[Erp5-report] r31641 jerome - in /erp5/trunk/products/ERP5Form: ./ tests/

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Jan 7 16:52:33 CET 2010 

Author: jerome
Date: Thu Jan  7 16:52:33 2010
New Revision: 31641

URL: http://svn.erp5.org?rev=31641&view=rev
Log:
to prevent user preferences to be enabled for manager, we were only
considering preference where the user had an Owner role, but as we sometimes
have manager users that are also owner globally, it's better to do this using
ownership and not owner role.

Modified:
    erp5/trunk/products/ERP5Form/PreferenceTool.py
    erp5/trunk/products/ERP5Form/tests/testPreferences.py

Modified: erp5/trunk/products/ERP5Form/PreferenceTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/PreferenceTool.py?rev=31641&r1=31640&r2=31641&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] Thu Jan  7 16:52:33 2010
@@ -204,12 +204,12 @@
         # XXX quick workaround so that manager only see user preference
         # they actually own.
         if user_is_manager and pref.getPriority() == Priority.USER :
-          if user.allowed(pref, ('Owner',)):
+          if pref.getOwnerTuple()[1] == user.getId():
             prefs.append(pref)
         else :
           prefs.append(pref)
     prefs.sort(key=lambda x: x.getPriority(), reverse=True)
-    # add system preferences after user preferences
+    # add system preferences before user preferences
     sys_prefs = [x.getObject() for x in self.searchFolder(portal_type='System Preference', sql_catalog_id=sql_catalog_id) \
                  if x.getObject().getProperty('preference_state', 'broken') in ('enabled', 'global')]
     sys_prefs.sort(key=lambda x: x.getPriority(), reverse=True)

Modified: erp5/trunk/products/ERP5Form/tests/testPreferences.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/tests/testPreferences.py?rev=31641&r1=31640&r2=31641&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] Thu Jan  7 16:52:33 2010
@@ -335,11 +335,23 @@
     portal_workflow.doActionFor(
        manager_pref, 'enable_action', wf_id='preference_workflow')
     self.assertEquals(manager_pref.getPreferenceState(), 'enabled')
+    transaction.commit(); self.tic()
 
     # check users preferences are still enabled
     self.assertEquals(user_a_1.getPreferenceState(), 'enabled')
     self.assertEquals(user_b_1.getPreferenceState(), 'enabled')
     self.assertEquals(user_a_2.getPreferenceState(), 'disabled')
+
+    # A user with Manager and Owner can view all preferences, because this user
+    # is Manager and Owner, but for Manager, we have an exception, only
+    # preferences actually owned by the user are taken into account.
+    uf._doAddUser('manager_and_owner', '', ['Manager', 'Owner'], [])
+    self.login('manager_and_owner')
+    self.assert_('Owner' in
+      getSecurityManager().getUser().getRolesInContext(manager_pref))
+    self.assertEquals(None,
+        portal_preferences.getPreferredAccountingTransactionAtDate())
+
 
   def test_GlobalPreference(self):
     # globally enabled preference are preference for anonymous users.

More information about the Erp5-report mailing list