tests and fixes bug #149: local roles not correctly indexed/retrieved

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12666 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Type/ZopePatch.py

@@ -47,6 +47,7 @@ from Products.ERP5Type.patches import CMFCoreSkinnable
 from Products.ERP5Type.patches import CMFCoreSkinsTool
 from Products.ERP5Type.patches import OFSFolder
 from Products.ERP5Type.patches import HTTPRequest
+from Products.ERP5Type.patches import RoleManager
 
 # These symbols are required for backward compatibility
 from Products.ERP5Type.patches.PropertyManager import ERP5PropertyManager

product/ERP5Type/patches/RoleManager.py

+##############################################################################
+#
+# Copyright (c) 2001, 2002 Zope Corporation and Contributors.
+# Copyright (c) 2002,2005 Nexedi SARL and Contributors. All Rights Reserved.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE
+#
+##############################################################################
+
+# monkeypatch to have role mathods call reindex
+
+# make sure NuxUserGroups monkeypatches RoleManager first
+try:
+  import NuxUserGroups
+except ImportError:
+  pass
+
+from AccessControl.Role import RoleManager
+
+# Security and catalog reindexing triggers
+def manage_addLocalRoles(self, userid, roles, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_addLocalRoles(self, userid, roles, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+def manage_setLocalRoles(self, userid, roles, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_setLocalRoles(self, userid, roles, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+def manage_delLocalRoles(self, userid, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_delLocalRoles(self, userid, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+def manage_addLocalGroupRoles(self, groupid, roles, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_addLocalGroupRoles(self, groupid, roles, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+def manage_setLocalGroupRoles(self, groupid, roles, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_setLocalGroupRoles(self, groupid, roles, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+def manage_delLocalGroupRoles(self, groupids, REQUEST=None):
+  "reindex after role update"
+  RoleManager.old_manage_delLocalGroupRoles(self, groupids, REQUEST=REQUEST)
+  reindex_method = getattr(self, 'recursiveReindexObject', None)
+  if reindex_method is not None: reindex_method()
+
+RoleManager.old_manage_addLocalRoles = RoleManager.manage_addLocalRoles
+RoleManager.manage_addLocalRoles = manage_addLocalRoles
+RoleManager.old_manage_setLocalRoles = RoleManager.manage_setLocalRoles
+RoleManager.manage_setLocalRoles = manage_setLocalRoles
+RoleManager.old_manage_delLocalRoles = RoleManager.manage_delLocalRoles
+RoleManager.manage_delLocalRoles = manage_delLocalRoles
+
+if getattr(RoleManager, 'manage_addLocalGroupRoles', None) is not None:
+  RoleManager.old_manage_addLocalGroupRoles = RoleManager.manage_addLocalGroupRoles
+  RoleManager.manage_addLocalGroupRoles = manage_addLocalGroupRoles
+  RoleManager.old_manage_setLocalGroupRoles = RoleManager.manage_setLocalGroupRoles
+  RoleManager.manage_setLocalGroupRoles = manage_setLocalGroupRoles
+  RoleManager.old_manage_delLocalGroupRoles = RoleManager.manage_delLocalGroupRoles
+  RoleManager.manage_delLocalGroupRoles = manage_delLocalGroupRoles
+

product/ERP5Type/tests/testERP5Type.py

@@ -801,6 +801,7 @@ class TestPropertySheet:
       """Tests that the default value is returned correctly when a default
       value is defined using the property sheet.
       """
+      if not run: return
       self._addProperty('Person', '''{'id': 'dummy_ps_prop',
                                       'type': 'string',
                                       'mode': 'w',
@@ -830,6 +831,7 @@ class TestPropertySheet:
     def test_16_SimpleStringAccessor(self,quiet=quiet, run=run_all_test):
       """Tests a simple string accessor.
       This is also a way to test _addProperty method """
+      if not run: return
       self._addProperty('Person', '''{'id': 'dummy_ps_prop',
                                       'type': 'string',
                                       'mode': 'w',}''')
@@ -846,6 +848,7 @@ class TestPropertySheet:
       the Person portal type and that this workflow has 'validation_state' as
       state_variable.
       """
+      if not run: return
       person = self.getPersonModule().newContent(id='1', portal_type='Person')
       wf = self.getWorkflowTool().validation_workflow
       # those are assumptions for this test.
@@ -909,6 +912,7 @@ class TestPropertySheet:
     def test_18_SimpleContentAccessor(self,quiet=quiet, run=run_all_test):
       """Tests a simple content accessor.
       """
+      if not run: return
       # For testing purposes, we add a default_organisation inside a person, 
       # and we add code to generate a 'default_organisation_title' property on
       # this person that will returns the organisation title.
@@ -969,6 +973,7 @@ class TestPropertySheet:
     def test_19_AcquiredContentAccessor(self,quiet=quiet, run=run_all_test):
       """Tests an acquired content accessor.
       """
+      if not run: return
       # For testing purposes, we add a default_organisation inside a person, 
       # and we add code to generate a 'default_organisation_title' property on
       # this person that will returns the organisation title. If this is not
@@ -1005,6 +1010,7 @@ class TestPropertySheet:
       that may have the same id, using same scenario as test_19
       Note that we only test Setter for now.
       """
+      if not run: return
       self._addProperty('Person', self.DEFAULT_ORGANISATION_TITLE_ACQUIRED_PROP)
       # add destination base category to Person TI
       person_ti = self.getTypesTool().getTypeInfo('Person')
@@ -1034,6 +1040,7 @@ class TestPropertySheet:
       """asContext method return a temporary copy of an object.
       Any modification made to the copy does not change the original object.
       """
+      if not run: return
       obj = self.getPersonModule().newContent(portal_type='Person')
       obj.setTitle('obj title')
       copy = obj.asContext()
@@ -1056,6 +1063,7 @@ class TestPropertySheet:
     def test_21_ActionCondition(self, quiet=quiet, run=run_all_test):
       """Tests action conditions
       """
+      if not run: return
       type_tool = self.getTypeTool()
       portal_type_object = type_tool['Organisation']
       def addCustomAction(name,condition):
@@ -1087,6 +1095,28 @@ class TestPropertySheet:
       action_id_list = [x['id'] for x in actions.get('object_action',[])]
       self.failUnless('action3' in action_id_list)
 
+    def test_22_securityReindex(self, quiet=quiet, run=run_all_test):
+      """
+      Tests that the security is reindexed when a role is changed on an object
+      """
+      if not run: return
+      from AccessControl import getSecurityManager
+      user = getSecurityManager().getUser()
+      portal = self.getPortal()
+      person_module = self.getPersonModule()
+      person = person_module.newContent(portal_type='Person', title='foo')
+      person.manage_permission('View', roles=['Auditor'], acquire=0)
+
+      get_transaction().commit() ; self.tic()
+      self.assertTrue('Auditor' not in user.getRolesInContext(person))
+      self.assertEquals(len(person_module.searchFolder()), 0)
+
+      person_module.manage_addLocalRoles(user.getId(), ['Auditor'])
+
+      get_transaction().commit() ; self.tic()
+      self.assertTrue('Auditor' in user.getRolesInContext(person))
+      self.assertEquals(len(person_module.searchFolder()), 1)
+
 if __name__ == '__main__':
   framework()
 else: