def test_closing_direct_execution_task_does_not_revoke_roles_if_revoke_permission_is_false(
self, browser):
self.login(self.regular_user, browser=browser)
self.subtask.revoke_permissions = False
self.subtask.task_type = 'direct-execution'
self.subtask.sync()
self.set_workflow_state('task-state-in-progress', self.subtask)
# close
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-in-progress-tested-and-closed')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': self.regular_user.id
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': 'fa_inbox_users'
}], storage._storage())
def test_closing_does_not_revoke_roles_on_task_if_revoke_permission_is_false(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
self.set_workflow_state('task-state-resolved', self.task)
self.task.revoke_permissions = False
storage = RoleAssignmentManager(self.task).storage
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'kathi.barfuss'},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'fa_inbox_users'}], storage._storage())
# close
browser.open(self.task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.fill({'Response': 'Done!'})
browser.click_on('Save')
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'kathi.barfuss'},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'fa_inbox_users'}], storage._storage())
def test_closing_a_task_revokes_responsible_roles_on_related_documents(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
self.set_workflow_state('task-state-resolved', self.task)
storage = RoleAssignmentManager(self.document).storage
expected_oguids = [
Oguid.for_object(task).id
for task in (
self.task, self.task, self.subtask, self.subtask,
self.info_task, self.info_task, self.private_task,
self.inbox_task)
]
self.assertEqual(
expected_oguids,
[item.get('reference') for item in storage._storage()],
)
# close
browser.open(self.task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.fill({'Response': 'Done!'})
browser.click_on('Save')
expected_oguids = [
Oguid.for_object(task).id
for task in (self.subtask, self.subtask, self.info_task,
self.info_task, self.private_task, self.inbox_task)
]
self.assertEqual(
expected_oguids,
[item.get('reference') for item in storage._storage()],
)
def test_closing_a_task_revokes_responsible_roles_on_task(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
self.set_workflow_state('task-state-resolved', self.task)
storage = RoleAssignmentManager(self.task).storage
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'kathi.barfuss'
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task),
'principal': 'fa_inbox_users'
}], storage._storage())
# close
browser.open(self.task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.fill({'Response': 'Done!'})
browser.click_on('Save')
self.assertEqual([], storage._storage())
def test_returns_serialized_assignments(self, browser):
self.login(self.secretariat_user, browser=browser)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update(self.regular_user.id, ['Editor'],
ASSIGNMENT_VIA_TASK, reference=self.task)
manager.add_or_update(self.regular_user.id, ['Reader'],
ASSIGNMENT_VIA_TASK_AGENCY)
browser.open(self.empty_dossier,
view='@role-assignments/{}'.format(self.regular_user.id),
method='Get', headers={'Accept': 'application/json'})
self.assertEquals(
[{u'cause': {
u'id': ASSIGNMENT_VIA_TASK,
u'title': u'By task'},
u'roles': [u'Editor'],
u'reference': {
u'url': self.task.absolute_url(),
u'title': self.task.title},
u'principal': u'kathi.barfuss'},
{u'cause': {
u'id': ASSIGNMENT_VIA_TASK_AGENCY,
u'title': u'By task agency'},
u'roles': [u'Reader'],
u'reference': None,
u'principal': u'kathi.barfuss'}],
browser.json)
def test_does_not_preserve_local_roles_from_committee_group(self, browser):
assignment_type = ASSIGNMENT_VIA_COMMITTEE_GROUP
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.subdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor'],
self.committee))
manager = RoleAssignmentManager(self.subdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
with self.observe_children(self. empty_repofolder) as children:
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertEqual(1, len(children.get('added')))
subdossier_copy = children.get('added').pop()
manager = RoleAssignmentManager(subdossier_copy)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(0, len(assignments),
"{} should not get copied".format(assignment_class))
def test_preserves_local_roles_from_invitation(self, browser):
assignment_type = ASSIGNMENT_VIA_INVITATION
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.subdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor'],
self.workspace))
manager = RoleAssignmentManager(self.subdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
with self.observe_children(self. empty_repofolder) as children:
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertEqual(1, len(children.get('added')))
subdossier_copy = children.get('added').pop()
manager = RoleAssignmentManager(subdossier_copy)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments), "{} should get copied".format(assignment_class))
assignment = assignments[0]
expected_assignment = {'cause': assignment_type,
'roles': ['Reader', 'Editor', 'Contributor'],
'reference': Oguid.for_object(self.workspace).id,
'principal': self.regular_user.id}
self.assertEqual(expected_assignment, assignment)
def test_skip_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser):
self.login(self.secretariat_user, browser=browser)
self.seq_subtask_2.revoke_permissions = False
storage = RoleAssignmentManager(self.seq_subtask_2).storage
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'kathi.barfuss'},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'fa_inbox_users'}], storage._storage())
# skip
browser.open(self.seq_subtask_2, view='tabbedview_view-overview')
browser.click_on('task-transition-planned-skipped')
browser.click_on('Save')
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'kathi.barfuss'},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'fa_inbox_users'}], storage._storage())
def test_error_when_no_access_to_meeting_dossier(self, browser):
with self.login(self.administrator):
RoleAssignmentManager(
self.committee_container).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(),
['Reader']))
RoleAssignmentManager(self.committee).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(),
['CommitteeResponsible', 'Editor']))
# Let regular_user have no access to meeting_dossier
self.meeting_dossier.__ac_local_roles_block__ = True
agenda_item = self.schedule_proposal(self.meeting,
self.submitted_proposal)
agenda_item.decide()
self.login(self.regular_user, browser)
with browser.expect_http_error(code=403):
browser.open(
self.agenda_item_url(agenda_item, 'generate_excerpt'),
data={'excerpt_title': 'Excerption \xc3\x84nderungen'})
expected_messages = {
u'messages': [{
u'messageTitle': u'Error',
u'message':
u'Insufficient privileges to add a document to the meeting dossier.',
u'messageClass': u'error',
}],
}
self.assertEquals(expected_messages, browser.json)
def test_remove_role_assignments_and_updates_local_roles(self, browser):
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update_assignment(
SharingRoleAssignment(
self.regular_user.id, ['Reader', 'Editor', 'Contributor']))
data = json.dumps({
"entries": [
{"id": self.regular_user.id,
"roles": {"Contributor": False,
"Editor": False,
"Reader": False,
"Reviewer": False,
"Publisher": False},
"type": "user"},
],
"inherit": True})
browser.open(self.empty_dossier, data, view='@sharing', method='POST',
headers={'Accept': 'application/json',
'Content-Type': 'application/json'})
self.assertEquals(
(('robert.ziegler', ('Owner',)),),
self.empty_dossier.get_local_roles())
self.assertEquals(
[],
RoleAssignmentManager(self.empty_dossier).storage._storage())
def test_skip_task_does_not_revoke_roles_if_revoke_permission_is_false(
self, browser):
self.login(self.secretariat_user, browser=browser)
self.seq_subtask_2.revoke_permissions = False
storage = RoleAssignmentManager(self.seq_subtask_2).storage
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'kathi.barfuss'
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'fa_inbox_users'
}], storage._storage())
# skip
browser.open(self.seq_subtask_2, view='tabbedview_view-overview')
browser.click_on('task-transition-planned-skipped')
browser.click_on('Save')
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'kathi.barfuss'
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.seq_subtask_2),
'principal': 'fa_inbox_users'
}], storage._storage())
def test_status_message_shown_when_local_roles_on_subdossier_are_copied(self, browser):
assignment_type = ASSIGNMENT_VIA_SHARING
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertItemsEqual(info_messages(),
["Objects from clipboard successfully pasted."])
manager = RoleAssignmentManager(self.subsubdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor']))
manager = RoleAssignmentManager(self.subsubdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertItemsEqual(info_messages(),
["Some local roles were copied with the objects",
"Objects from clipboard successfully pasted."])
def test_add_recursive_documents_and_subdossiers_local_roles(
self, browser):
self.login(self.regular_user, browser)
RoleAssignmentManager(
self.subdossiertemplate).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(),
['Reader', 'Contributor', 'Editor']))
browser.open(self.leaf_repofolder)
factoriesmenu.add('Dossier with template')
token = browser.css(
'input[name="form.widgets.template"]').first.attrib.get('value')
browser.fill({'form.widgets.template': token}).submit()
browser.click_on('Save')
dossier = browser.context
self.assertEqual('Bauvorhaben klein', dossier.title)
subdossier = dossier.listFolderContents()[1]
self.assertEqual(
[u'Werkst\xe4tte', u'Anfragen'],
[obj.title for obj in dossier.listFolderContents()],
"The content of the subdossiertemplate is not correct!")
expected_role_assignments = [{
'cause':
3,
'reference':
None,
'roles': ['Reader', 'Contributor', 'Editor'],
'principal':
'kathi.barfuss',
}]
role_assignments = RoleAssignmentManager(subdossier).storage._storage()
self.assertEqual(expected_role_assignments, role_assignments)
def test_only_users_of_current_admin_unit_are_found_by_search(self):
self.login(self.workspace_admin)
source = ActualWorkspaceMembersSource(self.workspace)
admin_unit2 = create(
Builder('admin_unit').id('additional').having(title='additional'))
org_unit_3 = create(
Builder('org_unit').id('org-unit-3').having(
title=u"Org Unit 3",
admin_unit=admin_unit2).with_default_groups())
peter = create(
Builder('ogds_user').id('peter.meier').having(
firstname='Peter',
lastname='Meier').assign_to_org_units([org_unit_3]))
RoleAssignmentManager(self.workspace).add_or_update(
self.regular_user.id, ['WorkspaceGuest'],
ASSIGNMENT_VIA_INVITATION)
RoleAssignmentManager(self.workspace).add_or_update(
peter.userid, ['WorkspaceGuest'], ASSIGNMENT_VIA_INVITATION)
results = source.search(self.regular_user.id)
self.assertEqual(1, len(results))
self.assertEqual(self.regular_user.id, results[0].value)
# User from other admin_unit cannot be found
results = source.search('peter.meier')
self.assertEqual(0, len(results))
def test_remove_role_assignments_and_updates_local_roles(self, browser):
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update_assignment(
SharingRoleAssignment(
self.regular_user.id, ['Reader', 'Editor', 'Contributor']))
data = json.dumps({
"entries": [
{"id": self.regular_user.id,
"roles": {"Contributor": False,
"Editor": False,
"Reader": False,
"Reviewer": False,
"Publisher": False},
"type": "user"},
],
"inherit": True})
browser.open(self.empty_dossier, data, view='@sharing', method='POST',
headers={'Accept': 'application/json',
'Content-Type': 'application/json'})
self.assertEquals(
(('robert.ziegler', ('Owner',)),),
self.empty_dossier.get_local_roles())
self.assertEquals(
[],
RoleAssignmentManager(self.empty_dossier).storage._storage())
def test_closing_does_not_revoke_roles_on_related_documents_if_revoke_permission_is_false(
self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
self.set_workflow_state('task-state-resolved', self.task)
self.task.revoke_permissions = False
storage = RoleAssignmentManager(self.document).storage
expected_oguids = [
Oguid.for_object(task).id
for task in (self.task, self.task, self.subtask, self.subtask,
self.info_task, self.info_task, self.private_task,
self.inbox_task)
]
self.assertEqual(
expected_oguids,
[item.get('reference') for item in storage._storage()])
# close
browser.open(self.task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.fill({'Response': 'Done!'})
browser.click_on('Save')
self.assertEqual(
expected_oguids,
[item.get('reference') for item in storage._storage()])
def test_assign_updates_role_assignment_on_forwarding(self, browser):
self.login(self.secretariat_user, browser)
assignment_manager = RoleAssignmentManager(self.inbox_forwarding)
assignments = assignment_manager.storage._storage()
self.assertEqual(2, len(assignments))
assignment = assignments[0]
self.assertEqual(ASSIGNMENT_VIA_TASK, assignment["cause"])
self.assertEqual(["Editor"], assignment["roles"])
self.assertEqual(self.regular_user.getId(), assignment["principal"])
browser.open(self.inbox_forwarding)
browser.click_on('forwarding-transition-reassign')
form = browser.find_form_by_field('Responsible')
form.find_widget('Responsible').fill(self.secretariat_user)
browser.click_on('Assign')
assignment_manager = RoleAssignmentManager(self.inbox_forwarding)
assignments = assignment_manager.storage._storage()
self.assertEqual(2, len(assignments))
user_assignment, inbox_assignment = assignments
self.assertEqual(ASSIGNMENT_VIA_TASK, user_assignment["cause"])
self.assertEqual(["Editor"], user_assignment["roles"])
self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"])
self.assertEqual(ASSIGNMENT_VIA_TASK_AGENCY, inbox_assignment["cause"])
self.assertEqual(["Editor"], inbox_assignment["roles"])
self.assertEqual(u'fa_inbox_users', inbox_assignment["principal"])
def test_local_roles_assigned_properly_when_creating_forwarding(self):
self.login(self.secretariat_user)
self.forwarding = create(
Builder('forwarding')
.within(self.inbox)
.titled(u'Test forwarding')
.having(responsible_client='fa',
responsible=self.secretariat_user.getId(),
issuer=self.secretariat_user.getId())
.relate_to(self.inbox_document))
# Editor role is granted to forwarding responsible
assignment_manager = RoleAssignmentManager(self.forwarding)
assignments = assignment_manager.storage._storage()
self.assertEqual(2, len(assignments))
user_assignment, inbox_assignment = assignments
self.assertEqual(ASSIGNMENT_VIA_TASK, user_assignment["cause"])
self.assertEqual(["Editor"], user_assignment["roles"])
self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"])
self.assertEqual(ASSIGNMENT_VIA_TASK_AGENCY, inbox_assignment["cause"])
self.assertEqual(["Editor"], inbox_assignment["roles"])
self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"])
# No role assignments on contained objects as they already
# inherit from the forwarding
inbox_document, = self.forwarding.listFolderContents()
assignment_manager = RoleAssignmentManager(inbox_document)
assignments = assignment_manager.storage._storage()
self.assertEqual(0, len(assignments))
def update_role_settings(self):
assignments = []
for principal, roles in self.generate_role_settings().items():
assignments.append(ProtectDossierRoleAssignment(principal, roles))
if assignments:
manager = RoleAssignmentManager(self.context)
manager.reset(assignments)
def reply(self):
principal_id = self.read_params()
manager = RoleAssignmentManager(self.context)
assignments = manager.get_assignments_by_principal_id(principal_id)
return [assignment.serialize() for assignment in assignments
if assignment.cause != ASSIGNMENT_VIA_SHARING]
def update_role_settings(self):
assignments = []
for principal, roles in self.generate_role_settings().items():
assignments.append(ProtectDossierRoleAssignment(principal, roles))
if assignments:
manager = RoleAssignmentManager(self.context)
manager.reset(assignments)
def test_role_assignmets_on_tasks_with_inbox_agency(self):
self.login(self.regular_user)
self.add_additional_org_unit()
document = create(
Builder('document').within(
self.empty_dossier).titled(u'Vertr\xe4gsentwurf'))
task = create(
Builder('task').within(self.empty_dossier).
titled(u'Vertragsentwurf \xdcberpr\xfcfen').having(
responsible_client='fa',
responsible=self.regular_user.getId(),
issuer=self.dossier_responsible.getId(),
task_type='correction',
deadline=date(
2016, 11,
1)).in_state('task-state-in-progress').relate_to(document))
self.assertItemsEqual([{
'principal': self.regular_user.id,
'roles': ['Editor'],
'cause': ASSIGNMENT_VIA_TASK,
'reference': Oguid.for_object(task).id
}, {
'principal': u'fa_inbox_users',
'roles': ['Editor'],
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'reference': Oguid.for_object(task).id
}],
RoleAssignmentManager(task).storage._storage())
self.assertItemsEqual(
[{
'principal': self.regular_user.id,
'roles': ['Reader', 'Editor'],
'cause': ASSIGNMENT_VIA_TASK,
'reference': Oguid.for_object(task).id
}, {
'principal': u'fa_inbox_users',
'roles': ['Reader', 'Editor'],
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'reference': Oguid.for_object(task).id
}],
RoleAssignmentManager(document).storage._storage())
self.assertItemsEqual([{
'principal': self.regular_user.id,
'roles': ['Contributor'],
'cause': ASSIGNMENT_VIA_TASK,
'reference': Oguid.for_object(task).id
}, {
'principal': u'fa_inbox_users',
'roles': ['Contributor'],
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'reference': Oguid.for_object(task).id
}],
RoleAssignmentManager(
self.empty_dossier).storage._storage())
def test_closing_does_not_revoke_roles_on_distinct_parent_if_revoke_permission_is_false(
self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-resolved', self.meeting_task)
self.meeting_task.revoke_permissions = False
self.assertEqual((('fa_inbox_users', ('Contributor', )),
('franzi.muller', ('Owner', )), ('robert.ziegler',
('Contributor', ))),
self.meeting_dossier.get_local_roles())
storage = RoleAssignmentManager(self.meeting_dossier).storage
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': self.dossier_responsible.id
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': 'fa_inbox_users'
}, {
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_subtask),
'principal': self.dossier_responsible.id
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_subtask),
'principal': 'fa_inbox_users'
}], storage._storage())
# close subtask
browser.open(self.meeting_subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.click_on('Save')
browser.open(self.meeting_task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.click_on('Save')
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': self.dossier_responsible.id
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': 'fa_inbox_users'
}], storage._storage())
self.assertEqual((('fa_inbox_users', ('Contributor', )),
('franzi.muller', ('Owner', )), ('robert.ziegler',
('Contributor', ))),
self.meeting_dossier.get_local_roles())
def reply(self):
principal_id = self.read_params()
manager = RoleAssignmentManager(self.context)
assignments = manager.get_assignments_by_principal_id(principal_id)
return [
assignment.serialize() for assignment in assignments
if assignment.cause != ASSIGNMENT_VIA_SHARING
]
def test_closing_does_not_revoke_roles_on_distinct_parent_if_revoke_permission_is_false(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-resolved', self.meeting_task)
self.meeting_task.revoke_permissions = False
self.assertEqual(
(('fa_inbox_users', ('Contributor',)),
('franzi.muller', ('Owner',)),
('robert.ziegler', ('Contributor',))),
self.meeting_dossier.get_local_roles())
storage = RoleAssignmentManager(self.meeting_dossier).storage
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': self.dossier_responsible.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': 'fa_inbox_users'},
{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_subtask),
'principal': self.dossier_responsible.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_subtask),
'principal': 'fa_inbox_users'}],
storage._storage())
# close subtask
browser.open(self.meeting_subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.click_on('Save')
browser.open(self.meeting_task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.click_on('Save')
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': self.dossier_responsible.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Contributor'],
'reference': Oguid.for_object(self.meeting_task),
'principal': 'fa_inbox_users'}],
storage._storage())
self.assertEqual(
(('fa_inbox_users', ('Contributor',)),
('franzi.muller', ('Owner',)),
('robert.ziegler', ('Contributor',))),
self.meeting_dossier.get_local_roles())
def test_cancelling_a_task_revokes_roles(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-open', self.subtask)
# cancel
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-open-cancelled')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual([], storage._storage())
def test_cancelling_a_task_revokes_roles(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-open', self.subtask)
# cancel
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-open-cancelled')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual([], storage._storage())
def add_role_assignment_to_proposal(self, document, task):
document_manager = RoleAssignmentManager(document)
# abort if we do not have an assignment for local roles in the
# document. it might be this is one of the migrated tasks where the
# assignment has only been set for sharing but not based on the local
# roles for the tasks.
if not document_manager.get_assignments_by_cause(ASSIGNMENT_VIA_TASK):
return
# if we have an assignment it should be safe to set the assignment
# again as would happen when the task has been modified.
LocalRolesSetter(task).set_roles(event=None)
def test_guarded_by_modify_portal_content(self):
self.login(self.regular_user)
self.assertIn(self.transition, self.get_workflow_transitions_for(self.task))
RoleAssignmentManager(self.portal).add_or_update_assignment(
SharingRoleAssignment(self.reader_user.getId(), ['Reader']),
)
RoleAssignmentManager(self.dossier).add_or_update_assignment(
SharingRoleAssignment(self.reader_user.getId(), ['Reader']),
)
self.login(self.reader_user)
self.assertNotIn(self.transition, self.get_workflow_transitions_for(self.task))
def test_closing_a_direct_execution_task_revokes_roles(self, browser):
self.login(self.regular_user, browser=browser)
self.subtask.task_type = 'direct-execution'
self.subtask.sync()
self.set_workflow_state('task-state-in-progress', self.subtask)
# close
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-in-progress-tested-and-closed')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual([], storage._storage())
def test_closing_a_direct_execution_task_revokes_roles(self, browser):
self.login(self.regular_user, browser=browser)
self.subtask.task_type = 'direct-execution'
self.subtask.sync()
self.set_workflow_state('task-state-in-progress', self.subtask)
# close
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-in-progress-tested-and-closed')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual([], storage._storage())
def test_add_register_assignment_in_the_storage(self):
self.login(self.regular_user)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update(self.secretariat_user.id,
['Editor', 'Contributor', 'Reader'],
ASSIGNMENT_VIA_TASK, self.task)
self.assertEquals(
[{'principal': self.secretariat_user.id,
'roles': ['Editor', 'Contributor', 'Reader'],
'cause': ASSIGNMENT_VIA_TASK,
'reference': Oguid.for_object(self.task).id}],
manager.storage._storage())
def execute(self):
obj = super(CreateDocumentFromTemplateCommand, self).execute()
DocPropertyWriter(obj, recipient_data=self.recipient_data).initialize()
# Set blocking of role inheritance based on the template object
if self.block_role_inheritance is not None:
obj.__ac_local_roles_block__ = self.block_role_inheritance
# Copy the local roles assignations over from the template
if self.role_assignments is not None:
manager = RoleAssignmentManager(obj)
# Passing an empty iterable in here creates an empty mapping
manager.add_or_update_assignments(self.role_assignments)
return obj
def test_revokes_permissions_on_proposal(self):
self.login(self.dossier_responsible)
intids = getUtility(IIntIds)
relation = RelationValue(intids.getId(self.proposaldocument))
ITask(self.subtask).relatedItems.append(relation)
notify(ObjectModifiedEvent(self.subtask))
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
expected_assignments = [{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Reader', 'Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': self.regular_user.id
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Reader', 'Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': u'fa_inbox_users'
}]
document_storage = RoleAssignmentManager(self.proposaldocument).storage
self.assertEqual(expected_assignments, document_storage._storage())
proposal_storage = RoleAssignmentManager(self.proposal).storage
self.assertEqual(expected_assignments, proposal_storage._storage())
RevokePermissions(self.subtask, self.request)()
self.assertEqual([], proposal_storage._storage())
self.assertEqual([], document_storage._storage())
def execute(self):
obj = super(CreateDocumentFromTemplateCommand, self).execute()
DocPropertyWriter(obj, recipient_data=self.recipient_data).initialize()
# Set blocking of role inheritance based on the template object
if self.block_role_inheritance is not None:
obj.__ac_local_roles_block__ = self.block_role_inheritance
# Copy the local roles assignations over from the template
if self.role_assignments is not None:
manager = RoleAssignmentManager(obj)
# Passing an empty iterable in here creates an empty mapping
manager.add_or_update_assignments(self.role_assignments)
return obj
def test_add_register_assignment_in_the_storage(self):
self.login(self.regular_user)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update(self.secretariat_user.id,
['Editor', 'Contributor', 'Reader'],
ASSIGNMENT_VIA_TASK, self.task)
self.assertEquals([{
'principal': self.secretariat_user.id,
'roles': ['Editor', 'Contributor', 'Reader'],
'cause': ASSIGNMENT_VIA_TASK,
'reference': Oguid.for_object(self.task).id
}], manager.storage._storage())
def test_redirects_to_portal_when_current_user_has_no_longer_view_permission(
self, browser):
self.login(self.regular_user, browser=browser)
api.content.disable_roles_acquisition(obj=self.dossier)
self.assign_task(self.secretariat_user, u'Thats a job for you.')
manager = RoleAssignmentManager(self.task)
self.assertEqual([{
'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task).id,
'principal': 'jurgen.konig'
}, {
'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.task).id,
'principal': u'fa_inbox_users'
}], manager.storage._storage())
self.assertEqual(self.portal.absolute_url(), browser.url)
self.assertEqual([
'Task successfully reassigned. You are no longer permitted to '
'access the task.'
], info_messages())
def test_only_users_with_local_roles_with_view_permissions_are_found_by_search(
self):
self.login(self.workspace_admin)
source = ActualWorkspaceMembersSource(self.workspace)
results = source.search(self.workspace_guest.id)
self.assertEqual(1, len(results))
self.assertEqual(self.workspace_guest.id, results[0].value)
results = source.search(self.regular_user.id)
self.assertEqual(0, len(results))
# Assigning WorkspaceGuest to regular_user and check that he is then
# found in the ActualWorkspaceMembersSource
RoleAssignmentManager(self.workspace).add_or_update(
self.regular_user.id, ['WorkspaceGuest'],
ASSIGNMENT_VIA_INVITATION)
results = source.search(self.regular_user.id)
self.assertEqual(1, len(results))
self.assertEqual(self.regular_user.id, results[0].value)
# Only local roles that give view permissions are considered for
# users found in the ActualWorkspaceMembersSource
self.workspace.manage_permission('View', roles=[])
results = source.search(self.regular_user.id)
self.assertEqual(0, len(results))
results = source.search(self.workspace_guest.id)
self.assertEqual(0, len(results))
def assign_owner_role_on_creation(workspace, event):
"""The creator of the workspace should have the WorkspaceOwner role,
so that the she / he can access the workspace.
"""
owner_userid = workspace.Creator()
assignment = SharingRoleAssignment(owner_userid, ['WorkspaceOwner'])
RoleAssignmentManager(workspace).add_or_update_assignment(assignment)
def test_subdossiers_the_user_cannot_view_can_also_block_deactivation(
self, browser):
with self.login(self.dossier_manager):
# Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
self.assertFalse(
getattr(self.subsubdossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.subsubdossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.secretariat_user.getId()]
dossier_protector.protect()
self.assertTrue(
getattr(self.subsubdossier, '__ac_local_roles_block__', False))
self.assertFalse(
api.user.has_permission('View',
user=self.regular_user,
obj=self.subsubdossier),
'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
)
# Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user
RoleAssignmentManager(self.subdossier).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(),
['Reader', 'Contributor', 'Editor']))
self.login(self.regular_user, browser)
self.deactivate(self.subdossier, browser)
expected_msgs = [
u"The Dossier 2016 contains a subdossier "
u"which can't be deactivated by the user."
]
self.assert_errors(self.subdossier, browser, expected_msgs)
def _modify(self, token, role, type_):
if not token or not type_:
raise BadRequest('No userid or type provided.')
if role not in MANAGED_ROLES:
raise Unauthorized('Inavlid role provided.')
if token == api.user.get_current().id:
raise Unauthorized('Not allowed to modify the current user.')
if type_ == 'user':
user_roles = api.user.get_roles(username=token,
obj=self.context,
inherit=False)
if user_roles and 'WorkspaceOwner' not in user_roles:
assignment = InvitationRoleAssignment(token, [role],
self.context)
RoleAssignmentManager(
self.context).add_or_update_assignment(assignment)
self.context.setModificationDate()
self.context.reindexObject(idxs=['modified'])
self.request.RESPONSE.setStatus(204)
return True
else:
raise BadRequest('User does not have any local roles')
elif type_ == 'invitation':
storage = getUtility(IInvitationStorage)
storage.update_invitation(token, role=role)
else:
raise BadRequest('Wrong type')
def test_update_localroles_if_user_has_changed_protection_fields(
self, browser):
self.login(self.dossier_manager, browser)
browser.open(self.leaf_repofolder)
factoriesmenu.add(u'Business Case Dossier')
browser.fill({'Title': 'My Dossier'})
form = browser.find_form_by_field('Reading')
form.find_widget('Reading and writing').fill(self.regular_user.getId())
browser.click_on('Save')
new_dossier = browser.context
RoleAssignmentManager(new_dossier).add_or_update_assignment(
SharingRoleAssignment('projekt_a', ['Contributor']))
self.assert_local_roles(
IProtectDossier(new_dossier).READING_AND_WRITING_ROLES,
self.regular_user.getId(), new_dossier)
self.assert_local_roles(['Contributor'], 'projekt_a', new_dossier)
browser.open(new_dossier, view="@@edit")
browser.fill({'Title': 'My new Dossier'})
form = browser.find_form_by_field('Reading')
form.find_widget('Reading and writing').fill([])
form.find_widget('Reading').fill([self.regular_user.getId()])
browser.click_on('Save')
self.assert_local_roles(
IProtectDossier(new_dossier).READING_ROLES,
self.regular_user.getId(), new_dossier)
self.assert_local_roles([], 'projekt_a', new_dossier)
def revoke_on_related_items(self):
for item in getattr(aq_base(self.task), 'relatedItems', []):
document = item.to_object
manager = RoleAssignmentManager(document)
manager.clear(ASSIGNMENT_VIA_TASK,
self.responsible_permission_identfier, self.task)
manager.clear(ASSIGNMENT_VIA_TASK_AGENCY,
self.inbox_group_id, self.task)
if self._is_inside_a_proposal(document):
proposal = document.get_proposal()
manager = RoleAssignmentManager(proposal)
manager.clear(ASSIGNMENT_VIA_TASK,
self.responsible_permission_identfier, self.task)
manager.clear(ASSIGNMENT_VIA_TASK_AGENCY,
self.inbox_group_id, self.task)
def test_does_not_preserve_local_roles_from_committee_group(self, browser):
assignment_type = ASSIGNMENT_VIA_COMMITTEE_GROUP
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.subdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor'],
self.committee))
manager = RoleAssignmentManager(self.subdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
with self.observe_children(self. empty_repofolder) as children:
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertEqual(1, len(children.get('added')))
subdossier_copy = children.get('added').pop()
manager = RoleAssignmentManager(subdossier_copy)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(0, len(assignments),
"{} should not get copied".format(assignment_class))
def test_preserves_local_roles_from_invitation(self, browser):
assignment_type = ASSIGNMENT_VIA_INVITATION
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.subdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor'],
self.workspace))
manager = RoleAssignmentManager(self.subdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
with self.observe_children(self. empty_repofolder) as children:
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertEqual(1, len(children.get('added')))
subdossier_copy = children.get('added').pop()
manager = RoleAssignmentManager(subdossier_copy)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments), "{} should get copied".format(assignment_class))
assignment = assignments[0]
expected_assignment = {'cause': assignment_type,
'roles': ['Reader', 'Editor', 'Contributor'],
'reference': Oguid.for_object(self.workspace).id,
'principal': self.regular_user.id}
self.assertEqual(expected_assignment, assignment)
def test_status_message_shown_when_local_roles_on_subdossier_are_copied(self, browser):
assignment_type = ASSIGNMENT_VIA_SHARING
assignment_class = RoleAssignment.registry[assignment_type]
self.login(self.administrator, browser=browser)
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertItemsEqual(info_messages(),
["Objects from clipboard successfully pasted."])
