def test_had_read_access(self):
        model = loadString("""
            <model xmlns="http://namespaces.plone.org/supermodel/schema">
                <schema />
            </model>
        """)

        context = self.new_temporary_folder()

        # no permission -> has access
        self.assertTrue(
            security.has_read_access(model.schema, 'fieldname', context)
        )

        security.set_read_permissions(
            model.schema, {'fieldname': 'cmf.ManagePortal'}
        )

        # anonymous has no access now
        self.assertFalse(
            security.has_read_access(model.schema, 'fieldname', context)
        )

        # but the admin does
        with self.user('admin'):
            self.assertTrue(
                security.has_read_access(model.schema, 'fieldname', context)
            )
    def test_restricted_columns(self):

        context = self.new_temporary_folder()
        model = loadString(self.address_model)

        set_columns(model.schema, [
            ['firstname', 'lastname'],
            ['town'],
            ['country'],
        ])
        security.set_read_permissions(model.schema, {
            'firstname': 'cmf.ManagePortal',
            'lastname': 'zope2.View'
        })

        # anonymous
        columns = get_schema_columns(model.schema, context)
        self.assertEqual(len(columns), 3)
        self.assertEqual(columns[0].fields, ['lastname'])

        # admin
        with self.user('admin'):
            columns = get_schema_columns(model.schema, context)

        self.assertEqual(len(columns), 3)
        self.assertEqual(columns[0].fields, ['lastname', 'firstname'])
    def test_read_permissions(self):
        model = loadString("""
            <model xmlns="http://namespaces.plone.org/supermodel/schema">
                <schema />
            </model>
        """)

        security.set_read_permissions(
            model.schema, {'fieldname': 'zope2.View'}
        )
        self.assertEqual(security.get_read_permissions(model.schema), {
            'fieldname': 'zope2.View'
        })