ors_wendelin_test: Update tests

bt5/ors_wendelin_test/TestTemplateItem/portal_components/test.erp5.testORSWendelin.py

@@ -68,11 +68,11 @@ class ORSWendelinTest(SecurityTestCase):
           module.manage_delObjects(ids=test_object_ids)
     self.tic()
 
-  def _createOrsWendelinUser(self, reference, project, role):
-    # Create and validate a new Person with an assignment associated to the given project and the given role
+  def _createOrsWendelinUser(self, reference, project, function):
+    # Create and validate a new Person with an assignment associated to the given project and the given function
     user = self.portal.person_module.newContent(portal_type='Person',
       reference=reference)
-    user.newContent(portal_type='Assignment', destination_project=project, role=role).open()
+    user.newContent(portal_type='Assignment', destination_project=project, function=function).open()
     user.newContent(portal_type='ERP5 Login', reference=reference, password=reference).validate()
     user.validate()
     self.tic()
@@ -94,7 +94,7 @@ class ORSWendelinTest(SecurityTestCase):
     }
 
     # Call the script responsible for creating the project and all associated items and store the JSON response
-    response = self.portal.ERP5Site_registerOrsClientProject(
+    response = self.portal.Base_registerOrsClientProject(
       references_dict['project'],
       references_dict['project'],
       references_dict['client_user'],
@@ -219,44 +219,61 @@ class ORSWendelinTest(SecurityTestCase):
     else:
       self.failIfUserCanAddDocument(user_id, document)
 
-  def _checkIngestionDocumentsPermissions(self, user, ingestion_objects, user_is_manager, same_project):
+  def _checkIngestionDocumentsPermissions(self, user, ingestion_objects, user_is_admin, same_project):
     # A client can only view a Data Acquisition Unit (ORS) if it is associated to their project
-    # A manager can view and edit all of them, as well as add one
-    self._checkDocumentPermissions(user, ingestion_objects['data_acquisition_unit'], user_is_manager or same_project, user_is_manager, user_is_manager)
+    # An administrator can view and edit all of them, as well as add one
+    self._checkDocumentPermissions(user, ingestion_objects['data_acquisition_unit'], user_is_admin or same_project, user_is_admin, user_is_admin)
 
     # Same as above for a Data Supply (required for scoping clients to their projects)
-    self._checkDocumentPermissions(user, ingestion_objects['data_supply'], user_is_manager or same_project, user_is_manager, user_is_manager)
+    self._checkDocumentPermissions(user, ingestion_objects['data_supply'], user_is_admin or same_project, user_is_admin, user_is_admin)
 
-    # Only a manager can view a Data Stream, and nothing else
-    self._checkDocumentPermissions(user, ingestion_objects['data_stream'], user_is_manager, False, False)
+    # Only an administrator can view a Data Stream, and nothing else
+    self._checkDocumentPermissions(user, ingestion_objects['data_stream'], user_is_admin, False, False)
 
     # A client can view a Data Array if it is associated to their project
-    # A manager can view all of them
+    # An administrator can view all of them
     for data_array in ingestion_objects['data_arrays']:
-      self._checkDocumentPermissions(user, data_array, user_is_manager or same_project, False, False)
+      self._checkDocumentPermissions(user, data_array, user_is_admin or same_project, False, False)
 
-  def _checkModulePermissions(self, user, user_is_manager):
+  def _checkModulePermissions(self, user, user_is_admin):
     # Everyone can view the Data Acquisition Unit and Data Supply modules
-    # Only managers can add documents to them
-    self._checkDocumentPermissions(user, self.portal.data_acquisition_unit_module, True, False, user_is_manager)
-    self._checkDocumentPermissions(user, self.portal.data_supply_module, True, False, user_is_manager)
-
-    # Only managers can view the Data Ingestion and Data Stream modules
-    self._checkDocumentPermissions(user, self.portal.data_ingestion_module, user_is_manager, False, False)
-    self._checkDocumentPermissions(user, self.portal.data_stream_module, user_is_manager, False, False)
+    # Only administrators can add documents to them
+    self._checkDocumentPermissions(user, self.portal.data_acquisition_unit_module, True, False, user_is_admin)
+    self._checkDocumentPermissions(user, self.portal.data_supply_module, True, False, user_is_admin)
+
+    # Everyone can view the Data Product module (required for KPI graphing)
+    # Everyone can also view the two data products used in the KPI calculation process (required for KPI graphing)
+    self._checkDocumentPermissions(user, self.portal.data_product_module, True, False, False)
+    ors_kpi = self.portal.portal_catalog.getResultValue(portal_type='Data Product',
+      reference='ors_kpi',
+      validation_state='validated')
+    self._checkDocumentPermissions(user, ors_kpi, True, False, False)
+    ors_enb_log_data = self.portal.portal_catalog.getResultValue(portal_type='Data Product',
+      reference='ors_enb_log_data',
+      validation_state='validated')
+    self._checkDocumentPermissions(user, ors_enb_log_data, True, False, False)
 
     # Everyone can view the Data Transformation module (required for KPI graphing)
+    # Everyone can also view the data transformation used to produce the KPIs (required for KPI graphing)
     self._checkDocumentPermissions(user, self.portal.data_transformation_module, True, False, False)
+    data_transformation = self.portal.portal_catalog.getResultValue(portal_type='Data Transformation',
+      reference='ors_enb_log_data_transformation',
+      validation_state='validated')
+    self._checkDocumentPermissions(user, data_transformation, True, False, False)
 
