Commit 7d6df387 authored by Jérome Perrin's avatar Jérome Perrin

testSecurity: adjust test_workflow_transition_protection

Only "user action" methods needs a security declaration.
parent b8e4bc38
...@@ -31,6 +31,7 @@ import unittest ...@@ -31,6 +31,7 @@ import unittest
from types import MethodType from types import MethodType
from Acquisition import aq_base from Acquisition import aq_base
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from Products.DCWorkflow.Transitions import TRIGGER_USER_ACTION
# You can invoke security tests in your favourite collection of business templates # You can invoke security tests in your favourite collection of business templates
# by using TestSecurityMixin like the following : # by using TestSecurityMixin like the following :
...@@ -117,8 +118,8 @@ class TestSecurityMixin(ERP5TypeTestCase): ...@@ -117,8 +118,8 @@ class TestSecurityMixin(ERP5TypeTestCase):
if wf.__class__.__name__ == 'InteractionWorkflowDefinition': if wf.__class__.__name__ == 'InteractionWorkflowDefinition':
continue continue
for transition in wf.transitions.objectValues(): for transition in wf.transitions.objectValues():
if getattr(transition, 'trigger_type', 1) == 0: if getattr(transition, 'trigger_type', -1) != TRIGGER_USER_ACTION:
# Automatic transition without guard is safe # Only user action workflow transitions needs a security definition.
continue continue
if getattr(transition, 'guard', None) is None: if getattr(transition, 'guard', None) is None:
error_list.append('%s/transitions/%s' % (wf.getId(), transition.getId())) error_list.append('%s/transitions/%s' % (wf.getId(), transition.getId()))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment