[Erp5-report] r36285 rafael - in /erp5/trunk/products/ERP5Form: ./ tests/
nobody at svn.erp5.org
nobody at svn.erp5.org
Sat Jun 12 00:33:24 CEST 2010
Author: rafael
Date: Sat Jun 12 00:33:23 2010
New Revision: 36285
URL: http://svn.erp5.org?rev=36285&view=rev
Log:
Added a test in order to check if the read_permissions and write_permissions are
respected at portal_preferences acessors.
Modified:
erp5/trunk/products/ERP5Form/PreferenceTool.py
erp5/trunk/products/ERP5Form/tests/testPreferences.py
Modified: erp5/trunk/products/ERP5Form/PreferenceTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/PreferenceTool.py?rev=36285&r1=36284&r2=36285&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/PreferenceTool.py [utf8] Sat Jun 12 00:33:23 2010
@@ -97,6 +97,8 @@ def createPreferenceToolAccessorList(por
# Generate common method names
for prop in property_list:
if prop.get('preference'):
+ # XXX read_permission and write_permissions defined at
+ # property sheet are not respected by this.
# only properties marked as preference are used
attribute = prop['id']
attr_list = [ 'get%s' % convertToUpperCase(attribute)]
Modified: erp5/trunk/products/ERP5Form/tests/testPreferences.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Form/tests/testPreferences.py?rev=36285&r1=36284&r2=36285&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] (original)
+++ erp5/trunk/products/ERP5Form/tests/testPreferences.py [utf8] Sat Jun 12 00:33:23 2010
@@ -34,6 +34,7 @@ import transaction
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManagement import getSecurityManager
from zExceptions import Unauthorized
+from AccessControl.ZopeGuards import guarded_hasattr
from DateTime import DateTime
from Products.ERP5Type.tests.testERP5Type import PropertySheetTestCase
@@ -527,7 +528,56 @@ class TestPreferences(PropertySheetTestC
self.assertTrue(portal_preferences.getDummy())
self.assertTrue(portal_preferences.isDummy())
+
+ def test_property_sheet_security_on_permission(self):
+ """ Added a test to make sure permissions are used into portal
+ preference level. """
+ write_permission = 'Modify portal content'
+ read_permission = 'Manage portal'
+ self._addPropertySheet('Preference', 'DummyPreference',
+ '''class DummyPreference:
+ _properties= ( {'id': 'preferred_toto',
+ 'write_permission' : 'Modify portal content',
+ 'read_permission' : 'Manage portal',
+ 'preference': 1,
+ 'type': 'string',},)''')
+
+ obj = self.portal.portal_preferences.newContent(portal_type='Preference')
+ obj.enable()
+ transaction.commit()
+ self.tic()
+ self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
+ obj.setPreferredToto("A TEST")
+ self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
+
+ obj.manage_permission(write_permission, [], 0)
+ self.assertFalse(guarded_hasattr(obj, 'setPreferredToto'))
+ self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
+
+ obj.manage_permission(write_permission, ['Manager'], 1)
+ obj.manage_permission(read_permission, [], 0)
+ self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
+ self.assertFalse(guarded_hasattr(obj, 'getPreferredToto'))
+
+ obj.manage_permission(read_permission, ['Manager'], 1)
+
+ transaction.commit()
+ self.tic()
+
+ preference_tool = self.portal.portal_preferences
+ self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
+ self.assertEquals("A TEST", preference_tool.getPreferredToto())
+
+ preference_tool.manage_permission(write_permission, [], 0)
+ self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
+
+ preference_tool.manage_permission(write_permission, ['Manager'], 1)
+ preference_tool.manage_permission(read_permission, [], 0)
+ obj.manage_permission(read_permission, [], 0)
+ self.assertFalse(guarded_hasattr(preference_tool, 'getPreferredToto'))
+
+ preference_tool.manage_permission(read_permission, ['Manager'], 1)
def test_suite():
suite = unittest.TestSuite()
More information about the Erp5-report
mailing list