Commit 0e57df28 authored by Vincent Pelletier's avatar Vincent Pelletier

Products.CMFActivity: Unconditionally change user in dummyGroupMethod

Since
  commit f363ac65
  Author: Vincent Pelletier <vincent@nexedi.com>
  Date:   Wed Mar 23 15:55:46 2022 +0900

      Products.CMFActivity.ActivityTool: Store user object in activity.
user_name on newly created activities is always None. As a result,
activities using dummyGroupMethod are executed within the security
context which spawns the group, which is System Processes, instead of
the user which spawned each activity.
Add a unittest for this.
parent 984f7f13
Pipeline #22057 failed with stage
...@@ -1693,15 +1693,10 @@ class ActivityTool (BaseTool): ...@@ -1693,15 +1693,10 @@ class ActivityTool (BaseTool):
class dummyGroupMethod(object): class dummyGroupMethod(object):
def __bobo_traverse__(self, REQUEST, method_id): def __bobo_traverse__(self, REQUEST, method_id):
def group_method(message_list): def group_method(message_list):
user_name = None
sm = getSecurityManager() sm = getSecurityManager()
try: try:
for m in message_list: for m in message_list:
message = m._message m._message.changeUser(m.object, annotate_transaction=False)
message_user_id = message.getUserId()
if message.user_object or user_name != message.user_name:
user_name = message.user_name
message.changeUser(m.object)
m.result = getattr(m.object, method_id)(*m.args, **m.kw) m.result = getattr(m.object, method_id)(*m.args, **m.kw)
except Exception: except Exception:
m.raised() m.raised()
......
...@@ -2835,3 +2835,44 @@ return [x.getObject() for x in context.portal_catalog(limit=100)] ...@@ -2835,3 +2835,44 @@ return [x.getObject() for x in context.portal_catalog(limit=100)]
finally: finally:
setSecurityManager(initial_security_manager) setSecurityManager(initial_security_manager)
del Organisation.checkUserGroupAndRole del Organisation.checkUserGroupAndRole
@for_each_activity
def test_dummyGroupMethodUser(self, activity):
activity_tool = self.portal.portal_activities
user_folder = self.portal.acl_users
expected_user_list = [
PropertiedUser(id='user1', login='user1').__of__(user_folder),
PropertiedUser(id='user2', login='user2').__of__(user_folder),
]
for index, user in enumerate(expected_user_list):
user._addGroups(groups=['role %i' % index])
context_list = [
self.portal.organisation_module.newContent(portal_type='Organisation')
for _ in expected_user_list
]
self.tic()
user_list = [None for _ in expected_user_list]
def doSomething(self, index):
user_list[index] = getSecurityManager().getUser()
Organisation.doSomething = doSomething
try:
initial_security_manager = getSecurityManager()
try:
for index, (context, user) in enumerate(zip(
context_list,
expected_user_list,
)):
newSecurityManager(None, user)
context.activate(
activity=activity,
group_method_id=None,
).doSomething(index=index)
finally:
setSecurityManager(initial_security_manager)
self.tic()
finally:
del Organisation.doSomething
self.assertEqual(
[x.getRoles() for x in user_list],
[x.getRoles() for x in expected_user_list],
)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment