[Erp5-report] r36285 rafael - in /erp5/trunk/products/ERP5Form: ./ tests/

[nobody at svn.erp5.org]

Author: rafael
Date: Sat Jun 12 00:33:23 2010
New Revision: 36285

URL: http://svn.erp5.org?rev=36285&view=rev
Log:
Added a test in order to check if the read_permissions and write_permissions are
respected at portal_preferences acessors.


Modified:
    erp5/trunk/products/ERP5Form/PreferenceTool.py
    erp5/trunk/products/ERP5Form/tests/testPreferences.py

Modified: erp5/trunk/products/ERP5Form/PreferenceTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/PreferenceTool.py?rev=36285&r1=36284&r2=36285&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] Sat Jun 12 00:33:23 2010
@@ -97,6 +97,8 @@ def createPreferenceToolAccessorList(por
   # Generate common method names
   for prop in property_list:
     if prop.get('preference'):
+      # XXX read_permission and write_permissions defined at
+      # property sheet are not respected by this.
       # only properties marked as preference are used
       attribute = prop['id']
       attr_list = [ 'get%s' % convertToUpperCase(attribute)]

Modified: erp5/trunk/products/ERP5Form/tests/testPreferences.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/tests/testPreferences.py?rev=36285&r1=36284&r2=36285&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] Sat Jun 12 00:33:23 2010
@@ -34,6 +34,7 @@ import transaction
 from AccessControl.SecurityManagement import noSecurityManager
 from AccessControl.SecurityManagement import getSecurityManager
 from zExceptions import Unauthorized
+from AccessControl.ZopeGuards import guarded_hasattr
 from DateTime import DateTime
 
 from Products.ERP5Type.tests.testERP5Type import PropertySheetTestCase
@@ -527,7 +528,56 @@ class TestPreferences(PropertySheetTestC
 
     self.assertTrue(portal_preferences.getDummy())
     self.assertTrue(portal_preferences.isDummy())
+
+  def test_property_sheet_security_on_permission(self):
+    """ Added a test to make sure permissions are used into portal
+        preference level. """
+    write_permission = 'Modify portal content'
+    read_permission = 'Manage portal'
+    self._addPropertySheet('Preference', 'DummyPreference',
+        '''class DummyPreference:
+             _properties= ( {'id': 'preferred_toto',
+                             'write_permission' : 'Modify portal content',
+                             'read_permission'  : 'Manage portal',
+                             'preference': 1,
+                             'type': 'string',},)''')
+
+    obj = self.portal.portal_preferences.newContent(portal_type='Preference')
+    obj.enable()
+    transaction.commit()
+    self.tic()
     
+    self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
+    obj.setPreferredToto("A TEST")
+    self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
+
+    obj.manage_permission(write_permission, [], 0)
+    self.assertFalse(guarded_hasattr(obj, 'setPreferredToto'))
+    self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
+
+    obj.manage_permission(write_permission, ['Manager'], 1)
+    obj.manage_permission(read_permission, [], 0)
+    self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
+    self.assertFalse(guarded_hasattr(obj, 'getPreferredToto'))
+
+    obj.manage_permission(read_permission, ['Manager'], 1)
+
+    transaction.commit()
+    self.tic()
+
+    preference_tool = self.portal.portal_preferences
+    self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
+    self.assertEquals("A TEST", preference_tool.getPreferredToto())
+
+    preference_tool.manage_permission(write_permission, [], 0)
+    self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
+
+    preference_tool.manage_permission(write_permission, ['Manager'], 1)
+    preference_tool.manage_permission(read_permission, [], 0)
+    obj.manage_permission(read_permission, [], 0)
+    self.assertFalse(guarded_hasattr(preference_tool, 'getPreferredToto'))
+
+    preference_tool.manage_permission(read_permission, ['Manager'], 1)
 
 def test_suite():
   suite = unittest.TestSuite()