[Erp5-report] r35957 luke - /erp5/trunk/products/ERP5OOo/tests/testDms.py

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Jun 3 16:09:15 CEST 2010 

Author: luke
Date: Thu Jun  3 16:09:14 2010
New Revision: 35957

URL: http://svn.erp5.org?rev=35957&view=rev
Log:
 - test that in scenario where user is not allowed to see original document, he is still able to convert document to different format

Add test level Document_checkConversionFormatPermission which disallow access
to original document format, and remove it conditionally in beforeTearDown.

Add helper method _test_document_conversion_to_base_format_no_original_format_access.
It asserts that document is not available in original format and then checks
if it is possible to convert this document.

Test for PDF, Open Office Document, Text and Image to cover all known cases.

Modified:
    erp5/trunk/products/ERP5OOo/tests/testDms.py

Modified: erp5/trunk/products/ERP5OOo/tests/testDms.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5OOo/tests/testDms.py?rev=35957&r1=35956&r2=35957&view=diff
==============================================================================
--- erp5/trunk/products/ERP5OOo/tests/testDms.py [utf8] (original)
+++ erp5/trunk/products/ERP5OOo/tests/testDms.py [utf8] Thu Jun  3 16:09:14 2010
@@ -64,6 +64,7 @@
 from zLOG import LOG
 from Products.ERP5.Document.Document import NotConvertedError
 from Products.ERP5Form.Document.Preference import Priority
+from Products.ERP5Type.tests.utils import createZODBPythonScript
 import os
 from threading import Thread
 import httplib
@@ -156,6 +157,7 @@
       - clear document module
     """
     transaction.abort()
+    self.clearRestrictedSecurityHelperScript()
     activity_tool = self.portal.portal_activities
     activity_status = set(m.processing_node < -1
                           for m in activity_tool.getMessageList())
@@ -164,6 +166,13 @@
     else:
       assert not activity_status
     self.clearDocumentModule()
+
+  def clearRestrictedSecurityHelperScript(self):
+    script_id = 'Document_checkConversionFormatPermission'
+    custom = self.getPortal().portal_skins.custom
+    if script_id in custom.objectIds():
+      custom.manage_delObjects(ids=[script_id])
+      transaction.commit()
 
   def clearDocumentModule(self):
     """
@@ -1717,6 +1726,61 @@
     from AccessControl import Unauthorized
     self.assertRaises(Unauthorized, document.asText)
 
+  def createRestrictedSecurityHelperScript(self):
+    createZODBPythonScript(self.getPortal().portal_skins.custom,
+    'Document_checkConversionFormatPermission', 'format=None, **kw', """
+if not format:
+  return 0
+return 1
+""")
+    transaction.commit()
+
+  def _test_document_conversion_to_base_format_no_original_format_access(self,
+      portal_type, file_name):
+    module = self.portal.getDefaultModule(portal_type)
+    upload_file = makeFileUpload(file_name)
+    document = module.newContent(portal_type=portal_type,
+                                 file=upload_file)
+
+    transaction.commit()
+    self.tic()
+
+    self.createRestrictedSecurityHelperScript()
+
+    from AccessControl import Unauthorized
+    # check that it is not possible to access document in original format
+    self.assertRaises(Unauthorized, document.convert, format=None)
+    # check that it is possible to convert document to text format
+    dummy = document.convert(format='text')
+
+  def test_WebPage_conversion_to_base_format_no_original_format_access(self):
+    """Checks Document.TextDocument"""
+    self._test_document_conversion_to_base_format_no_original_format_access(
+      'Web Page',
+      'TEST-text-iso8859-1.txt'
+    )
+
+  def test_PDF_conversion_to_base_format_no_original_format_access(self):
+    """Checks Document.PDFDocument"""
+    self._test_document_conversion_to_base_format_no_original_format_access(
+      'PDF',
+      'TEST-en-002.pdf'
+    )
+
+  def test_Text_conversion_to_base_format_no_original_format_access(self):
+    """Checks Document.OOoDocument"""
+    self._test_document_conversion_to_base_format_no_original_format_access(
+      'Text',
+      'TEST-en-002.odt'
+    )
+
+  def test_Image_conversion_to_base_format_no_original_format_access(self):
+    """Checks Document.Image"""
+    self._test_document_conversion_to_base_format_no_original_format_access(
+      'Image',
+      'TEST-en-002.png'
+    )
+
 class TestDocumentWithSecurity(TestDocumentMixin):
 
   username = 'yusei'

More information about the Erp5-report mailing list