
limit=2)
self.assertEqual(1, len(event))
event = event[0]
self.assertEqual(event.getValidationState(), 'acknowledged')
message = event.objectValues()
self.assertEqual(1, len(message))
message = message[0]
self.assertEqual(message.getTitle(), 'Shown Page')
self.assertEqual(message.getTextContent(), sequence['payment_page'])
def getExpectedUserPage(self, sequence):
callback = self.portal.web_site_module.hosting.payzen_callback
query = make_query(dict(transaction=sequence['payment'].getRelativeUrl()))
integration_site = self.portal.restrictedTraverse(self.portal\
.portal_preferences.getPreferredPayzenIntegrationSite())
vads_url_cancel=callback.cancel.absolute_url() + '?' + query
vads_url_error=callback.error.absolute_url() + '?' + query
vads_url_referral=callback.referral.absolute_url() + '?' + query
vads_url_refused=callback.refused.absolute_url() + '?' + query
vads_url_success=callback.success.absolute_url() + '?' + query
vads_url_return=getattr(callback, 'return').absolute_url() + '?' + query
data_dict = dict(
vads_language='en',
vads_url_cancel=vads_url_cancel,
vads_url_error=vads_url_error,
vads_url_referral=vads_url_referral,
vads_url_refused=vads_url_refused,
vads_url_success=vads_url_success,
vads_url_return=vads_url_return,
vads_trans_date=sequence['payment'].getStartDate().toZone('UTC')\
.asdatetime().strftime('%Y%m%d%H%M%S'),
vads_amount=str(int(round((sequence['payment']\
.PaymentTransaction_getTotalPayablePrice() * -100), 0))),
vads_currency=integration_site.getMappingFromCategory(
'resource/currency_module/%s' % sequence[
'payment'].getResourceReference()).split('/')[-1],
vads_trans_id=integration_site.getMappingFromCategory('causality/%s'
% sequence['payment'].getRelativeUrl()).split('_')[1],
vads_site_id=self.portal.portal_secure_payments.vifib_payzen.getServiceUsername()
)
self.portal.portal_secure_payments.vifib_payzen._getFieldList(data_dict)
data_dict['action'] = self.portal.portal_secure_payments\
.vifib_payzen.default_link.getUrlString()
expected = \
'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w'\
'3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.or'\
'g/1999/xhtml" xml:lang="en" lang="en">\n<head>\n <meta http-equiv="Co'\
'ntent-Type" content="text/html; charset=utf-8" />\n <meta http-equiv='\
'"Content-Script-Type" content="text/javascript" />\n <meta http-equiv'\
'="Content-Style-Type" content="text/css" />\n <title>title</title>\n<'\
'/head>\n<body onload="document.payment.submit();">\n<form method="POST'\
'" id="payment" name="payment"\n action="%(action)s">\n\n <input '\
'type="hidden" name="vads_url_return"\n value="'\
'%(vads_url_return)s">\n\n\n <input type="hidden" name="vads_site_id" '\
'value="%(vads_site_id)s">\n\n\n <input type="hidden" name="vads_url_e'\
'rror"\n value="%(vads_url_error)s">\n\n\n <input type="hidden'\
'" name="vads_trans_id" value="%(vads_trans_id)s">\n\n\n <input type="'\
'hidden" name="vads_action_mode"\n value="INTERACTIVE">\n\n\n '\
'<input type="hidden" name="vads_url_success"\n value="'\
'%(vads_url_success)s">\n\n\n <input type="hidden" name="vads_url_refe'\
'rral"\n value="%(vads_url_referral)s">\n\n\n <input type="hid'\
'den" name="vads_page_action"\n value="PAYMENT">\n\n\n <input '\
'type="hidden" name="vads_trans_date"\n value="'\
'%(vads_trans_date)s">\n\n\n <input type="hidden" name="vads_url_refus'\
'ed"\n value="%(vads_url_refused)s">\n\n\n <input type="hidden'\
'" name="vads_url_cancel"\n value="%(vads_url_cancel)s">\n\n\n '\
' <input type="hidden" name="vads_ctx_mode" value="TEST">\n\n\n <input '\
'type="hidden" name="vads_payment_config"\n value="SINGLE">\n\n'\
'\n <input type="hidden" name="vads_contrib" value="ERP5">\n\n\n <inp'\
'ut type="hidden" name="signature"\n value="%(signature)s">\n\n'\
'\n <input type="hidden" name="vads_language" value="%(vads_language)s">\n\n\n <inpu'\
't type="hidden" name="vads_currency" value="%(vads_currency)s">\n\n\n '\
' <input type="hidden" name="vads_amount" value="%(vads_amount)s">\n\n\n'\
' <input type="hidden" name="vads_version" value="V2">\n\n<input type="s'\
'ubmit" value="Click to pay">\n</form>\n</body>\n</html>' % data_dict
return expected
def stepCheckPaymentPage(self, sequence):
expected = self.getExpectedUserPage(sequence)
self.assertEqual(sequence['payment_page'], expected,
