diff --git a/product/ERP5/tests/testERP5Web.py b/product/ERP5/tests/testERP5Web.py index ff458c76051a000858f0e4dfe17faa889f21414a..89f1dea08885ceae754aaceadce40a4e2028bca7 100644 --- a/product/ERP5/tests/testERP5Web.py +++ b/product/ERP5/tests/testERP5Web.py @@ -544,25 +544,26 @@ class TestERP5Web(ERP5TypeTestCase, ZopeTestCase.Functional): #set predicate on web section using 'publication_section' websection.edit(membership_criterion_base_category = ['publication_section'], - membership_criterion_category=['publication_section/%s' - %publication_section_category_id_list[0]]) + membership_criterion_category=['publication_section/%s' \ + % publication_section_category_id_list[0]]) # clean up self.web_page_module.manage_delObjects(list(self.web_page_module.objectIds())) portal.portal_categories.publication_section.manage_delObjects( - list(portal.portal_categories.publication_section.objectIds())) + list(portal.portal_categories.publication_section.objectIds())) # create categories for category_id in publication_section_category_id_list: portal.portal_categories.publication_section.newContent(portal_type = 'Category', - id = category_id) + id = category_id) web_page_reference = 'default-document-reference-%s' web_page_list = [] for index in range(0, 10): web_page = self.portal.web_page_module.newContent( - portal_type = 'Web Page', - language = 'en', + portal_type = 'Web Page', + language = 'en', reference = web_page_reference %index, publication_section_list=publication_section_category_id_list[:1]) web_page_list.append(web_page) + get_transaction().commit() self.tic() # in draft state no documents should belong to this Web Section @@ -692,21 +693,21 @@ class TestERP5WebWithSimpleSecurity(ERP5TypeTestCase): id='site') section = site.newContent(portal_type='Web Section', id='section') person = portal.person_module.newContent(portal_type = 'Person', - reference = person_reference) + reference = person_reference) # add Role Definition for site and section site_role_definition = site.newContent(portal_type = 'Role Definition', - role_name = 'Assignee', - agent = person.getRelativeUrl()) + role_name = 'Assignee', + agent = person.getRelativeUrl()) section_role_definition = section.newContent(portal_type = 'Role Definition', - role_name = 'Associate', - agent = person.getRelativeUrl()) + role_name = 'Associate', + agent = person.getRelativeUrl()) get_transaction().commit() self.tic() # check if Role Definition have create local roles self.assertSameSet(('Assignee',), - site.get_local_roles_for_userid(person_reference)) + site.get_local_roles_for_userid(person_reference)) self.assertSameSet(('Associate',), - section.get_local_roles_for_userid(person_reference)) + section.get_local_roles_for_userid(person_reference)) # delete Role Definition and check again (local roles must be gone too) site.manage_delObjects(site_role_definition.getId()) @@ -714,9 +715,150 @@ class TestERP5WebWithSimpleSecurity(ERP5TypeTestCase): get_transaction().commit() self.tic() self.assertSameSet((), - site.get_local_roles_for_userid(person_reference)) - self.assertSameSet((), - section.get_local_roles_for_userid(person_reference)) + site.get_local_roles_for_userid(person_reference)) + self.assertSameSet((), + section.get_local_roles_for_userid(person_reference)) + + + def test_03_WebSection_getDocumentValueListSecurity(self, quiet=quiet, run=run_all_test): + """ Test WebSection_getDocumentValueList behaviour and security""" + if not run: + return + self.changeUser('admin') + web_site_module = self.portal.web_site_module + site = web_site_module.newContent(portal_type='Web Site', + id='site') + + section = site.newContent(portal_type='Web Section', + id='section') + + get_transaction().commit() + self.tic() + + section.setCriterionProperty('portal_type') + section.setCriterion('portal_type', max='', + identity=['Web Page'], min='') + + get_transaction().commit() + self.tic() + + self.changeUser('erp5user') + page_en_0 = self.portal.web_page_module.newContent(portal_type='Web Page') + page_en_0.edit(reference='my-first-web-page', + language='en', + version='1', + text_format='text/plain', + text_content='Hello, World!') + + page_en_1 = self.portal.web_page_module.newContent(portal_type='Web Page') + page_en_1.edit(reference='my-first-web-page', + language='en', + version='2', + text_format='text/plain', + text_content='Hello, World!') + + page_en_2 = self.portal.web_page_module.newContent(portal_type='Web Page') + page_en_2.edit(reference='my-second-web-page', + language='en', + version='2', + text_format='text/plain', + text_content='Hello, World!') + + page_jp_0 = self.portal.web_page_module.newContent(portal_type='Web Page') + page_jp_0.edit(reference='my-first-japonese-page', + language='jp', + version='1', + text_format='text/plain', + text_content='Hello, World!') + + + + get_transaction().commit() + self.changeUser('erp5user') + self.tic() + self.portal.Localizer.changeLanguage('en') + + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + self.changeUser('erp5user') + page_en_0.publish() + get_transaction().commit() + self.tic() + + self.portal.Localizer.changeLanguage('en') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + self.assertEquals(page_en_0.getUid(), + section.WebSection_getDocumentValueList()[0].getUid()) + + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + # By Anonymous + self.logout() + self.portal.Localizer.changeLanguage('en') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + self.assertEquals(page_en_0.getUid(), + section.WebSection_getDocumentValueList()[0].getUid()) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + # Second Object + self.changeUser('erp5user') + page_en_1.publish() + get_transaction().commit() + self.tic() + + self.portal.Localizer.changeLanguage('en') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + self.assertEquals(page_en_1.getUid(), + section.WebSection_getDocumentValueList()[0].getUid()) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + # By Anonymous + self.logout() + self.portal.Localizer.changeLanguage('en') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + self.assertEquals(page_en_1.getUid(), + section.WebSection_getDocumentValueList()[0].getUid()) + + # Trird Object + self.changeUser('erp5user') + page_en_2.publish() + get_transaction().commit() + self.tic() + + self.portal.Localizer.changeLanguage('en') + self.assertEquals(2, len(section.WebSection_getDocumentValueList())) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + # By Anonymous + self.logout() + self.portal.Localizer.changeLanguage('en') + self.assertEquals(2, len(section.WebSection_getDocumentValueList())) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(0, len(section.WebSection_getDocumentValueList())) + + # First Japonese Object + self.changeUser('erp5user') + page_jp_0.publish() + get_transaction().commit() + self.tic() + + self.portal.Localizer.changeLanguage('en') + self.assertEquals(2, len(section.WebSection_getDocumentValueList())) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + + # By Anonymous + self.logout() + self.portal.Localizer.changeLanguage('en') + self.assertEquals(2, len(section.WebSection_getDocumentValueList())) + self.portal.Localizer.changeLanguage('jp') + self.assertEquals(1, len(section.WebSection_getDocumentValueList())) + self.assertEquals(page_jp_0.getUid(), + section.WebSection_getDocumentValueList()[0].getUid()) def test_suite(): suite = unittest.TestSuite()