manager = RoleAssignmentManager(self.subsubdossier)
manager.add_or_update_assignment(
assignment_class(self.regular_user.id,
['Reader', 'Editor', 'Contributor']))
manager = RoleAssignmentManager(self.subsubdossier)
assignments = manager.get_assignments_by_cause(assignment_type)
self.assertEqual(1, len(assignments))
browser.open(self.dossier,
data=self.make_path_param(self.subdossier), view="copy_items")
browser.open(self.empty_repofolder)
browser.click_on('Paste')
self.assertItemsEqual(info_messages(),
["Some local roles were copied with the objects",
"Objects from clipboard successfully pasted."])
def test_add_updates_when_assignment_exists(self):
self.login(self.regular_user)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update(self.secretariat_user.id,
['Editor', 'Contributor', 'Reader'],
ASSIGNMENT_VIA_SHARING)
# update
manager.add_or_update(self.secretariat_user.id,
['Reader'],
ASSIGNMENT_VIA_SHARING)
self.assertEquals(
[{'principal': self.secretariat_user.id,
'roles': ['Reader', ],
'cause': ASSIGNMENT_VIA_SHARING,
'reference': None}],
manager.storage._storage())
def __init__(self, context, template_doc, title, recipient_data=tuple()):
data = getattr(template_doc.get_file(), "data", None)
super(CreateDocumentFromTemplateCommand, self).__init__(
context, template_doc.get_filename(), data,
title=title)
self.recipient_data = recipient_data
# Grab blocking of role inheritance
self.block_role_inheritance = getattr(
template_doc, '__ac_local_roles_block__', None)
# Grab the local roles assignations from the template, if any
self.role_assignments = None
manager = RoleAssignmentManager(template_doc)
if manager.has_storage():
self.role_assignments = tuple(
RoleAssignment(**assignment)
for assignment in manager.storage.get_all()
)
def test_sharing_view_handles_groupids_with_spaces(self, browser):
self.login(self.administrator, browser=browser)
group_id = 'group with spaces'
create(Builder('group')
.with_groupid(group_id)
.having(title='Group with sapces'))
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update_assignment(
TaskRoleAssignment(group_id, ['Reader'], self.task))
browser.open(self.empty_dossier, view='@sharing',
method='Get', headers={'Accept': 'application/json'})
entry = [entry for entry in browser.json['entries']
if entry['id'] == u'group with spaces'][0]
self.assertEquals(
u'http://nohost/plone/@@list_groupmembers?group=group+with+spaces',
entry['url'])
def _update_role_settings(self, new_settings, reindex=True):
"""Replaced because we need our own permission manager stuff.
"""
assignments = []
principals_to_clear = []
for s in new_settings:
principal = s['id']
selected_roles = frozenset(s['roles'])
if not selected_roles:
principals_to_clear.append(principal)
continue
assignments.append(SharingRoleAssignment(principal, selected_roles))
manager = RoleAssignmentManager(self.context)
if assignments:
manager.reset(assignments)
else:
manager.clear_by_cause_and_principals(
ASSIGNMENT_VIA_SHARING, principals_to_clear)
def __init__(self, context, template):
kw = self._get_additional_attributes(template)
self.fields = kw["IOpenGeverBase"]
del kw["IOpenGeverBase"]
self.additional_fields = kw
# Grab blocking of role inheritance
self.block_role_inheritance = getattr(
template, '__ac_local_roles_block__', None)
# Grab the local roles assignations from the template, if any
self.role_assignments = None
manager = RoleAssignmentManager(template)
if manager.has_storage():
self.role_assignments = tuple(
RoleAssignment(**assignment)
for assignment in manager.storage.get_all()
)
super(CreateDossierFromTemplateCommand, self).__init__(
context, **self.fields)
def test_closing_does_not_revoke_roles_on_proposal_if_revoke_permission_is_false(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.task.revoke_permissions = False
intids = getUtility(IIntIds)
relation = RelationValue(intids.getId(self.proposaldocument))
ITask(self.task).relatedItems.append(relation)
notify(ObjectModifiedEvent(self.task))
expected_assignments = [{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Reader', 'Editor'],
'reference': Oguid.for_object(self.task),
'principal': self.regular_user.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Reader', 'Editor'],
'reference': Oguid.for_object(self.task),
'principal': u'fa_inbox_users'}]
document_storage = RoleAssignmentManager(self.proposaldocument).storage
self.assertEqual(expected_assignments, document_storage._storage())
proposal_storage = RoleAssignmentManager(self.proposal).storage
self.assertEqual(expected_assignments, proposal_storage._storage())
self.set_workflow_state('task-state-tested-and-closed', self.subtask)
self.set_workflow_state('task-state-resolved', self.task)
notify(ObjectModifiedEvent(self.task))
browser.open(self.task, view='tabbedview_view-overview')
browser.click_on('task-transition-resolved-tested-and-closed')
browser.click_on('Save')
self.assertEqual(expected_assignments, proposal_storage._storage())
self.assertEqual(expected_assignments, document_storage._storage())
def revoke_on_distinct_parent(self):
distinct_parent = self.get_distinct_parent()
