[Erp5-report] r19311 - in /erp5/trunk/products/ERP5Catalog: ./ tests/
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Feb 14 15:49:55 CET 2008
Author: vincent
Date: Thu Feb 14 15:49:54 2008
New Revision: 19311
URL: http://svn.erp5.org?rev=19311&view=rev
Log:
tests/testERP5Catalog.py:
Revert 19128, 19173.
Update test_check_security_table_content to new security table design decisions.
CatalogTool.py:
Only index a local role if this precise local role grants View permission.
Modified:
erp5/trunk/products/ERP5Catalog/CatalogTool.py
erp5/trunk/products/ERP5Catalog/tests/testERP5Catalog.py
Modified: erp5/trunk/products/ERP5Catalog/CatalogTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/CatalogTool.py?rev=19311&r1=19310&r2=19311&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/CatalogTool.py (original)
+++ erp5/trunk/products/ERP5Catalog/CatalogTool.py Thu Feb 14 15:49:54 2008
@@ -147,30 +147,18 @@
localroles = new_dict
# For each local role of a user:
# If the local role grants View permission, add it.
- # If any local role for this user grant him the View permission, add
- # them all.
# Every addition implies 2 lines:
# user:<user_id>
# user:<user_id>:<role_id>
# A line must not be present twice in final result.
for user, roles in localroles.iteritems():
- user_can_view = False
- # First pass: find if user has a local role granting him view
- # permission.
+ if withnuxgroups:
+ prefix = user
+ else:
+ prefix = 'user:' + user
for role in roles:
if allowed.has_key(role):
- user_can_view = True
- break
- if user_can_view:
- # Second pass: add all roles if user has view permission.
- if withnuxgroups:
- prefix = user
- else:
- prefix = 'user:' + user
- allowed[prefix] = 1
- for role in roles:
- if role == 'Owner': # Skip this role explicitely
- continue
+ allowed[prefix] = 1
allowed[prefix + ':' + role] = 1
return list(allowed.keys())
Modified: erp5/trunk/products/ERP5Catalog/tests/testERP5Catalog.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Catalog/tests/testERP5Catalog.py?rev=19311&r1=19310&r2=19311&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Catalog/tests/testERP5Catalog.py (original)
+++ erp5/trunk/products/ERP5Catalog/tests/testERP5Catalog.py Thu Feb 14 15:49:54 2008
@@ -1686,95 +1686,6 @@
self.assertEquals(1, folder.countFolder(title='Object Title',
local_roles='Assignee')[0][0])
- #Test if one of user Role with View permission return Object
- ob1.manage_addLocalRoles('bob', ['Assignee', 'Auditor'])
- ob1.manage_permission('View', ['Assignor', 'Auditor'], 0)
- ob1.reindexObject()
- get_transaction().commit()
- self.tic()
- user = getSecurityManager().getUser()
- self.assertTrue(user.has_permission('View', ob1))
- self.assertTrue(user.has_role('Assignee', ob1))
- result_list = [r.getId() for r in ctool(title='Object Title', local_roles='Assignee')]
- self.assertEquals(2, len(result_list))
- self.assertEquals(2,
- ctool.countResults(title='Object Title',
- local_roles='Assignee')[0][0])
-
- # this also work for searchFolder and countFolder
- self.assertEquals(2, len(folder.searchFolder(title='Object Title',
- local_roles='Assignee')))
- self.assertEquals(2, folder.countFolder(title='Object Title',
- local_roles='Assignee')[0][0])
-
-
- def test_50_bis_LocalRolesArgumentWithERP5Security(self, quiet=quiet, run=run_all_test):
- """test local_roles= argument with ERP5Security
- """
- if not run: return
- if not quiet:
- message = 'local_roles= argument with ERP5Security'
- ZopeTestCase._print('\n%s ' % message)
- LOG('Testing... ',0,message)
- login = PortalTestCase.login
- #Testing Security By ERP5Security Role Generation
- #Create Categories and PortalType RoleInformation
- self.login()
- folder = self.getOrganisationModule()
- ob1 = folder.newContent(title='Object Title')
- ob2 = folder.newContent(title='Object Title')
- ob2.manage_addLocalRoles('bob', ['Assignee'])
- cat_tool = self.getPortal().portal_categories
- cat_tool.group.newContent(id='company', portal_type='Category')
- cat_tool.function.newContent(id='employee', portal_type='Category')
-
- from Products.ERP5Type.RoleInformation import RoleInformation
- role_auditor_inf = RoleInformation(id='Auditor',
- title='Auditor',
- category=('group/company',))
- role_assignee_inf = RoleInformation(id='Assignee',
- title='Assignee',
- category=('group/company',
- 'function/employee',))
-
- pt = self.getPortal().portal_types.Organisation
- pt._roles = (role_auditor_inf, role_assignee_inf)
-
- uf = self.getPortal().acl_users
- uf._doAddUser('bob', '', ['Member'], [])
- get_transaction().commit()
- self.tic()
- #Now Update Security
- ob1.updateLocalRolesOnSecurityGroups()
- ob1.manage_permission('View', ['Auditor', 'Assignor'], 0)
- ob1.reindexObject()
- #Remove Roles On Organisation Portal Type
- pt._roles = ()
- get_transaction().commit()
- self.tic()
- login(self, 'bob')
- ctool = self.getCatalogTool()
- user = getSecurityManager().getUser()
- user._groups.update({'company':1,
- 'employee_company':1})
- self.assertTrue(user.has_permission('View', ob1))
- self.assertTrue(user.has_role('Auditor', ob1))
- self.assertTrue(user.has_role('Assignee', ob1))
- self.assertFalse(user.has_role('Assignor', ob1))
- from AccessControl.PermissionRole import rolesForPermissionOn
- self.assertTrue('Assignee' not in rolesForPermissionOn('View', ob1))
- self.assertEquals(2, len(ctool(title='Object Title',
- local_roles='Assignee')))
- self.assertEquals(2,
- ctool.countResults(title='Object Title',
- local_roles='Assignee')[0][0])
-
- # this also work for searchFolder and countFolder
- self.assertEquals(2, len(folder.searchFolder(title='Object Title',
- local_roles='Assignee')))
- self.assertEquals(2, folder.countFolder(title='Object Title',
- local_roles='Assignee')[0][0])
-
def test_51_SearchWithKeyWords(self, quiet=quiet, run=run_all_test):
if not run: return
if not quiet:
@@ -2355,11 +2266,8 @@
else:
raise Exception, 'Malformed allowedRolesAndUsers value: %r' % (line['allowedRolesAndUsers'], )
- # Check that object that 'bar' can view because of 'Author' role can be
- # found when searching for his other 'Whatever' role.
- # This is used by worklists: a worklist on Whatever must be able to find
- # all visible documents even if Whatever is not the cause of this
- # visibility.
+ # Check that object that 'bar' can view because of 'Author' role can *not*
+ # be found when searching for his other 'Whatever' role.
local_role_dict = {'foo': ['Owner', 'Author'],
'bar': ['Whatever', 'Author']}
for container, portal_type in ((person_module, person),
@@ -2369,7 +2277,7 @@
['Author']):
object = object_dict[getObjectDictKey()]
result = query('SELECT roles_and_users.uid FROM roles_and_users, catalog WHERE roles_and_users.uid = catalog.security_uid AND catalog.uid = %i AND allowedRolesAndUsers = "user:bar:Whatever"' % (object.uid, ))
- self.assertEqual(len(result), 1, '%r: len(%r) != 1' % (getObjectDictKey(), result))
+ self.assertEqual(len(result), 0, '%r: len(%r) != 0' % (getObjectDictKey(), result))
# Check that no 'bar' role are in security table when 'foo' has local
# roles allowing him to view an object but 'bar' can't.
More information about the Erp5-report
mailing list