'\n'.join([q for q in difflib.unified_diff(expected.split('\n'),
sequence['payment_page'].split('\n'))]))
def stepCallStartPaymentOnConfirmedPayment(self, sequence, **kw):
current_skin = self.app.REQUEST.get('portal_skin', 'View')
try:
self.changeSkin('Hosting')
sequence['payment'] = self.portal.portal_catalog.getResultValue(
portal_type="Payment Transaction", simulation_state="started")
sequence['payment_page'] = sequence['payment'].__of__(
self.portal.web_site_module.hosting
).AccountingTransaction_startPayment()
finally:
self.changeSkin(current_skin)
def test_AccountingTransaction_startPayment(self):
sequence_list = SequenceList()
sequence_string = self.register_new_user_sequence_string + '\
LoginWebUser \
CallStartPaymentOnConfirmedPayment \
CleanTic \
Logout \
LoginERP5TypeTestCase \
CheckPaymentPage \
CheckRelatedSystemEvent \
'
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
def stepFetchStartedPayment(self, sequence, **kw):
sequence['payment'] = self.portal.portal_catalog.getResultValue(
portal_type="Payment Transaction", simulation_state="started")
def stepCheckUnknownPayment(self, sequence):
self.assertEqual(sequence['payment'].getSimulationState(), 'started')
self.assertEqual(self.portal.portal_catalog.countResults(
portal_type='Payzen Event', default_destination_uid=sequence['payment']\
.getUid(),
limit=1)[0][0], 0)
def test_PaymentTransaction_unknown(self):
sequence_list = SequenceList()
sequence_string = self.register_new_user_sequence_string + '\
LoginWebUser \
FetchStartedPayment \
Logout \
LoginERP5TypeTestCase\
CheckUnknownPayment \
Logout \
'
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
def stepCheckRegisteredPayment(self, sequence):
self.assertEqual(sequence['payment'].getSimulationState(), 'started')
event_list = self.portal.portal_catalog(
portal_type='Payzen Event',
default_destination_uid=sequence['payment'].getUid(),
limit=2)
self.assertEqual(len(event_list), 1)
event = event_list[0]
self.assertEqual(event.getTitle(),
'User navigation script for %s' % sequence['payment'].getTitle())
message_list = event.contentValues(portal_type='Payzen Event Message')
self.assertEqual(len(message_list), 1)
message = message_list[0]
expected = self.getExpectedUserPage(sequence)
self.assertEqual(message.getTextContent(), expected,
'\n'.join([q for q in difflib.unified_diff(expected.split('\n'),
message.getTextContent().split('\n'))]))
def test_PaymentTransaction_registered(self):
sequence_list = SequenceList()
sequence_string = self.register_new_user_sequence_string + '\
LoginWebUser \
CallStartPaymentOnConfirmedPayment \
CleanTic \
Logout \
LoginERP5TypeTestCase \
CheckPaymentPage \
CleanTic \
CheckRelatedSystemEvent \
Logout \
LoginWebUser \
FetchStartedPayment \
CleanTic \
Logout \
LoginERP5TypeTestCase \
CheckRegisteredPayment \
'
sequence_list.addSequenceString(sequence_string)
sequence_list.play(self)
@skip('Test not ready.')
def test_PaymentTransaction_updateStatus_registered_no_change(self):
raise NotImplementedError
@skip('Test not ready.')
def test_PaymentTransaction_updateStatus_registered_paid(self):
raise NotImplementedError
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestVifibPayZen))
return suite
##############################################################################
#
# Copyright (c) 2002-2010 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from VifibMixin import testVifibMixin
class TestVifibPersonSecurity(testVifibMixin):
"""
Test Vifib Person security
"""
def getTitle(self):
return "Test Vifib Person security"
def test_base_HRAdminCanCreateDeletePerson(self):
"""
Check if HR Admin can create and delete person document.
"""
self.login(user_name='test_hr_admin')
# Try to acceed the person module through restrictedTraverse
# This will test the security of the module
person_module_id = self.portal.getDefaultModuleId(portal_type='Person')
person_module = self.portal.restrictedTraverse(person_module_id)
# Create a user
new_person = person_module.newContent(portal_type="Person")
new_person.portal_workflow.doActionFor(new_person, "create_user_action",
reference="test_created_user",
password="test_created_password",
password_confirm="test_created_password",
)
new_person.delete()
def test_base_HRAdminCanInvalidatePerson(self):
"""
Check if HR Admin can invalidate person document.
"""
self.login(user_name='test_hr_admin')
# Try to acceed the person module through restrictedTraverse
# This will test the security of the module
person_module_id = self.portal.getDefaultModuleId(portal_type='Person')
person_module = self.portal.restrictedTraverse(person_module_id)
# Create a user
new_person = person_module.newContent(portal_type="Person",
first_name='Test',
last_name='Invalidated Vifib User',
)
# open assignment in order to trigger open order creation
assignment = new_person.newContent(portal_type='Assignment')
assignment.portal_workflow.doActionFor(assignment, "open_action")
# tic to have open order created and indexed
self.stepTic()
new_person.edit(career_role='client', default_email_text="test@example.com")
new_person.portal_workflow.doActionFor(new_person, "validate_action")
new_person.portal_workflow.doActionFor(new_person, "invalidate_action")
def test_base_HRAdminCanCreateAssignment(self):
"""
Check if HR Admin can access a person profile and create/update/close assignment.
"""
self.login(user_name='test_hr_admin')
# Try to acceed the person module through restrictedTraverse
# This will test the security of the module
person_module_id = self.portal.getDefaultModuleId(portal_type='Person')
person_module = self.portal.restrictedTraverse(person_module_id)
# Search a user
new_person = person_module.searchFolder(id='test_updated_vifib_user')
new_person = new_person[0].getObject()
# Modify the user
new_person.edit(first_name='Test', last_name='Updated Vifib User')
# Create an assignment
assignment = new_person.newContent(portal_type='Assignment')
# Update the assignment
assignment.edit(title='Test assignment')
# Open the assignment
assignment.portal_workflow.doActionFor(assignment, "open_action")
# Update the assignment
assignment.portal_workflow.doActionFor(assignment, "update_action")
assignment.edit(title="Test Edition")
# Open the assignment
assignment.portal_workflow.doActionFor(assignment, "open_action")
# Close the assignment
assignment.portal_workflow.doActionFor(assignment, "close_action")
##############################################################################
#
# Copyright (c) 2002-2010 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from VifibMixin import testVifibMixin
class TestVifibUserDeveloper(testVifibMixin):
"""
Test Vifib User: developer access to the system
"""
def getTitle(self):
return "Test Vifib User Developer security"
def test_base_UserDeveloperCanCreateSoftwareRelease(self):
"""
Check if developer can create software release
"""
login_id = 'test_vifib_user_developer'
self.login(user_name=login_id)
# Try to acceed the software release module through restrictedTraverse
# This will test the security of the module
software_release_module_id = self.portal.getDefaultModuleId(portal_type='Software Release')
software_release_module = self.portal.restrictedTraverse(software_release_module_id)
# Add software_release
software_release = software_release_module.newContent(portal_type='Software Release')
# User has to access his person profile
person_module_id = self.portal.getDefaultModuleId(portal_type='Person')
person_module = self.portal.restrictedTraverse(person_module_id)
person_value = person_module.restrictedTraverse(login_id)
# Edit the computer
software_release.edit(
title='Test Vifib Software Release',
reference='test_software_release',
version=1,
language='en',
url_string='http://example.com/live_test_software_release.cfg',
contributor_value=person_value,
)
# Submit software release
software_release.portal_workflow.doActionFor(software_release, 'submit_action')
# Check if he can still access it
self.portal.restrictedTraverse(software_release.getRelativeUrl())
self.logout()
self.login(user_name='test_vifib_developer')
# Try to acceed the software product module through restrictedTraverse
# This will test the security of the module
software_product_module_id = self.portal.getDefaultModuleId(portal_type='Software Product')
software_product_module = self.portal.restrictedTraverse(software_product_module_id)
# Add software_release
software_product = software_product_module.newContent(portal_type='Software Product')
# Put some information
software_product.edit(
title='test software product',
)
software_product.portal_workflow.doActionFor(software_product, 'publish_action')
# Edit software release
software_release.edit(
aggregate_value=software_product,
)
# Accept software release
software_release.portal_workflow.doActionFor(software_release, 'publish_action')
588 589
\ No newline at end of file \ No newline at end of file
testVifibPersonSecurity
testVifibCRMSecurity
testVifibModuleSecurity
testVifibUserDeveloper
testVifibComputerNetworkSecurity
testVifibComputerModelSecurity
testVifibConstraint
testVifibPayZen
testVifibComputerWithComputerModel
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment