Commit 7bee2168 authored by Xiaowu Zhang's avatar Xiaowu Zhang

erp5_web_renderjs_ui: allow anonymous access if has allowed list

so user can login
parent e8e7f5d1
...@@ -5,6 +5,7 @@ preference_tool = context.getPortalObject().portal_preferences ...@@ -5,6 +5,7 @@ preference_tool = context.getPortalObject().portal_preferences
if preference_tool.isPreferredHtmlStyleDisabled(): if preference_tool.isPreferredHtmlStyleDisabled():
u = getSecurityManager().getUser() u = getSecurityManager().getUser()
user_id = u.getId() user_id = u.getId()
allowed_user_id_list = preference_tool.getPreferredHtmlStyleAllowedUserIdList()
if user_id not in preference_tool.getPreferredHtmlStyleAllowedUserIdList(): #user is not in allowed list or anonymous access when allowed list is empty
if (user_id and user_id not in allowed_user_id_list) or (not user_id and not allowed_user_id_list):
raise Forbidden('xhtml_style is disabled. Please use ERP5JS') raise Forbidden('xhtml_style is disabled. Please use ERP5JS')
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Zuite" module="Products.Zelenium.zuite"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_objects</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>renderjs_ui_disable_xhtml_zuite</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="ZopePageTemplate" module="Products.PageTemplates.ZopePageTemplate"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>content_type</string> </key>
<value> <string>text/html</string> </value>
</item>
<item>
<key> <string>expand</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>testDisableXHtmlStyle</string> </value>
</item>
<item>
<key> <string>output_encoding</string> </key>
<value> <string>utf-8</string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <unicode></unicode> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<html xmlns:tal="http://xml.zope.org/namespaces/tal"
xmlns:metal="http://xml.zope.org/namespaces/metal">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Test Disable Xhtml Style</title>
</head>
<body>
<table cellpadding="1" cellspacing="1" border="1">
<thead>
<tr><td rowspan="1" colspan="3">Test Disable Xhtml Style</td></tr>
</thead><tbody>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/init" />
<tr>
<td>openAndWait</td>
<td>${base_url}/ERP5Site_createPersonWhoHasPermissionToAccess</td>
<td></td>
</tr>
<tr>
<td>assertTextPresent</td>
<td>done</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/macros/wait_for_activities" />
<tr>
<td>assertTextPresent</td>
<td>Done.</td>
<td></td>
</tr>
<tr>
<td>open</td>
<td>${base_url}/web_site_module/renderjs_runner/#/portal_preferences/default_system_preference</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//p[@id='field_my_translated_preference_state_title' and text()='Globally Enabled']</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/Zuite_CommonTemplateForRenderjsUi/macros/toggle_editable_mode" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value="default_system_preference"]</td>
<td></td>
</tr>
<tal:block tal:define="click_configuration python: {'text': 'XHTML'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@name='field_my_preferred_html_style_disabled']</td>
<td></td>
</tr>
<tr>
<td>check</td>
<td>//input[@name='field_my_preferred_html_style_disabled']</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>//textarea[@name='field_my_preferred_html_style_allowed_user_id_list']</td>
<td>user_logout_test</td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/save" />
<tal:block tal:define="click_configuration python: {'text': 'Logout'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>click</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Login']</td>
<td></td>
</tr>
<tr>
<td>openAndWait</td>
<td>${base_url}</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//input[@name='__ac_name']</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>//input[@name='__ac_name']</td>
<td>user_logout_test</td>
</tr>
<tr>
<td>type</td>
<td>//input[@name='__ac_password']</td>
<td>user_logout_test</td>
</tr>
<tr>
<td>clickAndWait</td>
<td>//input[@value='Login']</td>
<td></td>
</tr>
<tr>
<td>waitForTextPresent</td>
<td>Welcome to ERP5</td>
<td></td>
</tr>
<tr>
<td>open</td>
<td>${base_url}/web_site_module/renderjs_runner/#/portal_preferences/default_system_preference</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//p[@id='field_my_translated_preference_state_title' and text()='Globally Enabled']</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/Zuite_CommonTemplateForRenderjsUi/macros/toggle_editable_mode" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value="default_system_preference"]</td>
<td></td>
</tr>
<tal:block tal:define="click_configuration python: {'text': 'XHTML'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//textarea[@name='field_my_preferred_html_style_allowed_user_id_list']</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>//textarea[@name='field_my_preferred_html_style_allowed_user_id_list']</td>
<td>dummy</td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/save" />
<tal:block tal:define="click_configuration python: {'text': 'Logout'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>click</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Login']</td>
<td></td>
</tr>
<tr>
<td>openAndWait</td>
<td>${base_url}</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//input[@name='__ac_name']</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>//input[@name='__ac_name']</td>
<td>user_logout_test</td>
</tr>
<tr>
<td>type</td>
<td>//input[@name='__ac_password']</td>
<td>user_logout_test</td>
</tr>
<tr>
<td>clickAndWait</td>
<td>//input[@value='Login']</td>
<td></td>
</tr>
<tr>
<td>waitForTextPresent</td>
<td>xhtml_style is disabled. Please use ERP5JS</td>
<td></td>
</tr>
<tr>
<td>open</td>
<td>${base_url}/web_site_module/renderjs_runner/#/portal_preferences/default_system_preference</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//p[@id='field_my_translated_preference_state_title' and text()='Globally Enabled']</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplate/Zuite_CommonTemplateForRenderjsUi/macros/toggle_editable_mode" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value="default_system_preference"]</td>
<td></td>
</tr>
<tal:block tal:define="click_configuration python: {'text': 'XHTML'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//textarea[@name='field_my_preferred_html_style_allowed_user_id_list']</td>
<td></td>
</tr>
<tr>
<td>type</td>
<td>//textarea[@name='field_my_preferred_html_style_allowed_user_id_list']</td>
<td></td>
</tr>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/save" />
<tal:block tal:define="click_configuration python: {'text': 'Logout'}">
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/click_on_panel_link" />
</tal:block>
<tal:block metal:use-macro="here/Zuite_CommonTemplateForRenderjsUi/macros/wait_for_content_loaded" />
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>click</td>
<td>//input[@value='Confirm']</td>
<td></td>
</tr>
<tr>
<td>waitForElementPresent</td>
<td>//input[@value='Login']</td>
<td></td>
</tr>
<tr>
<td>openAndWait</td>
<td>${base_url}</td>
<td></td>
</tr>
<tr>
<td>waitForTextPresent</td>
<td>xhtml_style is disabled. Please use ERP5JS</td>
  • What is the point of this last pair of steps ?

    In my understanding, the last few steps can be described as:

    • logout
    • confirm logout
    • wait until we are back on the login page

    What is the meaning of, from this logged-out state, to go from the login form to the ERP5Site object and expecting this error to be displayed ?

    Specifically, in the case I am debugging, a login form gets displayed successfuly, because the user is logged out and the login form does not rely on xhtml style. Is there something wrong with this ?

    If there is nothing wrong with getting another working login page, then I would like to drop the last 2 steps of this test (open base_url, then wait for the error message).

  • steps are:

    • go to renderjs ui, edit allow_user_id_list in preference
    • logout
    • confirm logout
    • go to xhtml style site, then login with user id
    • test if we have xhtml_style is disabled. Please use ERP5JS according to allow_user_id_list

    3 cases are tested:

    case 1. if user is in allow_user_id_list ==> then no such message

    case 2. if user is not in allow_user_id_list ==> then display message

    case 3. if anonymous access and allowed user_id_list is empty ==> then display message

    the last step for case 3

    because the user is logged out and the login form does not rely on xhtml style.

    this is not normal, because it have

    <tr>
      <td>openAndWait</td>
      <td>${base_url}</td>
      <td></td>
    </tr>
    

    test should go to xhtml style site

  • this is not normal, because it have

    sry, i was too fast, yes, it's normal

    it test if allow_user_id_list is empty and anyone acces the site will get error message

  • test should go to xhtml style site

    It does go to the xhtml style site (ERP5Site document default view), yes, but:

    1. because the user is logged out, they get redirected to the login form (they do not have permission to view the site root)
    2. ...login form which does not rely on xhtml style usual renderer (this is the change I am testing), hence it does not trigger the "xhtml style disabled, use erp5js" message, hence this test fails

    So again, my question is: why are we testing that an anonymous user gets this specific error message when accessing the ERP5Site ?

    To me, the behaviour of an anonymous user accessing ERP5Site is that they get directed to some authentication form. We cannot make much assumptions about what that login form is: it could be hosted on a different domain, possibly not even by an ERP5 instance. There would be no reason for such instance to display an error message just because xhtml style is disabled on some ERP5 instance the authentication attempt is coming from, but still this test is trying to impose checks on this. So to me, this last pair of steps are going beyond the scope of this test, and are rather checking the behaviour of some specific version of ERP5 rather than a behaviour we actually want every versions to have. This is preventing changes to ERP5 which I think are justified, and I fail to see any good reason to prevent this. So I would like to drop these two steps.