-    # Only managers can view the Data Analysis module
-    self._checkDocumentPermissions(user, self.portal.data_analysis_module, user_is_manager, False, False)
+    # Only administrators can view the Data Ingestion and Data Stream modules
+    self._checkDocumentPermissions(user, self.portal.data_ingestion_module, user_is_admin, False, False)
+    self._checkDocumentPermissions(user, self.portal.data_stream_module, user_is_admin, False, False)
+
+    # Only administrators can view the Data Analysis module
+    self._checkDocumentPermissions(user, self.portal.data_analysis_module, user_is_admin, False, False)
 
     # Everyone can view the Data Array module (required for KPI graphing)
     self._checkDocumentPermissions(user, self.portal.data_array_module, True, False, False)
 
-    # Only managers have access to the Person and Project modules and can add items to them for client management purposes
-    self._checkDocumentPermissions(user, self.portal.project_module, user_is_manager, False, user_is_manager)
-    self._checkDocumentPermissions(user, self.portal.person_module, user_is_manager, False, user_is_manager)
+    # Only administrators have access to the Person and Project modules and can add items to them for client management purposes
+    self._checkDocumentPermissions(user, self.portal.project_module, user_is_admin, False, user_is_admin)
+    self._checkDocumentPermissions(user, self.portal.person_module, user_is_admin, False, user_is_admin)
 
   def test_01_createOrsDataSupply(self):
     '''
@@ -274,6 +291,7 @@ class ORSWendelinTest(SecurityTestCase):
     self.tic()
 
     # Call the tested script which creates a related Data Supply
+    # No need to assign a project to it here
     data_supply = data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
     self.tic()
 
@@ -281,6 +299,8 @@ class ORSWendelinTest(SecurityTestCase):
     self.assertTrue(data_supply is not None)
     self.assertTrue(data_supply.getValidationState() == 'validated')
 
+    # TODO: Redo this with a destination_project
+
   def test_02_registerOrsClientProject(self):
     '''
     Test the script called during slave instantiation in SlapOS to register a new client project.
@@ -477,7 +497,7 @@ class ORSWendelinTest(SecurityTestCase):
 
   def test_05_orsWendelinSecurityModel(self):
     '''
-    Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their role and project.
+    Test ORS Wendelin's custom security model: check that different users can only access the ingestion documents relative to their function and project.
     '''
 
     # Create two distinct projects
@@ -491,11 +511,11 @@ class ORSWendelinTest(SecurityTestCase):
     ingestion_B_objects = self._getOrsIngestionObjects(self.test_ors_example_log_valid, ors_B_reference, stop_data_analysis=True)
 
     # Create a client user not associated to a project (should not happen in practice)
-    client_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'ors/client')
+    client_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'user')
 
-    # Create two manager users: one associated to project_A and the second not associated to a project
-    manager_user_A = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), project_A_objects['project'].getRelativeUrl(), 'ors/manager')
-    manager_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'ors/manager')
+    # Create two administrator users: one associated to project_A and the second not associated to a project
+    admin_user_A = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), project_A_objects['project'].getRelativeUrl(), 'administrator')
+    admin_user_N = self._createOrsWendelinUser('test_user_%s' % generateRandomString(), None, 'administrator')
 
     ors_N_reference = 'ors.test_%s' % generateRandomString()
 
@@ -506,13 +526,9 @@ class ORSWendelinTest(SecurityTestCase):
     )
     data_acquisition_unit.validate()
     self.tic()
-    data_supply = data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
+    data_acquisition_unit.DataAcquisitionUnit_createOrsDataSupply(batch=1)
     self.tic()
 
-    # Force update on local roles to ensure proper permissions
-    data_acquisition_unit.updateLocalRolesOnSecurityGroups()
-    data_supply.updateLocalRolesOnSecurityGroups()
-
     # Perform an ingestion for the ORS not associated to a project
     ingestion_N_objects = self._getOrsIngestionObjects(self.test_ors_example_log_valid, ors_N_reference, stop_data_analysis=True)
 
@@ -536,13 +552,13 @@ class ORSWendelinTest(SecurityTestCase):
     self._checkIngestionDocumentsPermissions(client_user_N, ingestion_B_objects, False, False)
     self._checkIngestionDocumentsPermissions(client_user_N, ingestion_N_objects, False, False)
 
-    # Check that both managers, whether assigned to a project, have access to all documents
-    self._checkModulePermissions(manager_user_A, True)
-    self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_A_objects, True, True)
-    self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_B_objects, True, False)
-    self._checkIngestionDocumentsPermissions(manager_user_A, ingestion_N_objects, True, False)
+    # Check that both administrators, whether assigned to a project, have access to all documents
+    self._checkModulePermissions(admin_user_A, True)
+    self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_A_objects, True, True)
+    self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_B_objects, True, False)
+    self._checkIngestionDocumentsPermissions(admin_user_A, ingestion_N_objects, True, False)
 
-    self._checkModulePermissions(manager_user_N, True)
-    self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_A_objects, True, False)
-    self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_B_objects, True, False)
-    self._checkIngestionDocumentsPermissions(manager_user_N, ingestion_N_objects, True, False)
\ No newline at end of file
+    self._checkModulePermissions(admin_user_N, True)
+    self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_A_objects, True, False)
+    self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_B_objects, True, False)
+    self._checkIngestionDocumentsPermissions(admin_user_N, ingestion_N_objects, True, False)
\ No newline at end of file