slapos_erp5: test Login local roles

1805bfd9 · Romain Courteaud · 1f4dceeb · 1805bfd9 · 1805bfd9 · 1805bfd9
Commit 1805bfd9 authored Nov 03, 2023 by Romain Courteaud
3 changed files
--- a/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Certificate%20Login.xml
+++ b/master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Certificate%20Login.xml
@@ -7,10 +7,18 @@
   <multi_property id='base_category'>aggregate</multi_property>
  </role>
  <role id='Assignee'>
-   <property id='title'>Compute Node Agent</property>
+   <property id='title'>Project Production Agent</property>
+   <property id='condition'>python: (here.getParentValue().getPortalType() == 'Compute Node') and (here.getParentValue().getFollowUp(None) is not None)</property>
   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromParentContent</property>
-   <multi_property id='categories'>local_role_group/user</multi_property>
-   <multi_property id='base_category'>source_administration</multi_property>
+   <multi_property id='category'>function/production/agent</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
+  </role>
+  <role id='Assignor'>
+   <property id='title'>Project Production Manager</property>
+   <property id='condition'>python: (here.getParentValue().getPortalType() == 'Compute Node') and (here.getParentValue().getFollowUp(None) is not None)</property>
+   <property id='base_category_script'>ERP5Type_getSecurityCategoryFromParentContent</property>
+   <multi_property id='category'>function/production/manager</multi_property>
+   <multi_property id='base_category'>follow_up</multi_property>
  </role>
  <role id='Assignee'>
   <property id='title'>The User Himself (Compute Node)</property>

--- a/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
+++ b/master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py
@@ -1787,3 +1787,87 @@ class TestPerson(TestSlapOSGroupRoleSecurityMixin):
    self.assertRoles(delivery, delivery.getUserId(), ['Assignee'])
    self.assertRoles(delivery, 'SHADOW-%s' % delivery.getUserId(), ['Auditor'])

+
+class TestERP5Login(TestSlapOSGroupRoleSecurityMixin):
+  def test_ERP5Login_selfUser(self):
+    delivery = self.portal.person_module.newContent(
+        portal_type='Person').newContent(portal_type='ERP5 Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+
+class TestFacebookLogin(TestSlapOSGroupRoleSecurityMixin):
+  def test_FacebookLogin_selfUser(self):
+    delivery = self.portal.person_module.newContent(
+        portal_type='Person').newContent(portal_type='Facebook Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+
+class TestGoogleLogin(TestSlapOSGroupRoleSecurityMixin):
+  def test_GoogleLogin_selfUser(self):
+    delivery = self.portal.person_module.newContent(
+        portal_type='Person').newContent(portal_type='Google Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+
+class TestCertificateLogin(TestSlapOSGroupRoleSecurityMixin):
+  def test_CertificateLogin_person(self):
+    delivery = self.portal.person_module.newContent(
+        portal_type='Person').newContent(portal_type='Certificate Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+  def test_CertificateLogin_computeNode(self):
+    delivery = self.portal.compute_node_module.newContent(
+        portal_type='Compute Node').newContent(portal_type='Certificate Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+  def test_CertificateLogin_computeNodeManager(self):
+    project = self.portal.project_module.newContent(portal_type='Project')
+    compute_node = self.portal.compute_node_module.newContent(
+        portal_type='Compute Node')
+    login = compute_node.newContent(portal_type='Certificate Login')
+    compute_node.edit(follow_up_value=project)
+    self.assertSecurityGroup(login,
+        [compute_node.getUserId(), self.user_id,
+         '%s_F-PRODAGNT' % project.getReference(),
+         '%s_F-PRODMAN' % project.getReference()], False)
+    self.assertRoles(login, self.user_id, ['Owner'])
+    self.assertRoles(login, compute_node.getUserId(), ['Assignee'])
+    self.assertRoles(login, '%s_F-PRODMAN' % project.getReference(), ['Assignor'])
+    self.assertRoles(login, '%s_F-PRODAGNT' % project.getReference(), ['Assignee'])
+
+  def test_CertificateLogin_softwareInstance(self):
+    delivery = self.portal.software_instance_module.newContent(
+        portal_type='Software Instance').newContent(portal_type='Certificate Login')
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+
+  def test_CertificateLogin_aggregateSoftwareInstance(self):
+    compute_node = self.portal.compute_node_module.newContent(portal_type='Compute Node')
+    partition = compute_node.newContent(portal_type='Compute Partition')
+    delivery = self.portal.software_instance_module.newContent(
+        portal_type='Software Instance').newContent(portal_type='Certificate Login')
+    delivery.getParentValue().edit(aggregate_value=partition)
+    self.assertSecurityGroup(delivery,
+        [delivery.getParentValue().getUserId(),
+         compute_node.getUserId(), self.user_id], False)
+    self.assertRoles(delivery, self.user_id, ['Owner'])
+    self.assertRoles(delivery, delivery.getParentValue().getUserId(), ['Assignee'])
+    self.assertRoles(delivery, compute_node.getUserId(), ['Assignor'])
+
--- a/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
+++ b/master/bt5/slapos_erp5/WorkflowTemplateItem/portal_workflow/local_permission_slapos_interaction_workflow/interaction_ComputeNode_edit.xml
@@ -11,6 +11,7 @@
            <value>
              <tuple>
                <string>after_script/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllLocalRoles</string>
+                <string>after_script/portal_workflow/local_permission_slapos_interaction_workflow/script_Base_updateAllChildrenLocalRoles</string>
              </tuple>
            </value>
        </item>