[Erp5-report] r19165 - /erp5/trunk/products/ERP5Type/tests/testERP5Type.py

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Feb 8 11:53:04 CET 2008 

Author: vincent
Date: Fri Feb  8 11:53:02 2008
New Revision: 19165

URL: http://svn.erp5.org?rev=19165&view=rev
Log:
Add an unit test to check that it is possible in an afterClone script to modify a document when "Modify portal content" was not allowed on the original copy.

Modified:
    erp5/trunk/products/ERP5Type/tests/testERP5Type.py

Modified: erp5/trunk/products/ERP5Type/tests/testERP5Type.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Type/tests/testERP5Type.py?rev=19165&r1=19164&r2=19165&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Type/tests/testERP5Type.py (original)
+++ erp5/trunk/products/ERP5Type/tests/testERP5Type.py Fri Feb  8 11:53:02 2008
@@ -39,6 +39,9 @@
 from Products.ERP5Type.tests.utils import installRealClassTool
 from Products.ERP5Type.Utils import removeLocalPropertySheet
 from AccessControl.SecurityManagement import newSecurityManager
+from AccessControl import getSecurityManager
+from Products.ERP5Type.tests.utils import createZODBPythonScript
+from Products.ERP5Type.tests.utils import removeZODBPythonScript
 
 class PropertySheetTestCase(ERP5TypeTestCase):
   """Base test case class for property sheets tests.
@@ -1256,7 +1259,6 @@
       """
       if not run: return
 
-      from AccessControl import getSecurityManager
       portal = self.getPortal()
 
       # turn on Person.acquire_local_roles
@@ -1941,6 +1943,29 @@
       self.assertNotEquals(object.getCreationDate(), portal.CreationDate())
       self.assertNotEquals(object.getCreationDate(), folder.getCreationDate())
 
+    def test_copyWithoutModificationRight(self, quiet=quiet, run=run_all_test):
+      """
+      Check that it is possible to copy an object on which user doesn't have
+      "Modify portal content" permission.
+      """
+      if not run: return
+      portal = self.getPortalObject()
+      folder = self.getOrganisationModule()
+      object = folder.newContent(portal_type='Organisation')
+      script_container = portal.portal_skins.custom
+      script_id = '%s_afterClone' % (object.getPortalType().replace(' ', ''), )
+      createZODBPythonScript(script_container, script_id, '', 'context.setTitle("couscous")')
+      try:
+        security_manager = getSecurityManager()
+        self.assertEquals(1, security_manager.checkPermission('Access contents information', object))
+        self.assertEquals(1, security_manager.checkPermission('Modify portal content', object))
+        object.manage_permission('Modify portal content')
+        clipboard = folder.manage_copyObjects(ids=[object.id])
+        # Test fails if this method raises.
+        folder.manage_pasteObjects(clipboard)
+      finally:
+        removeZODBPythonScript(script_container, script_id)
+
 def test_suite():
   suite = unittest.TestSuite()
   suite.addTest(unittest.makeSuite(TestERP5Type))

More information about the Erp5-report mailing list