Products.CMFActivity: Unconditionally change user in dummyGroupMethod

Since commit f363ac65 Author: Vincent Pelletier <vincent@nexedi.com> Date: Wed Mar 23 15:55:46 2022 +0900 Products.CMFActivity.ActivityTool: Store user object in activity. user_name on newly created activities is always None. As a result, activities using dummyGroupMethod are executed within the security context which spawns the group, which is System Processes, instead of the user which spawned each activity. Add a unittest for this.

Products.CMFActivity: Unconditionally change user in dummyGroupMethod
Since commit f363ac65 Author: Vincent Pelletier <vincent@nexedi.com> Date: Wed Mar 23 15:55:46 2022 +0900 Products.CMFActivity.ActivityTool: Store user object in activity. user_name on newly created activities is always None. As a result, activities using dummyGroupMethod are executed within the security context which spawns the group, which is System Processes, instead of the user which spawned each activity. Add a unittest for this.
0e57df28 · Vincent Pelletier · 984f7f13 · 0e57df28 · 0e57df28
Commit 0e57df28 authored Jun 13, 2022 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 42 additions and 6 deletions

product/CMFActivity/ActivityTool.py product/CMFActivity/ActivityTool.py +1 -6

product/CMFActivity/tests/testCMFActivity.py product/CMFActivity/tests/testCMFActivity.py +41 -0

No files found.
--- a/product/CMFActivity/ActivityTool.py
+++ b/product/CMFActivity/ActivityTool.py
@@ -1693,15 +1693,10 @@ class ActivityTool (BaseTool):
    class dummyGroupMethod(object):
      def __bobo_traverse__(self, REQUEST, method_id):
        def group_method(message_list):
-          user_name = None
          sm = getSecurityManager()
          try:
            for m in message_list:
-              message = m._message
-              message_user_id = message.getUserId()
-              if message.user_object or user_name != message.user_name:
-                user_name = message.user_name
-                message.changeUser(m.object)
+              m._message.changeUser(m.object, annotate_transaction=False)
              m.result = getattr(m.object, method_id)(*m.args, **m.kw)
          except Exception:
            m.raised()

--- a/product/CMFActivity/tests/testCMFActivity.py
+++ b/product/CMFActivity/tests/testCMFActivity.py
@@ -2835,3 +2835,44 @@ return [x.getObject() for x in context.portal_catalog(limit=100)]
    finally:
      setSecurityManager(initial_security_manager)
      del Organisation.checkUserGroupAndRole
+
+  @for_each_activity
+  def test_dummyGroupMethodUser(self, activity):
+    activity_tool = self.portal.portal_activities
+    user_folder = self.portal.acl_users
+    expected_user_list = [
+      PropertiedUser(id='user1', login='user1').__of__(user_folder),
+      PropertiedUser(id='user2', login='user2').__of__(user_folder),
+    ]
+    for index, user in enumerate(expected_user_list):
+      user._addGroups(groups=['role %i' % index])
+    context_list = [
+      self.portal.organisation_module.newContent(portal_type='Organisation')
+      for _ in expected_user_list
+    ]
+    self.tic()
+    user_list = [None for _ in expected_user_list]
+    def doSomething(self, index):
+      user_list[index] = getSecurityManager().getUser()
+    Organisation.doSomething = doSomething
+    try:
+      initial_security_manager = getSecurityManager()
+      try:
+        for index, (context, user) in enumerate(zip(
+          context_list,
+          expected_user_list,
+        )):
+          newSecurityManager(None, user)
+          context.activate(
+            activity=activity,
+            group_method_id=None,
+          ).doSomething(index=index)
+      finally:
+        setSecurityManager(initial_security_manager)
+      self.tic()
+    finally:
+      del Organisation.doSomething
+    self.assertEqual(
+      [x.getRoles() for x in user_list],
+      [x.getRoles() for x in expected_user_list],
+    )