[Erp5-report] r11130 - in /erp5/trunk/products/ERP5Type: ERP5Type.py tests/testERP5Type.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Mon Nov 6 17:21:44 CET 2006
Author: aurel
Date: Mon Nov 6 17:21:39 2006
New Revision: 11130
URL: http://svn.erp5.org?rev=11130&view=rev
Log:
do not check security when creating temp object
add unit test for this
Modified:
erp5/trunk/products/ERP5Type/ERP5Type.py
erp5/trunk/products/ERP5Type/tests/testERP5Type.py
Modified: erp5/trunk/products/ERP5Type/ERP5Type.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/ERP5Type.py?rev=11130&r1=11129&r2=11130&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/ERP5Type.py (original)
+++ erp5/trunk/products/ERP5Type/ERP5Type.py Mon Nov 6 17:21:39 2006
@@ -200,9 +200,13 @@
Call the init_script for the portal_type.
Returns the object.
"""
- # This is part is copied from CMFCore/TypesTool
- ob = FactoryTypeInformation.constructInstance(
- self, container, id, *args, **kw)
+ # This is part is copied from CMFCore/TypesTool/constructInstance
+ # In case of temp object, we don't want to check security
+ if not (hasattr(container, 'isTempObject') and container.isTempObject())\
+ and not self.isConstructionAllowed(container):
+ raise AccessControl_Unauthorized('Cannot create %s' % self.getId())
+ ob = self._constructInstance(container, id, *args, **kw)
+ ob = self._finishConstruction(ob)
# Only try to assign roles to security groups if some roles are defined
# This is an optimisation to prevent defining local roles on subobjects
Modified: erp5/trunk/products/ERP5Type/tests/testERP5Type.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/tests/testERP5Type.py?rev=11130&r1=11129&r2=11130&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/tests/testERP5Type.py (original)
+++ erp5/trunk/products/ERP5Type/tests/testERP5Type.py Mon Nov 6 17:21:39 2006
@@ -18,6 +18,7 @@
from Products.ERP5Type.Base import _aq_reset
from Products.ERP5Type.tests.utils import installRealClassTool
from Products.ERP5Type.Utils import removeLocalPropertySheet
+from AccessControl.SecurityManagement import newSecurityManager
class PropertySheetTestCase(ERP5TypeTestCase):
"""Base test case class for property sheets tests.
@@ -116,6 +117,12 @@
module.manage_delObjects(list(module.objectIds()))
get_transaction().commit()
+ def loginWithNoRole(self, quiet=0, run=run_all_test):
+ uf = self.getPortal().acl_users
+ uf._doAddUser('ac', '', [], [])
+ user = uf.getUserById('ac').__of__(uf)
+ newSecurityManager(None, user)
+
def getRandomString(self):
return str(randint(-10000000,100000000))
@@ -240,7 +247,16 @@
b = o.newContent(id=2, portal_type="Telephone")
self.assertEquals(b.isTempObject(), 1)
self.assertEquals(b.getId(), str(2))
-
+
+ # check we can create temp object without specific roles/permissions
+ self.logout()
+ self.loginWithNoRole()
+ o = newTempOrganisation(portal,'b')
+ self.assertEquals(o.isTempObject(), 1)
+ a = o.newContent(portal_type = 'Telephone')
+ self.assertEquals(a.isTempObject(), 1)
+ self.logout()
+ self.login()
def test_04_CategoryAccessors(self, quiet=quiet, run=run_all_test):
"""
More information about the Erp5-report
mailing list