Commit 8cba95c2 authored by Jérome Perrin's avatar Jérome Perrin

Tests that interaction workflow methods are protected with "Access content

information", unless we wrap a method that was already protected.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@18686 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 7321fa7f
......@@ -30,8 +30,8 @@ import unittest
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.ERP5Type.Base import _aq_reset
from Products.ERP5.Document.Organisation import Organisation
from AccessControl.SecurityManagement import newSecurityManager
import Products.ERP5Type
class TestInteractionWorkflow(ERP5TypeTestCase):
......@@ -50,6 +50,14 @@ class TestInteractionWorkflow(ERP5TypeTestCase):
def afterSetUp(self):
self.login()
def beforeTearDown(self):
Organisation = Products.ERP5Type.Document.Organisation.Organisation
Organisation.security.names.pop('doSomethingStupid', None)
if hasattr(Organisation, 'doSomethingStupid'):
delattr(Organisation, 'doSomethingStupid')
if hasattr(Organisation, 'doSomethingStupid__roles__'):
delattr(Organisation, 'doSomethingStupid__roles__')
def login(self, quiet=0):
uf = self.getPortal().acl_users
uf._doAddUser('seb', '', ['Manager'], [])
......@@ -61,6 +69,7 @@ class TestInteractionWorkflow(ERP5TypeTestCase):
"""
"""
self.setDescription(value)
Organisation = Products.ERP5Type.Document.Organisation.Organisation
Organisation.doSomethingStupid = doSomethingStupid
portal_type = self.getTypeTool()['Organisation']
portal_type.base_category_list = ['size']
......@@ -501,6 +510,58 @@ context.setDescription('%s,%s,%s' % (d, args, result))
self.assertEquals(len(call_list), 3)
def test_security(self):
# wrapping a method in an interaction workflow adds a default security to
# this method if the method does not exists.
self.createInteractionWorkflow()
self.interaction.setProperties(
'default',
method_id='nonExistantMethod',
after_script_name=('afterEdit',))
self.script.ZPythonScript_edit('sci', '')
self.createData()
# the default security is "Access contents information"
self.organisation.manage_permission(
'Access contents information', ['Role1'], 0)
self.assertEquals(self.organisation.nonExistantMethod__roles__,
('Role1',))
def test_security_defined(self):
# wrapping a method in an interaction workflow adds a default security to
# this method, but does not override existing security definition
self.createInteractionWorkflow()
self.interaction.setProperties(
'default',
method_id='setDescription',
after_script_name=('afterEdit',))
self.script.ZPythonScript_edit('sci', '')
self.createData()
# This rely on the fact that 'setDescription' is protected with 'Modify
# portal content'
self.organisation.manage_permission(
'Modify portal content', ['Role2'], 0)
self.assertEquals(self.organisation.setDescription__roles__,
('Role2',))
def test_security_defined_on_class(self):
# wrapping a method in an interaction workflow adds a default security to
# this method, but does not override existing security definition (defined
# on the class)
Organisation = Products.ERP5Type.Document.Organisation.Organisation
Organisation.security.declarePrivate('doSomethingStupid')
Organisation.security.apply(Organisation)
self.createInteractionWorkflow()
self.interaction.setProperties(
'default',
method_id='doSomethingStupid',
after_script_name=('afterEdit',))
self.script.ZPythonScript_edit('sci', '')
self.createData()
self.assertEquals(self.organisation.doSomethingStupid__roles__, ())
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestInteractionWorkflow))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment