Commit 2641d70b authored by Arnaud Fontaine's avatar Arnaud Fontaine

ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.

parent 7419da2e
...@@ -69,9 +69,7 @@ ...@@ -69,9 +69,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -65,9 +65,7 @@ ...@@ -65,9 +65,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
...@@ -65,9 +65,7 @@ ...@@ -65,9 +65,7 @@
<key> <string>roles</string> </key> <key> <string>roles</string> </key>
<value> <value>
<tuple> <tuple>
<string>Assignee</string> <string>Developer</string>
<string>Assignor</string>
<string>Manager</string>
</tuple> </tuple>
</value> </value>
</item> </item>
......
2013-07-09 arnaud.fontaine
* ZODB Components: Only Developer Role must be able to invalidate/delete/validate Components.
2013-07-04 arnaud.fontaine 2013-07-04 arnaud.fontaine
* ZODB Components: Version was not displayed properly in Component view. * ZODB Components: Version was not displayed properly in Component view.
......
41104 41105
\ No newline at end of file \ No newline at end of file
...@@ -1348,26 +1348,75 @@ class _TestZodbComponent(SecurityTestCase): ...@@ -1348,26 +1348,75 @@ class _TestZodbComponent(SecurityTestCase):
The new Component should only be in erp5.component.XXX when validated, The new Component should only be in erp5.component.XXX when validated,
otherwise it should not be importable at all otherwise it should not be importable at all
""" """
uf = self.portal.acl_users
if not uf.getUser('ERP5TypeTestCase_NonDeveloper'):
uf._doAddUser('ERP5TypeTestCase_NonDeveloper',
'', ['Manager', 'Member', 'Assignee',
'Assignor', 'Author', 'Auditor', 'Associate'], [])
test_component = self._newComponent( test_component = self._newComponent(
'TestValidateInvalidateComponent', 'TestValidateInvalidateComponent',
'def foobar(*args, **kwargs):\n return "ValidateInvalidate"') 'def foobar(*args, **kwargs):\n return "ValidateInvalidate"')
test_component.validate() self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
'validate_action',
test_component)
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
'invalidate_action',
test_component)
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from Products.CMFCore.WorkflowCore import WorkflowException
sm = getSecurityManager()
try:
self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
finally:
setSecurityManager(sm)
self.failIfModuleImportable('TestValidateInvalidateComponent')
self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
self.tic() self.tic()
self.assertModuleImportable('TestValidateInvalidateComponent') self.assertModuleImportable('TestValidateInvalidateComponent')
test_component.invalidate()
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase_NonDeveloper',
'invalidate_action',
test_component)
self.failIfUserCanPassWorkflowTransition('ERP5TypeTestCase',
'validate_action',
test_component)
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
test_component.validate() self.portal.portal_workflow.doActionFor(test_component, 'validate_action')
self.tic() self.tic()
self.assertModuleImportable('TestValidateInvalidateComponent') self.assertModuleImportable('TestValidateInvalidateComponent')
test_component.invalidate() self.portal.portal_workflow.doActionFor(test_component, 'invalidate_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
sm = getSecurityManager()
try:
self._loginAsUser('ERP5TypeTestCase_NonDeveloper')
self.assertRaises(WorkflowException,
self.portal.portal_workflow.doActionFor,
test_component, 'delete_action')
finally:
setSecurityManager(sm)
self.portal.portal_workflow.doActionFor(test_component, 'delete_action') self.portal.portal_workflow.doActionFor(test_component, 'delete_action')
self.tic() self.tic()
self.failIfModuleImportable('TestValidateInvalidateComponent') self.failIfModuleImportable('TestValidateInvalidateComponent')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment