def testSalesforcePermissions(self):
     """ Make sure that the Manager role has the Salesforce read and write permissions,
         by default. """
     self.setRoles(())
     self.failIf(checkPermission(SalesforceRead, self.portal))
     self.failIf(checkPermission(SalesforceWrite, self.portal))
     self.setRoles(('Manager',))
     self.failUnless(checkPermission(SalesforceRead, self.portal))
     self.failUnless(checkPermission(SalesforceWrite, self.portal))
 def testSalesforcePermissions(self):
     """ Make sure that the Manager role has the Salesforce read and write permissions,
         by default. """
     self.setRoles(())
     self.failIf(checkPermission(SalesforceRead, self.portal))
     self.failIf(checkPermission(SalesforceWrite, self.portal))
     self.setRoles(('Manager', ))
     self.failUnless(checkPermission(SalesforceRead, self.portal))
     self.failUnless(checkPermission(SalesforceWrite, self.portal))
Example #3
0
    def test_join_policy_admin(self):
        """
        in an admin managed workspace, a user needs the
        manage workspace permission to update users
        """
        self.login_as_portal_owner()
        workspace = api.content.create(
            self.workspace_container,
            'ploneintranet.workspace.workspacefolder',
            'workspace'
        )
        workspace.join_policy = 'admin'

        username = '******'
        api.user.create(username=username, email='*****@*****.**')
        self.add_user_to_workspace(username, workspace)

        self.login(username)
        self.assertFalse(
            checkPermission(
                "ploneintranet.workspace: Manage workspace",
                workspace
            ),
        )
        # we're not relying on Manage roster anywhere, but verify anyway
        self.assertFalse(
            checkPermission(
                'collective.workspace: Manage roster',
                workspace
            ),
        )

        self.request['REQUEST_METHOD'] = 'POST'
        edit_form = EditRoster(workspace, self.request)
        settings = [
            {
                'id': 'wsadmin',
                'member': True,
                'admin': False,
            },
            {
                'id': 'wsmember',
                'member': True,
            },
        ]
        self.assertRaises(
            Unauthorized,
            edit_form.update_users,
            settings,
        )
Example #4
0
    def test_join_policy_team(self):
        """
        in a team managed workspace a user only needs the view roster
        permission to update users
        """
        self.login_as_portal_owner()
        workspace = api.content.create(
            self.workspace_container,
            'ploneintranet.workspace.workspacefolder', 'workspace')
        workspace.join_policy = 'team'

        username = '******'
        api.user.create(username=username, email='*****@*****.**')
        self.add_user_to_workspace(username, workspace)

        self.login(username)
        self.assertTrue(
            checkPermission('collective.workspace: View roster', workspace), )
        self.request['REQUEST_METHOD'] = 'POST'
        edit_form = EditRoster(workspace, self.request)
        settings = [
            {
                'id': 'member2',
                'member': True,
            },
            {
                'id': 'regular_member',
                'member': True,
            },
        ]
        edit_form.update_users(settings)
Example #5
0
 def can_manage_workspace(self):
     """
     does this user have permission to manage the workspace
     """
     return checkPermission(
         "ploneintranet.workspace: Manage workspace",
         self.context,
     )
Example #6
0
 def can_manage_workspace(self):
     """
     does this user have permission to manage the workspace
     """
     return checkPermission(
         "ploneintranet.workspace: Manage workspace",
         self.context,
     )
Example #7
0
    def update_users(self, entries):
        """Update user properties on the roster """
        ws = IWorkspace(self.context)
        members = ws.members

        # check user permissions against join policy
        join_policy = self.context.join_policy
        if (join_policy == "admin"
            and not checkPermission(
                "collective.workspace: Manage roster",
                self.context)):
            raise Unauthorized("You are not allowed to add users here")

        for entry in entries:
            id = entry.get('id')
            is_member = bool(entry.get('member'))
            is_admin = bool(entry.get('admin'))

            # Existing members
            if id in members:
                member = members[id]
                if not is_member:
                    if checkPermission(
                            "ploneintranet.workspace: Manage workspace",
                            self.context):
                        ws.membership_factory(ws, member).remove_from_team()
                    else:
                        raise Unauthorized(
                            "Only team managers can remove members")
                elif not is_admin:
                    ws.membership_factory(ws, member).groups -= {'Admins'}
                else:
                    ws.membership_factory(ws, member).groups |= {'Admins'}

            # New members
            elif id not in members and (is_member or is_admin):
                groups = set()
                if is_admin:
                    groups.add('Admins')
                ws.add_to_team(user=id, groups=groups)
Example #8
0
    def update_users(self, entries):
        """Update user properties on the roster """
        ws = IWorkspace(self.context)
        members = ws.members

        # check user permissions against join policy
        join_policy = self.context.join_policy
        if (join_policy == "admin" and not checkPermission(
                "ploneintranet.workspace: Manage workspace", self.context)):
            raise Unauthorized("You are not allowed to add users here")

        for entry in entries:
            id = entry.get('id')
            is_member = bool(entry.get('member'))
            is_admin = bool(entry.get('admin'))

            # Existing members
            if id in members:
                member = members[id]
                if not is_member:
                    if checkPermission(
                            "ploneintranet.workspace: Manage workspace",
                            self.context):
                        ws.membership_factory(ws, member).remove_from_team()
                    else:
                        raise Unauthorized(
                            "Only team managers can remove members")
                elif not is_admin:
                    ws.membership_factory(ws, member).groups -= {'Admins'}
                else:
                    ws.membership_factory(ws, member).groups |= {'Admins'}

            # New members
            elif id not in members and (is_member or is_admin):
                groups = set()
                if is_admin:
                    groups.add('Admins')
                ws.add_to_team(user=id, groups=groups)
Example #9
0
    def test_join_policy_team(self):
        """
        in a team managed workspace a user only needs the view roster
        permission to update users
        """
        self.login_as_portal_owner()
        workspace = api.content.create(
            self.workspace_container,
            'ploneintranet.workspace.workspacefolder',
            'workspace'
        )
        workspace.join_policy = 'team'

        username = '******'
        api.user.create(username=username, email='*****@*****.**')
        self.add_user_to_workspace(username, workspace)

        self.login(username)
        self.assertTrue(
            checkPermission(
                'collective.workspace: View roster',
                workspace
            ),
        )
        self.request['REQUEST_METHOD'] = 'POST'
        edit_form = EditRoster(workspace, self.request)
        settings = [
            {
                'id': 'member2',
                'member': True,
            },
            {
                'id': 'regular_member',
                'member': True,
            },
        ]
        edit_form.update_users(settings)