    So far, I fail to understand from your replies whether there is any fundamental reason to have these last two steps. Is there a good reason to have them ? If so, what is it ? Otherwise, is it OK for you if I remove them ?

  • So again, my question is: why are we testing that an anonymous user gets this specific error message when accessing the ERP5Site ?

    because in erp5 site, anonymous can access some objects, like public web site or public documentation or ....

    so when xhtml style is disabled, a logged user access a public document, he will get this error message(normal)

    but when he logout, and access the same document, he should get the some error message, otherwith it's not consistency

    the test is for such behavior

    .login form which does not rely on xhtml style usual renderer (this is the change I am testing)

    i see, you can change the test to access like ${base_url}/web_page_module/public_document or other public object

  • i see, you can change the test to access like ${base_url}/web_page_module/public_document or other public object

    Done: 8990ee68

Please register or sign in to reply
<td></td>
</tr>
</tbody></table>
</body>
</html>
\ No newline at end of file
##############################################################################
#
# Copyright (c) 2011 Nexedi SARL and Contributors. All Rights Reserved.
# Kazuhiko <kazuhiko@nexedi.com>
# Rafael Monnerat <rafael@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import unittest
from Products.ERP5Type.tests.ERP5TypeFunctionalTestCase import ERP5TypeFunctionalTestCase
class TestRenderJSUIServiceWorker(ERP5TypeFunctionalTestCase):
foreground = 0
run_only = "renderjs_ui_disable_xhtml_zuite"
def getBusinessTemplateList(self):
return (
'erp5_web_renderjs_ui',
'erp5_web_renderjs_ui_test',
'erp5_ui_test_core',
)
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestRenderJSUIServiceWorker))
return suite
\ No newline at end of file
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Test Component" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_recorded_property_dict</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>default_reference</string> </key>
<value> <string>testFunctionalDisableXHtml</string> </value>
</item>
<item>
<key> <string>default_source_reference</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>test.erp5.testFunctionalDisableXHtml</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Test Component</string> </value>
</item>
<item>
<key> <string>sid</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>text_content_error_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>version</string> </key>
<value> <string>erp5</string> </value>
</item>
<item>
<key> <string>workflow_history</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary>
<item>
<key> <string>component_validation_workflow</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_log</string> </key>
<value>
<list>
<dictionary>
<item>
<key> <string>action</string> </key>
<value> <string>validate</string> </value>
</item>
<item>
<key> <string>validation_state</string> </key>
<value> <string>validated</string> </value>
</item>
</dictionary>
</list>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
...@@ -4,6 +4,8 @@ portal_tests/renderjs_ui_date_time_field_zuite ...@@ -4,6 +4,8 @@ portal_tests/renderjs_ui_date_time_field_zuite
portal_tests/renderjs_ui_date_time_field_zuite/** portal_tests/renderjs_ui_date_time_field_zuite/**
portal_tests/renderjs_ui_developer_mode_zuite portal_tests/renderjs_ui_developer_mode_zuite
portal_tests/renderjs_ui_developer_mode_zuite/** portal_tests/renderjs_ui_developer_mode_zuite/**
portal_tests/renderjs_ui_disable_xhtml_zuite
portal_tests/renderjs_ui_disable_xhtml_zuite/**
portal_tests/renderjs_ui_dms_zuite portal_tests/renderjs_ui_dms_zuite
portal_tests/renderjs_ui_dms_zuite/** portal_tests/renderjs_ui_dms_zuite/**
portal_tests/renderjs_ui_editor_gadget_zuite portal_tests/renderjs_ui_editor_gadget_zuite
......
...@@ -28,3 +28,4 @@ test.erp5.testRJSPortalType ...@@ -28,3 +28,4 @@ test.erp5.testRJSPortalType
test.erp5.testRJSUpgrader test.erp5.testRJSUpgrader
test.erp5.testFunctionalRJSServiceWorker test.erp5.testFunctionalRJSServiceWorker
test.erp5.testFunctionalRJSParallelListField test.erp5.testFunctionalRJSParallelListField
test.erp5.testFunctionalDisableXHtml
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment