From 1a39e3a7ca3d90ce7c54d2b4330a5fe6d712fa7e Mon Sep 17 00:00:00 2001 From: Romain Courteaud <romain@nexedi.com> Date: Wed, 13 Aug 2008 17:15:19 +0000 Subject: [PATCH] New test to check the expected behaviour of object security indexation. Currently, if an object acquires its parent local roles AND also define local roles, its indexed security is false. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@22986 20353a03-c40f-0410-a6d1-a30d3c3de9de --- product/ERP5Catalog/tests/testERP5Catalog.py | 66 ++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/product/ERP5Catalog/tests/testERP5Catalog.py b/product/ERP5Catalog/tests/testERP5Catalog.py index b95dabbf82..792ad9ffe9 100644 --- a/product/ERP5Catalog/tests/testERP5Catalog.py +++ b/product/ERP5Catalog/tests/testERP5Catalog.py @@ -1898,6 +1898,72 @@ class TestERP5Catalog(ERP5TypeTestCase, LogInterceptor): self.assertEquals([], [x.getObject() for x in obj.searchFolder(portal_type='Bank Account')]) + def test_SubDocumentsWithAcquireLocalRoleSecurityIndexing( + self, quiet=quiet, run=run_all_test): + if not run: return + # Check that sub object indexation is compatible with ZODB settings + # when the sub object acquires the parent local roles + perm = 'View' + + # Create some users + login = PortalTestCase.login + logout = self.logout + user1 = 'local_foo_1' + user2 = 'local_bar_1' + uf = self.getPortal().acl_users + uf._doAddUser(user1, user1, ['Member', ], []) + uf._doAddUser(user2, user2, ['Member', ], []) + + container_portal_type = 'Organisation' + # Create a container, define a local role, and set view permission + folder = self.getOrganisationModule() + + # user1 should be auditor on container + # user2 should be assignor on subdocument + container = folder.newContent(portal_type=container_portal_type) + container.manage_setLocalRoles(user1, ['Auditor']) +# container.manage_setLocalRoles(user2, []) + container.manage_permission(perm, ['Owner', 'Auditor', 'Assignor'], 0) + + # By default, local roles are acquired from container for Email portal type + object_portal_type = 'Email' + obj = container.newContent(portal_type=object_portal_type) + # Acquire permission from parent + obj.manage_permission(perm, [], 1) + obj.manage_setLocalRoles(user2, ['Assignor']) + + obj.reindexObject() + get_transaction().commit() + self.tic() + + logout() + login(self, user1) + result = obj.portal_catalog(portal_type=object_portal_type) + self.assertSameSet([obj, ], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Owner') + self.assertSameSet([], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Assignor') + self.assertSameSet([], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Auditor') + self.assertSameSet([obj], [x.getObject() for x in result]) + + logout() + login(self, user2) + result = obj.portal_catalog(portal_type=object_portal_type) + self.assertSameSet([obj, ], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Owner') + self.assertSameSet([], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Assignor') + self.assertSameSet([obj], [x.getObject() for x in result]) + result = obj.portal_catalog(portal_type=object_portal_type, + local_roles='Auditor') + self.assertSameSet([], [x.getObject() for x in result]) + def test_60_ViewableOwnerIndexing(self, quiet=quiet, run=run_all_test): if not run: return -- 2.30.9