Commit 19038f40 authored by Rafael Monnerat's avatar Rafael Monnerat

Added a test in order to check if the read_permissions and write_permissions are

respected at portal_preferences acessors.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@36285 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 6f5a0f55
......@@ -97,6 +97,8 @@ def createPreferenceToolAccessorList(portal) :
# Generate common method names
for prop in property_list:
if prop.get('preference'):
# XXX read_permission and write_permissions defined at
# property sheet are not respected by this.
# only properties marked as preference are used
attribute = prop['id']
attr_list = [ 'get%s' % convertToUpperCase(attribute)]
......
......@@ -34,6 +34,7 @@ import transaction
from AccessControl.SecurityManagement import noSecurityManager
from AccessControl.SecurityManagement import getSecurityManager
from zExceptions import Unauthorized
from AccessControl.ZopeGuards import guarded_hasattr
from DateTime import DateTime
from Products.ERP5Type.tests.testERP5Type import PropertySheetTestCase
......@@ -528,6 +529,55 @@ class TestPreferences(PropertySheetTestCase):
self.assertTrue(portal_preferences.getDummy())
self.assertTrue(portal_preferences.isDummy())
def test_property_sheet_security_on_permission(self):
""" Added a test to make sure permissions are used into portal
preference level. """
write_permission = 'Modify portal content'
read_permission = 'Manage portal'
self._addPropertySheet('Preference', 'DummyPreference',
'''class DummyPreference:
_properties= ( {'id': 'preferred_toto',
'write_permission' : 'Modify portal content',
'read_permission' : 'Manage portal',
'preference': 1,
'type': 'string',},)''')
obj = self.portal.portal_preferences.newContent(portal_type='Preference')
obj.enable()
transaction.commit()
self.tic()
self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
obj.setPreferredToto("A TEST")
self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
obj.manage_permission(write_permission, [], 0)
self.assertFalse(guarded_hasattr(obj, 'setPreferredToto'))
self.assertTrue(guarded_hasattr(obj, 'getPreferredToto'))
obj.manage_permission(write_permission, ['Manager'], 1)
obj.manage_permission(read_permission, [], 0)
self.assertTrue(guarded_hasattr(obj, 'setPreferredToto'))
self.assertFalse(guarded_hasattr(obj, 'getPreferredToto'))
obj.manage_permission(read_permission, ['Manager'], 1)
transaction.commit()
self.tic()
preference_tool = self.portal.portal_preferences
self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
self.assertEquals("A TEST", preference_tool.getPreferredToto())
preference_tool.manage_permission(write_permission, [], 0)
self.assertTrue(guarded_hasattr(preference_tool, 'getPreferredToto'))
preference_tool.manage_permission(write_permission, ['Manager'], 1)
preference_tool.manage_permission(read_permission, [], 0)
obj.manage_permission(read_permission, [], 0)
self.assertFalse(guarded_hasattr(preference_tool, 'getPreferredToto'))
preference_tool.manage_permission(read_permission, ['Manager'], 1)
def test_suite():
suite = unittest.TestSuite()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment