[Erp5-report] r44631 nicolas - /erp5/trunk/products/ERP5/tests/testBase.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Mar 25 16:55:27 CET 2011
Author: nicolas
Date: Fri Mar 25 16:55:27 2011
New Revision: 44631
URL: http://svn.erp5.org?rev=44631&view=rev
Log:
Test Security on Temp objects for connected and anonymous users
Modified:
erp5/trunk/products/ERP5/tests/testBase.py
Modified: erp5/trunk/products/ERP5/tests/testBase.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/tests/testBase.py?rev=44631&r1=44630&r2=44631&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/tests/testBase.py [utf8] (original)
+++ erp5/trunk/products/ERP5/tests/testBase.py [utf8] Fri Mar 25 16:55:27 2011
@@ -37,8 +37,10 @@ from Testing import ZopeTestCase
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase,\
_getConversionServerDict
from AccessControl.SecurityManagement import newSecurityManager
+from AccessControl import getSecurityManager
from Products.ERP5Type.tests.Sequence import SequenceList
from Products.ERP5Type.Base import Base
+from Products.ERP5Type.Utils import convertToUpperCase
from zExceptions import BadRequest
from Products.ERP5Type.tests.backportUnittest import skip
from Products.ERP5Type.Workflow import addWorkflowByType
@@ -1015,7 +1017,6 @@ class TestBase(ERP5TypeTestCase, ZopeTes
for permission in permission_list:
manager_has_no_permission[permission] = ()
- from AccessControl import getSecurityManager
user = getSecurityManager().getUser()
try:
self.assertTrue(permission_list)
@@ -1192,15 +1193,48 @@ class TestBase(ERP5TypeTestCase, ZopeTes
self.assertEquals(1, len(self.getPortal().portal_catalog(
translated_portal_type='Person', title='translate_table_test')))
- def test_TempBasePublicMethods(self):
- # make sure TempBase methods 'edit' and 'setProperty' are actually public
+ def test_TemporaryObjectPublicMethodListForAnonymous(self):
+ """make sure temporary object methods are actually public.
+ Thanks to owner role, even for Anonymous users
+ """
self.logout()
- from Products.ERP5Type.Document import newTempBase
- from OFS.Traversable import guarded_getattr
- tb = newTempBase(self.portal, '_temp_base')
- for name in ('edit', 'setProperty'):
+ organisation = self.portal.organisation_module.newContent(
+ portal_type='Organisation',
+ temp_object=True)
+ user = getSecurityManager().getUser()
+ self.assertTrue('Owner' in user.getRolesInContext(organisation))
+ from AccessControl.ZopeGuards import guarded_getattr
+ property_map_dict = organisation.propertyMap()
+ property_id_list = ('edit', 'setProperty', 'getProperty') + \
+ tuple(['get' + convertToUpperCase(property_map['id'])\
+ for property_map in property_map_dict])
+
+ for property_id in property_id_list:
+ # should not raise Unauthorized
+ guarded_getattr(organisation, property_id)
+
+ def test_TemporaryObjectPublicMethodList(self):
+ """make sure temporary object methods are actually public.
+ Thanks to owner role.
+ """
+ uf = self.getPortal().acl_users
+ uf._doAddUser('BOBBY', '', ['Member',], [])
+ user = uf.getUserById('BOBBY').__of__(uf)
+ newSecurityManager(None, user)
+ organisation = self.portal.organisation_module.newContent(
+ portal_type='Organisation',
+ temp_object=True)
+ user = getSecurityManager().getUser()
+ self.assertTrue('Owner' in user.getRolesInContext(organisation))
+ from AccessControl.ZopeGuards import guarded_getattr
+ property_map_dict = organisation.propertyMap()
+ property_id_list = ('edit', 'setProperty', 'getProperty') + \
+ tuple(['get' + convertToUpperCase(property_map['id'])\
+ for property_map in property_map_dict])
+
+ for property_id in property_id_list:
# should not raise Unauthorized
- edit = guarded_getattr(tb, name)
+ guarded_getattr(organisation, property_id)
@skip("isIndexable is not designed to work like tested here, this test \
must be rewritten once we know how to handle correctly templates")
More information about the Erp5-report
mailing list