diff --git a/product/ERP5/tests/testBase.py b/product/ERP5/tests/testBase.py index 648b9211e142f957e565fe6fac659a414b46119a..175183ccb7287e2ee90fe9a7a26e25df815a22c5 100644 --- a/product/ERP5/tests/testBase.py +++ b/product/ERP5/tests/testBase.py @@ -37,8 +37,10 @@ from Testing import ZopeTestCase from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase,\ _getConversionServerDict from AccessControl.SecurityManagement import newSecurityManager +from AccessControl import getSecurityManager from Products.ERP5Type.tests.Sequence import SequenceList from Products.ERP5Type.Base import Base +from Products.ERP5Type.Utils import convertToUpperCase from zExceptions import BadRequest from Products.ERP5Type.tests.backportUnittest import skip from Products.ERP5Type.Workflow import addWorkflowByType @@ -1015,7 +1017,6 @@ class TestBase(ERP5TypeTestCase, ZopeTestCase.Functional): for permission in permission_list: manager_has_no_permission[permission] = () - from AccessControl import getSecurityManager user = getSecurityManager().getUser() try: self.assertTrue(permission_list) @@ -1192,15 +1193,48 @@ class TestBase(ERP5TypeTestCase, ZopeTestCase.Functional): self.assertEquals(1, len(self.getPortal().portal_catalog( translated_portal_type='Person', title='translate_table_test'))) - def test_TempBasePublicMethods(self): - # make sure TempBase methods 'edit' and 'setProperty' are actually public + def test_TemporaryObjectPublicMethodListForAnonymous(self): + """make sure temporary object methods are actually public. + Thanks to owner role, even for Anonymous users + """ self.logout() - from Products.ERP5Type.Document import newTempBase - from OFS.Traversable import guarded_getattr - tb = newTempBase(self.portal, '_temp_base') - for name in ('edit', 'setProperty'): + organisation = self.portal.organisation_module.newContent( + portal_type='Organisation', + temp_object=True) + user = getSecurityManager().getUser() + self.assertTrue('Owner' in user.getRolesInContext(organisation)) + from AccessControl.ZopeGuards import guarded_getattr + property_map_dict = organisation.propertyMap() + property_id_list = ('edit', 'setProperty', 'getProperty') + \ + tuple(['get' + convertToUpperCase(property_map['id'])\ + for property_map in property_map_dict]) + + for property_id in property_id_list: + # should not raise Unauthorized + guarded_getattr(organisation, property_id) + + def test_TemporaryObjectPublicMethodList(self): + """make sure temporary object methods are actually public. + Thanks to owner role. + """ + uf = self.getPortal().acl_users + uf._doAddUser('BOBBY', '', ['Member',], []) + user = uf.getUserById('BOBBY').__of__(uf) + newSecurityManager(None, user) + organisation = self.portal.organisation_module.newContent( + portal_type='Organisation', + temp_object=True) + user = getSecurityManager().getUser() + self.assertTrue('Owner' in user.getRolesInContext(organisation)) + from AccessControl.ZopeGuards import guarded_getattr + property_map_dict = organisation.propertyMap() + property_id_list = ('edit', 'setProperty', 'getProperty') + \ + tuple(['get' + convertToUpperCase(property_map['id'])\ + for property_map in property_map_dict]) + + for property_id in property_id_list: # should not raise Unauthorized - edit = guarded_getattr(tb, name) + guarded_getattr(organisation, property_id) @skip("isIndexable is not designed to work like tested here, this test \ must be rewritten once we know how to handle correctly templates")