[Erp5-report] r35957 luke - /erp5/trunk/products/ERP5OOo/tests/testDms.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Jun 3 16:09:15 CEST 2010
Author: luke
Date: Thu Jun 3 16:09:14 2010
New Revision: 35957
URL: http://svn.erp5.org?rev=35957&view=rev
Log:
- test that in scenario where user is not allowed to see original document, he is still able to convert document to different format
Add test level Document_checkConversionFormatPermission which disallow access
to original document format, and remove it conditionally in beforeTearDown.
Add helper method _test_document_conversion_to_base_format_no_original_format_access.
It asserts that document is not available in original format and then checks
if it is possible to convert this document.
Test for PDF, Open Office Document, Text and Image to cover all known cases.
Modified:
erp5/trunk/products/ERP5OOo/tests/testDms.py
Modified: erp5/trunk/products/ERP5OOo/tests/testDms.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5OOo/tests/testDms.py?rev=35957&r1=35956&r2=35957&view=diff
==============================================================================
--- erp5/trunk/products/ERP5OOo/tests/testDms.py [utf8] (original)
+++ erp5/trunk/products/ERP5OOo/tests/testDms.py [utf8] Thu Jun 3 16:09:14 2010
@@ -64,6 +64,7 @@
from zLOG import LOG
from Products.ERP5.Document.Document import NotConvertedError
from Products.ERP5Form.Document.Preference import Priority
+from Products.ERP5Type.tests.utils import createZODBPythonScript
import os
from threading import Thread
import httplib
@@ -156,6 +157,7 @@
- clear document module
"""
transaction.abort()
+ self.clearRestrictedSecurityHelperScript()
activity_tool = self.portal.portal_activities
activity_status = set(m.processing_node < -1
for m in activity_tool.getMessageList())
@@ -164,6 +166,13 @@
else:
assert not activity_status
self.clearDocumentModule()
+
+ def clearRestrictedSecurityHelperScript(self):
+ script_id = 'Document_checkConversionFormatPermission'
+ custom = self.getPortal().portal_skins.custom
+ if script_id in custom.objectIds():
+ custom.manage_delObjects(ids=[script_id])
+ transaction.commit()
def clearDocumentModule(self):
"""
@@ -1717,6 +1726,61 @@
from AccessControl import Unauthorized
self.assertRaises(Unauthorized, document.asText)
+ def createRestrictedSecurityHelperScript(self):
+ createZODBPythonScript(self.getPortal().portal_skins.custom,
+ 'Document_checkConversionFormatPermission', 'format=None, **kw', """
+if not format:
+ return 0
+return 1
+""")
+ transaction.commit()
+
+ def _test_document_conversion_to_base_format_no_original_format_access(self,
+ portal_type, file_name):
+ module = self.portal.getDefaultModule(portal_type)
+ upload_file = makeFileUpload(file_name)
+ document = module.newContent(portal_type=portal_type,
+ file=upload_file)
+
+ transaction.commit()
+ self.tic()
+
+ self.createRestrictedSecurityHelperScript()
+
+ from AccessControl import Unauthorized
+ # check that it is not possible to access document in original format
+ self.assertRaises(Unauthorized, document.convert, format=None)
+ # check that it is possible to convert document to text format
+ dummy = document.convert(format='text')
+
+ def test_WebPage_conversion_to_base_format_no_original_format_access(self):
+ """Checks Document.TextDocument"""
+ self._test_document_conversion_to_base_format_no_original_format_access(
+ 'Web Page',
+ 'TEST-text-iso8859-1.txt'
+ )
+
+ def test_PDF_conversion_to_base_format_no_original_format_access(self):
+ """Checks Document.PDFDocument"""
+ self._test_document_conversion_to_base_format_no_original_format_access(
+ 'PDF',
+ 'TEST-en-002.pdf'
+ )
+
+ def test_Text_conversion_to_base_format_no_original_format_access(self):
+ """Checks Document.OOoDocument"""
+ self._test_document_conversion_to_base_format_no_original_format_access(
+ 'Text',
+ 'TEST-en-002.odt'
+ )
+
+ def test_Image_conversion_to_base_format_no_original_format_access(self):
+ """Checks Document.Image"""
+ self._test_document_conversion_to_base_format_no_original_format_access(
+ 'Image',
+ 'TEST-en-002.png'
+ )
+
class TestDocumentWithSecurity(TestDocumentMixin):
username = 'yusei'
More information about the Erp5-report
mailing list