Ejemplo n.º 1
0
 def test_group_permissions_from_workspace(self):
     """
         Johndoe is member in Workspace A,
         Workspace A is member in Workspace B
             => Johndoe can access Workspace B
     """
     self.login('johndoe')
     # johndoe cannot access workspace-b
     with self.assertRaises(Unauthorized):
         self.traverse_to_item(self.workspace_b)
     self.logout()
     self.login_as_portal_owner()
     # the group workspace-a gets added as member to workspace-b
     self.add_user_to_workspace(
         'workspace-a',
         self.workspace_b,
     )
     obj = IGroup(self.workspace_b)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-a', 'admin']))
     self.logout()
     # johndoe can now access workspace-b
     self.login('johndoe')
     self.traverse_to_item(self.workspace_b)
     self.logout()
     # but janeschmo still cannot
     self.login('janeschmo')
     with self.assertRaises(Unauthorized):
         self.traverse_to_item(self.workspace_b)
 def testIGroupAdapter(self):
     """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
     """
     from Products.membrane.interfaces import IGroup
     from Products.CMFCore.utils import getToolByName
     
     fsd = self.getPopulatedDirectory()
     wf = getToolByName(fsd,'portal_workflow')
     
     #adapt to IGroup
     g = IGroup(fsd)
     
     #group title is the content object title
     fsd.setTitle("My FSD")
     self.failUnless(g.Title()=="My FSD")
     
     #roles are set on the object, but only available when object is published
     fsd.setRoles(('Reviewer',))
     # at first, object is 'visible', but not published, roles should be empty
     self.failIf('Reviewer' in g.getRoles(),"roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
     #publish object
     wf.doActionFor(fsd,'publish')
     # now check again, role should be there
     self.failUnless('Reviewer' in g.getRoles(),"Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
     
     # group id is set on content object, uniqueness is enforced elsewhere
     self.failUnless(g.getGroupId()==fsd.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId()))
     
     #members are obtained correctly
     self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person")
     self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons")
     self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage")
     members = list(g.getGroupMembers())
     members.sort()
     self.failUnless(members == ['abc123','def456','ghi789'],"incorrect member list: %s" % members)
    def getGroupsForPrincipal(self, principal, request=None):
        person = self.context
        groups = {}
        for held_position in person.get_held_positions():
            group = IGroup(held_position.position.to_object)
            group_id = group.getGroupId()
            groups[group_id] = 1

        return tuple(groups.keys())
Ejemplo n.º 4
0
Archivo: groups.py Proyecto: a25kk/stv2
 def getGroupsForPrincipal(self, principal, request=None):
     groups = {}
     for relationship in self.context.getGroupRelationships():
         groups.update(dict.fromkeys([g.getUserId() for g in
                                      self.context.getBRefs(relationship)]))
     for parent in aq_chain(aq_inner(self.context)):
         group = IGroup(parent, None)
         if group is not None:
             groups[group.getGroupId()] = 1
     return tuple(groups.keys())
Ejemplo n.º 5
0
 def test_group_permissions_from_workspace_recursive_transitive(self):
     """
         Johndoe is member in Workspace A,
         Janeschmo is member in Workspace B,
         Workspace A is member in Workspace B,
         Workspace B is member in Workspace C,
         Workspace C is member in Workspace A:
             => Johndoe can access all workspaces
             => Janeschmo can access all workspaces
     """
     self.login_as_portal_owner()
     # john is already in A
     # Add Jane to B.
     self.add_user_to_workspace(
         'janeschmo',
         self.workspace_b,
     )
     # the group workspace-a gets added as member to workspace-b
     self.add_user_to_workspace(
         'workspace-a',
         self.workspace_b,
     )
     # the group workspace-b gets added as member to workspace-c
     self.add_user_to_workspace(
         'workspace-b',
         self.workspace_c,
     )
     # make c private instead of secret, so it can be added
     api.content.transition(self.workspace_c, 'make_private')
     # the group workspace-c gets added as member to workspace-a
     self.add_user_to_workspace(
         'workspace-c',
         self.workspace_a,
     )
     obj = IGroup(self.workspace_a)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-c', 'admin', 'johndoe']),
                      "Workspace A membership incorrect")
     obj = IGroup(self.workspace_b)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-a', 'admin', 'janeschmo']),
                      "Workspace B membership incorrect")
     obj = IGroup(self.workspace_c)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-b', 'admin']),
                      "Workspace C membership incorrect")
     self.logout()
     # johndoe can now access all 3 workspaces
     self.login('johndoe')
     self.traverse_to_item(self.workspace_a)
     self.traverse_to_item(self.workspace_b)
     self.traverse_to_item(self.workspace_c)
     self.logout()
     # janeschmo can also access all 3 workspaces
     self.login('janeschmo')
     self.traverse_to_item(self.workspace_a)
     self.traverse_to_item(self.workspace_b)
     self.traverse_to_item(self.workspace_c)
Ejemplo n.º 6
0
Archivo: groups.py Proyecto: a25kk/stv2
 def getGroupsForPrincipal(self, principal, request=None):
     groups = {}
     # Get all BRefs that implement IGroup - slightly expensive
     for obj in self.context.getBRefs():
         group = IGroup(obj, None)
         if group is not None:
             groups[group.getGroupId()] = 1
     for parent in aq_chain(aq_inner(self.context)):
         group = IGroup(parent, None)
         if group is not None:
             groups[group.getGroupId()] = 1
     return tuple(groups.keys())
Ejemplo n.º 7
0
 def test_workgroup_security(self):
     ''' Check if that a workgroup assigned to a workspace allows his
     members to see the workspace
     '''
     group = IGroup(self.workspace)
     self.assertSetEqual(
         set(group.getGroupMembers()),
         {'test_user_1_', 'Test workgroup'},
     )
     self.assertTrue(
         api.user.has_permission('View',
                                 user=self.userprofile,
                                 obj=self.workspace))
Ejemplo n.º 8
0
    def testIGroupAdapter(self):
        """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
        """
        from Products.membrane.interfaces import IGroup
        from Products.CMFCore.utils import getToolByName

        fsd = self.getPopulatedDirectory()
        wf = getToolByName(fsd, 'portal_workflow')

        #adapt to IGroup
        g = IGroup(fsd)

        #group title is the content object title
        fsd.setTitle("My FSD")
        self.failUnless(g.Title() == "My FSD")

        #roles are set on the object, but only available when object is published
        fsd.setRoles(('Reviewer', ))
        # at first, object is 'visible', but not published, roles should be empty
        self.failIf(
            'Reviewer' in g.getRoles(),
            "roles are active, but content unpublished\nRoles: %s\nReviewState: %s"
            % (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))
        #publish object
        wf.doActionFor(fsd, 'publish')
        # now check again, role should be there
        self.failUnless(
            'Reviewer' in g.getRoles(),
            "Roles not active, but content published\nRoles: %s\nReviewState: %s"
            % (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))

        # group id is set on content object, uniqueness is enforced elsewhere
        self.failUnless(
            g.getGroupId() == fsd.getId(),
            "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
            % (fsd.getId(), g.getGroupId()))

        #members are obtained correctly
        self.person1 = self.getPerson(id='abc123',
                                      firstName="Test",
                                      lastName="Person")
        self.person2 = self.getPerson(id='def456',
                                      firstName="Testy",
                                      lastName="Persons")
        self.person3 = self.getPerson(id='ghi789',
                                      firstName="Tester",
                                      lastName="Personage")
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == ['abc123', 'def456', 'ghi789'],
                        "incorrect member list: %s" % members)
    def getGroupsForPrincipal(self, principal, request=None):
        person = self.context
        groups = {}
        for held_position in person.get_held_positions():
            position = held_position.position
            if position:
                obj = position.to_object
                if obj:
                    assignable = DexterityBehaviorAssignable(obj)
                    if assignable.supports(IMembraneGroup):
                        group = IGroup(obj)
                        group_id = group.getGroupId()
                        groups[group_id] = 1

        return tuple(groups.keys())
Ejemplo n.º 10
0
Archivo: roles.py Proyecto: a25kk/stv2
    def getRolesForPrincipal(self, principal, request=None):
        roles = dict.fromkeys(IUserRoles(self.context).getRoles())

        getGroups = getattr(principal, 'getGroups', lambda: tuple())
        group_ids = getGroups()
        if group_ids:
            mbtool = getToolByName(self.context, TOOLNAME)
            uSR = mbtool.unrestrictedSearchResults
            groups = uSR(exact_getGroupId=group_ids,
                         object_implements=IGroup.__identifier__)
            for g in groups:
                group = IGroup(g._unrestrictedGetObject())
                roles.update(dict.fromkeys(group.getRoles()))

        return roles.keys()
Ejemplo n.º 11
0
def setSharing(ob, event):
    if not hasattr(ob, 'getProject'):
        return

    project = ob.getProject()

    # 设置初始的项目组角色
    ob.manage_setLocalRoles(IGroup(project.teams.projectseniors).getGroupId(), ['Editor', 'Contributor'])
Ejemplo n.º 12
0
    def testIGroupAdapter(self):
        """Verify all methods of the IGroup adapter to the Classification content type
        """
        from Products.membrane.interfaces import IGroup
        from Products.CMFCore.utils import getToolByName

        wf = getToolByName(self.classification, 'portal_workflow')

        #adapt to IGroup
        g = IGroup(self.classification)

        #group title is the content object title
        self.classification.setTitle('New Title')
        self.failUnless(
            g.Title() == 'New Title',
            "IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s"
            % (self.classification.Title(), g.Title()))

        # group id is set on content object, uniqueness is enforced elsewhere
        self.failUnless(
            g.getGroupId() == self.classification.getId(),
            "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
            % (self.classification.getId(), g.getGroupId()))

        #members are obtained correctly, regardless of how the classification was added
        #added from person object
        self.person.setClassifications((self.classification, ))
        self.person2.setClassifications((self.classification, ))
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == ['abc123', 'def456'],
                        "incorrect member list: %s" % members)
        #clear the list
        self.classification.setPeople(())
        self.failIf(
            self.classification.getPeople(),
            "there are still people listed in this classification: %s" %
            self.classification.getPeople())
        #added from classification object
        self.classification.setPeople((self.person, self.person2))
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == ['abc123', 'def456'],
                        "incorrect member list: %s" % members)
        #deactivate group and verify emptiness
        wf.doActionFor(self.classification, 'deactivate')
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(
            members == [],
            "deactivated group has non-empty member list: %s" % members)
    def testIGroupAdapter(self):
        """Verify all methods of the IGroup adapter to the Classification content type
        """
        from Products.membrane.interfaces import IGroup
        from Products.CMFCore.utils import getToolByName
        
        wf = getToolByName(self.committee,'portal_workflow')
        
        #adapt to IGroup
        g = IGroup(self.committee)
        
        #group title is the content object title
        self.committee.setTitle('New Title')
        self.failUnless(g.Title()=='New Title',"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.committee.Title(),g.Title()))

        # group id is set on content object, uniqueness is enforced elsewhere
        self.failUnless(g.getGroupId()==self.committee.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.committee.getId(), g.getGroupId()))
        