# We disabled reindexObjectSecurity and reindex the security manually
# instead, to avoid reindexing all objects including all documents.
# Because there View permission isn't affected by the `Contributor` role
# on the dossier.
catalog = api.portal.get_tool('portal_catalog')
subdossiers = [brain.getObject() for brain in catalog(
object_provides=[IDossierMarker.__identifier__,
IProposal.__identifier__],
path='/'.join(distinct_parent.getPhysicalPath()))]
manager = RoleAssignmentManager(distinct_parent)
manager.clear(
ASSIGNMENT_VIA_TASK,
self.responsible_permission_identfier, self.task, reindex=False)
manager.clear(ASSIGNMENT_VIA_TASK_AGENCY,
self.inbox_group_id, self.task, reindex=False)
for dossier in subdossiers:
reindex_object_security_without_children(dossier)
def test_sharing_view_extends_information(self, browser):
self.login(self.administrator, browser=browser)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update_assignment(
TaskRoleAssignment(
self.regular_user.id, ['Contributor'], self.task))
manager.add_or_update_assignment(
SharingRoleAssignment(
self.regular_user.id, ['Reader', 'Editor', 'Contributor']))
browser.open(self.empty_dossier, view='@sharing',
method='Get', headers={'Accept': 'application/json'})
entries = browser.json['entries']
self.assertEquals(
{u'automatic_roles': {u'Contributor': True,
u'Editor': False,
u'Publisher': False,
u'Reader': False,
u'Reviewer': False},
u'computed_roles': {u'Contributor': True,
u'Editor': True,
u'Publisher': False,
u'Reader': True,
u'Reviewer': False},
u'disabled': False,
u'id': u'kathi.barfuss',
u'login': u'kathi.barfuss',
u'roles': {u'Contributor': True,
u'Editor': True,
u'Publisher': False,
u'Reader': True,
u'Reviewer': False},
u'title': u'B\xe4rfuss K\xe4thi',
u'type': u'user',
u'url': u'http://nohost/plone/@@user-details-plain/kathi.barfuss'},
[item for item in entries if item['id'] == self.regular_user.id][0])
def test_cancelling_a_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.set_workflow_state('task-state-open', self.subtask)
self.subtask.revoke_permissions = False
# cancel
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-open-cancelled')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': self.regular_user.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': 'fa_inbox_users'}],
storage._storage())
def test_closing_direct_execution_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser):
self.login(self.regular_user, browser=browser)
self.subtask.revoke_permissions = False
self.subtask.task_type = 'direct-execution'
self.subtask.sync()
self.set_workflow_state('task-state-in-progress', self.subtask)
# close
browser.open(self.subtask, view='tabbedview_view-overview')
browser.click_on('task-transition-in-progress-tested-and-closed')
browser.click_on('Save')
storage = RoleAssignmentManager(self.subtask).storage
self.assertEqual(
[{'cause': ASSIGNMENT_VIA_TASK,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': self.regular_user.id},
{'cause': ASSIGNMENT_VIA_TASK_AGENCY,
'roles': ['Editor'],
'reference': Oguid.for_object(self.subtask),
'principal': 'fa_inbox_users'}],
storage._storage())
def execute(self):
obj = super(CreateDossierFromTemplateCommand, self).execute()
schemas = iterSchemataForType(self.portal_type)
for schema in schemas:
schema_name = BEHAVIOR_INTERFACE_MAPPING.get(
schema.getName(), schema.getName())
if schema_name not in self.additional_fields:
continue
behavior = schema(obj)
for prop_name in self.additional_fields[schema_name]:
setattr(behavior, prop_name,
self.additional_fields[schema_name][prop_name])
# Set blocking of role inheritance based on the template object
if self.block_role_inheritance is not None:
obj.__ac_local_roles_block__ = self.block_role_inheritance
# Copy the local roles assignations over from the template
if self.role_assignments is not None:
manager = RoleAssignmentManager(obj)
# Passing an empty iterable in here creates an empty mapping
manager.add_or_update_assignments(self.role_assignments)
return obj
def test_sets_local_roles_when_adding(self):
self.login(self.regular_user)
manager = RoleAssignmentManager(self.empty_dossier)
manager.add_or_update(self.secretariat_user.id,
['Editor', 'Contributor', 'Reader'],
ASSIGNMENT_VIA_SHARING)
manager.add_or_update(self.secretariat_user.id,
['Reader'], ASSIGNMENT_VIA_TASK, self.task)
manager.add_or_update(self.regular_user.id,
['Publisher', 'Reviewer'], ASSIGNMENT_VIA_SHARING)
self.assertEquals(
(('jurgen.konig', ('Contributor', 'Editor', 'Reader')),
('kathi.barfuss', ('Publisher', 'Reviewer')),
('robert.ziegler', ('Owner',))),
self.empty_dossier.get_local_roles())
def revoke_roles_on_task(self):
manager = RoleAssignmentManager(self.task)
manager.clear(ASSIGNMENT_VIA_TASK,
self.responsible_permission_identfier, self.task)
manager.clear(ASSIGNMENT_VIA_TASK_AGENCY,
self.inbox_group_id, self.task)
def add_role_assignments(self, obj):
storage = RoleAssignmentManager(obj).storage
for principal, roles in obj.get_local_roles():
storage.add_or_update(
principal, roles, ASSIGNMENT_VIA_SHARING, None)