Commit 4469fdaf authored by Yusei Tahara's avatar Yusei Tahara

ERP5Type/tests/testERP5Type.py: Make sure that accessors are protected...

ERP5Type/tests/testERP5Type.py: Make sure that accessors are protected correctly when permission was specified in the property sheet.
parent 6edd92c8
......@@ -2700,6 +2700,62 @@ class TestERP5Type(PropertySheetTestCase, LogInterceptor):
self.assertTrue(guarded_hasattr(obj, 'setFooBar'))
self.assertFalse(guarded_hasattr(obj, 'getFooBar'))
# Make sure that we can use 'Access contents information' as
# write permission and 'Modify portal content' as read permission.
self._addProperty('Person',
'test_PropertySheetSecurityOnAccessors',
'hoge_hoge',
elementary_type='string',
write_permission='Access contents information',
read_permission='Modify portal content',
portal_type='Standard Property')
obj = self.getPersonModule().newContent(portal_type='Person')
self.assertTrue(guarded_hasattr(obj, 'setHogeHoge'))
self.assertTrue(guarded_hasattr(obj, 'getHogeHoge'))
obj.manage_permission('Access contents information', [], 0)
self.assertFalse(guarded_hasattr(obj, 'setHogeHoge'))
self.assertTrue(guarded_hasattr(obj, 'getHogeHoge'))
obj.manage_permission('Access contents information', ['Manager'], 1)
obj.manage_permission('Modify portal content', [], 0)
self.assertTrue(guarded_hasattr(obj, 'setHogeHoge'))
self.assertFalse(guarded_hasattr(obj, 'getHogeHoge'))
# Make sure that getProperty and setProperty respect accessor's
# security protection.
createZODBPythonScript(portal.portal_skins.custom,
'Base_callAccessorHogeHoge',
'mode',
'''\
if mode == 'getter':
context.getHogeHoge()
elif mode == 'getProperty':
context.getProperty('hoge_hoge')
elif mode == 'setter':
context.setHogeHoge('waa')
elif mode == 'setProperty':
context.setProperty('waa')
return True''')
# test accessors
obj.manage_permission('Access contents information', ['Manager'], 1)
obj.manage_permission('Modify portal content', ['Manager'], 1)
self.assertTrue(guarded_hasattr(obj, 'setHogeHoge'))
self.assertTrue(guarded_hasattr(obj, 'getHogeHoge'))
self.assertTrue(obj.Base_callAccessorHogeHoge(mode='getter'))
self.assertTrue(obj.Base_callAccessorHogeHoge(mode='setter'))
self.assertTrue(obj.Base_callAccessorHogeHoge(mode='getProperty'))
self.assertTrue(obj.Base_callAccessorHogeHoge(mode='setProperty'))
obj.manage_permission('Access contents information', [], 0)
obj.manage_permission('Modify portal content', [], 0)
self.assertFalse(guarded_hasattr(obj, 'setHogeHoge'))
self.assertFalse(guarded_hasattr(obj, 'getHogeHoge'))
self.assertRaises(Unauthorized, obj.Base_callAccessorHogeHoge, mode='getter')
self.assertRaises(Unauthorized, obj.Base_callAccessorHogeHoge, mode='setter')
self.assertRaises(Unauthorized, obj.Base_callAccessorHogeHoge, mode='getProperty')
self.assertRaises(Unauthorized, obj.Base_callAccessorHogeHoge, mode='setProperty')
def test_edit(self):
self._addProperty('Person',
'test_edit',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment