def test_description_box_is_web_intelligent_formatted_and_xss_safe(
self, browser):
self.login(self.regular_user, browser)
description = u'Anfrage:\r\n\r\n\r\nhttp://www.example.org/'
IOpenGeverBase(self.dossier).description = description
browser.open(self.dossier, view='tabbedview_view-overview')
self.assertEqual('Anfrage:\n\n\nhttp://www.example.org/',
browser.css('#descriptionBox span').first.text)
description = u'<img src="http://not.found/" onerror="script:alert(\'XSS\');" />'
IOpenGeverBase(self.dossier).description = description
browser.open(self.dossier, view='tabbedview_view-overview')
self.assertEqual(
u'<img src="http://not.found/" onerror="script:alert(\'XSS\');" />',
browser.css('#descriptionBox span').first.innerHTML)
def get_item_metadata(self, obj, guid):
path = '/'.join(obj.getPhysicalPath())
title = self.get_title(obj)
parent = aq_parent(obj)
parent_guid = IAnnotations(parent).get(BUNDLE_GUID_KEY)
if obj.portal_type == 'opengever.repository.repositoryfolder':
item_info = OrderedDict([
('guid', guid),
('parent_guid', parent_guid),
('path', path),
('title', title),
('description', obj.description),
('full_reference_number', self.get_reference_number(obj)),
])
elif obj.portal_type == 'opengever.dossier.businesscasedossier':
item_info = OrderedDict([
('guid', guid),
('parent_guid', parent_guid),
('path', path),
('title', title),
('full_reference_number', self.get_reference_number(obj)),
('reference_number', IDossier(obj).reference_number),
('responsible', IDossier(obj).responsible),
('description', IOpenGeverBase(obj).description),
('start', IDossier(obj).start),
('end', IDossier(obj).end),
('review_state', api.content.get_state(obj)),
])
elif obj.portal_type in (
'opengever.document.document', 'ftw.mail.mail'):
file_field = self.get_file_field(obj)
file_size = None
file_name = None
if file_field is not None:
file_size = file_field.getSize()
file_name = file_field.filename
item_info = OrderedDict([
('guid', guid),
('parent_guid', parent_guid),
('path', path),
('title', title),
('file_size', file_size),
('file_name', file_name),
('document_date', obj.document_date),
])
else:
item_info = OrderedDict([
('guid', guid),
('path', path),
('title', title),
])
return item_info
def test_containing_subdossiers_are_linked(self, browser):
self.login(self.regular_user, browser)
IOpenGeverBase(self.subdossier).title = u'S\xfcbdossier <Foo> Bar'
self.subdocument.reindexObject()
browser.open(self.dossier, view='tabbedview_view-documents')
link = browser.css('table.listing').first.css('a.subdossierLink')[-1]
self.assertEqual(u'S\xfcbdossier <Foo> Bar', link.innerHTML)
link.click()
self.assertEqual(browser.url, self.subdossier.absolute_url())
def test_containing_subdossier(self):
self.assertEquals(obj2brain(self.subdossier).containing_subdossier, '')
self.assertEquals(
obj2brain(self.document).containing_subdossier,
'Subd\xc3\xb6ssier XY')
#check subscriber for catch editing subdossier titel
IOpenGeverBase(self.subdossier).title = u'Subd\xf6ssier CHANGED'
self.subdossier.reindexObject()
notify(
ObjectModifiedEvent(self.subdossier,
Attributes(Interface, 'IOpenGeverBase.title')))
self.assertEquals(
obj2brain(self.subdossier).containing_subdossier, u'')
self.assertEquals(
obj2brain(self.document).containing_subdossier,
'Subd\xc3\xb6ssier CHANGED')
def test_containing_dossier(self):
self.login(self.regular_user)
self.subdossier.reindexObject()
self.subdocument.reindexObject()
self.assertEquals(
'Vertr\xc3\xa4ge mit der kantonalen Finanzverwaltung',
obj2brain(self.subdossier).containing_dossier,
)
self.assertEquals(
'Vertr\xc3\xa4ge mit der kantonalen Finanzverwaltung',
obj2brain(self.document).containing_dossier,
)
# Check if the subscribers catch editing the title of a dossier
IOpenGeverBase(self.dossier).title = u"Testd\xf6ssier CHANGED"
self.dossier.reindexObject()
self.subdossier.reindexObject()
self.subdocument.reindexObject()
notify(
ObjectModifiedEvent(
self.dossier,
Attributes(Interface, 'IOpenGeverBase.title'),
))
self.assertEquals(
'Testd\xc3\xb6ssier CHANGED',
obj2brain(self.subdossier).containing_dossier,
)
self.assertEquals(
'Testd\xc3\xb6ssier CHANGED',
obj2brain(self.document).containing_dossier,
)
def test_containing_subdossier(self):
self.login(self.regular_user)
self.subdossier.reindexObject()
self.subdocument.reindexObject()
self.assertEquals(
'',
obj2brain(self.subdossier).containing_subdossier,
)
self.assertEquals(
'2016',
obj2brain(self.subdocument).containing_subdossier,
)
# Check if the subscribers catch editing the title of a subdossier
IOpenGeverBase(self.subdossier).title = u'Subd\xf6ssier CHANGED'
self.subdossier.reindexObject()
self.subdocument.reindexObject()
notify(
ObjectModifiedEvent(
self.subdossier,
Attributes(Interface, 'IOpenGeverBase.title'),
))
self.assertEquals(
u'',
obj2brain(self.subdossier).containing_subdossier,
)
self.assertEquals(
'Subd\xc3\xb6ssier CHANGED',
obj2brain(self.subdocument).containing_subdossier,
)
def migrate_titles(self, obj):
ITranslatedTitle(obj).title_de = IOpenGeverBase(obj).title
obj.reindexObject()