        #members are obtained correctly, regardless of how the classification was added
        #added from person object
        self.person.setCommittees((self.committee,))
        self.person2.setCommittees((self.committee,))
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == ['abc123','def456'],
                        "incorrect member list: %s" % members)
        #clear the list
        self.committee.setMembers(());
        self.failIf(self.committee.getMembers(),
                    "there are still people listed in this committee: %s" % self.committee.getMembers())
        #added from classification object
        self.committee.setMembers((self.person,self.person2))
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == ['abc123','def456'],
                        "incorrect member list: %s" % members)
        #deactivate group and verify emptiness
        wf.doActionFor(self.committee,'deactivate')
        members = list(g.getGroupMembers())
        members.sort()
        self.failUnless(members == [],"deactivated group has non-empty member list: %s" % members)
    def getTeamsOrUsers(self):
        teams = self.context.aq_inner.contentValues({'portal_type': ['Team']})
        teamsids = [team.getId() for team in teams]
        ksscore = self.getCommandSet('core')
        selector = ksscore.getSelector('samenode', '')
        content = "<select class=\"selectarea\" style=\"display: inline;\">"
        content += "<option value=\"please select a option\">分配权限给...</option>"
        content += "<optgroup label='项目组'>"
        for team in teams:
            if team.getId() != 'projectmanagers':
                content += "<option value=\"" + IGroup(team).getGroupId() + \
                           "\">" + team.pretty_title_or_id() + \
                            "</option>"

        content += "</optgroup>"

        project = self.context.getProject()
        adapter = IOrganizedEmployess(project.teams)
        cp = adapter.get_all_companies_and_people()
        for k in cp.keys():
            count = 0
            for i in cp[k]:
                if count == 0:
                    content += "<optgroup label='" + i.pretty_title_or_id() \
                            +"'>"
                    count += 1
                else:
                    content += "<option value=\"" + i.getId() + \
                            "\">" + i.pretty_title_or_id() + \
                             "</option>"
                    count += 1
            content += "</optgroup>"

        content += "</select>"
        content = force_unicode(content, 'utf-8')
        ksscore.insertHTMLAfter(selector, content)
        selectarea = ksscore.getSelector('css', '.selectarea')
        ksscore.focus(selectarea)
Ejemplo n.º 15
0
 def test_group_permissions_from_workspace_recursive(self):
     """
         Johndoe is member in Workspace A,
         Janeschmo is member in Workspace B,
         Workspace A is member in Workspace B,
         Workspace B is member in Workspace A:
             => Johndoe can access both workspaces
             => Janeschmo can access both workspaces
     """
     self.login_as_portal_owner()
     # john is already in A
     # Add Jane to B.
     self.add_user_to_workspace(
         'janeschmo',
         self.workspace_b,
     )
     # the group workspace-a gets added as member to workspace-b
     self.add_user_to_workspace(
         'workspace-a',
         self.workspace_b,
     )
     # the group workspace-b gets added as member to workspace-a
     self.add_user_to_workspace(
         'workspace-b',
         self.workspace_a,
     )
     obj = IGroup(self.workspace_a)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-b', 'admin', 'johndoe']),
                      "Workspace A membership incorrect")
     obj = IGroup(self.workspace_b)
     self.assertEqual(set(obj.getGroupMembers()),
                      set(['workspace-a', 'admin', 'janeschmo']),
                      "Workspace B membership incorrect")
     self.logout()
     # johndoe can now access workspace-a and workspace-b
     self.login('johndoe')
     self.traverse_to_item(self.workspace_a)
     self.traverse_to_item(self.workspace_b)
     self.logout()
     # janeschmo can also access both workspaces
     self.login('janeschmo')
     self.traverse_to_item(self.workspace_a)
     self.traverse_to_item(self.workspace_b)
Ejemplo n.º 16
0
 def test_basic_group_membership(self):
     obj = IGroup(self.workspace_a)
     self.assertEqual(set(obj.getGroupMembers()), set(['johndoe', 'admin']))
Ejemplo n.º 17
0
 def test_group_title(self):
     obj = IGroup(self.workspace_a)
     self.assertEqual(obj.getGroupName(), self.workspace_a.Title())
Ejemplo n.º 18
0
 def test_group_interface_provided(self):
     self.assertTrue(IGroup(self.workspace_a, None) is not None)
 def getGroups(self):
     teams = self.context.aq_inner.contentValues()
     return [IGroup(team).getGroupId() for team in teams]