def test_protect_dossier_will_disable_role_inheritance(self):
self.login(self.dossier_manager)
self.assertFalse(getattr(self.dossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = ['kathi.barfuss']
dossier_protector.protect()
self.assertTrue(getattr(self.dossier, '__ac_local_roles_block__', False))
dossier_protector.reading = []
dossier_protector.protect()
self.assertFalse(getattr(self.dossier, '__ac_local_roles_block__', False))
def test_full_dossier_protection_check(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId(), 'projekt_a']
dossier_protector.reading_and_writing = [self.secretariat_user.getId(),
'projekt_b']
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assert_local_roles(
dossier_protector.READING_ROLES,
self.regular_user.getId(), self.dossier)
self.assert_local_roles(
dossier_protector.READING_ROLES,
'projekt_a', self.dossier)
self.assert_local_roles(
dossier_protector.READING_AND_WRITING_ROLES,
self.secretariat_user.getId(), self.dossier)
self.assert_local_roles(
dossier_protector.READING_AND_WRITING_ROLES,
'projekt_b', self.dossier)
self.assert_local_roles(
dossier_protector.DOSSIER_MANAGER_ROLES,
self.dossier_manager.getId(), self.dossier)
def test_subdossiers_the_user_cannot_view_can_also_block_deactivation(
self, browser):
with self.login(self.dossier_manager):
# Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
self.assertFalse(
getattr(self.subsubdossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.subsubdossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.secretariat_user.getId()]
dossier_protector.protect()
self.assertTrue(
getattr(self.subsubdossier, '__ac_local_roles_block__', False))
self.assertFalse(
api.user.has_permission('View',
user=self.regular_user,
obj=self.subsubdossier),
'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
)
# Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user
RoleAssignmentManager(self.subdossier).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(),
['Reader', 'Contributor', 'Editor']))
self.login(self.regular_user, browser)
self.deactivate(self.subdossier, browser)
expected_msgs = [
u"The Dossier 2016 contains a subdossier "
u"which can't be deactivated by the user."
]
self.assert_errors(self.subdossier, browser, expected_msgs)
def test_full_dossier_protection_check(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId(), 'projekt_a']
dossier_protector.reading_and_writing = [
self.secretariat_user.getId(), 'projekt_b'
]
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assert_local_roles(dossier_protector.READING_ROLES,
self.regular_user.getId(), self.dossier)
self.assert_local_roles(dossier_protector.READING_ROLES, 'projekt_a',
self.dossier)
self.assert_local_roles(dossier_protector.READING_AND_WRITING_ROLES,
self.secretariat_user.getId(), self.dossier)
self.assert_local_roles(dossier_protector.READING_AND_WRITING_ROLES,
'projekt_b', self.dossier)
self.assert_local_roles(dossier_protector.DOSSIER_MANAGER_ROLES,
self.dossier_manager.getId(), self.dossier)
def test_protect_dossier_will_disable_role_inheritance(self):
self.login(self.dossier_manager)
self.assertFalse(
getattr(self.dossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = ['kathi.barfuss']
dossier_protector.protect()
self.assertTrue(
getattr(self.dossier, '__ac_local_roles_block__', False))
dossier_protector.reading = []
dossier_protector.protect()
self.assertFalse(
getattr(self.dossier, '__ac_local_roles_block__', False))
def test_protect_dossier_will_add_selected_reading_users_to_localroles(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
self.assert_local_roles(
dossier_protector.READING_ROLES,
self.regular_user.getId(), self.dossier)
def test_protect_dossier_will_add_selected_reading_users_to_localroles(
self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
self.assert_local_roles(dossier_protector.READING_ROLES,
self.regular_user.getId(), self.dossier)
def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
view = getMultiAdapter((self.dossier, self.request),
name="check_protect_dossier_consistency")
self.assertIsNone(json.loads(view()).get('messages'))
def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(
self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
view = getMultiAdapter((self.dossier, self.request),
name="check_protect_dossier_consistency")
self.assertIsNone(json.loads(view()).get('messages'))
def test_protect_dossier_wont_exclude_current_logged_in_user(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assert_local_roles(
IProtectDossier(self.dossier).DOSSIER_MANAGER_ROLES,
self.dossier_manager.getId(), self.dossier)
def test_check_protect_dossier_consistency_returns_error_msg_if_inconsistent(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
self.dossier.manage_setLocalRoles(self.regular_user.getId(), ['DossierManager'])
view = getMultiAdapter((self.dossier, self.request),
name="check_protect_dossier_consistency")
self.assertEqual(1, len(json.loads(view()).get('messages')))
def test_protect_dossier_wont_exclude_current_logged_in_user(self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assert_local_roles(
IProtectDossier(self.dossier).DOSSIER_MANAGER_ROLES,
self.dossier_manager.getId(), self.dossier)
def test_check_protect_dossier_consistency_returns_error_msg_if_inconsistent(
self):
self.login(self.dossier_manager)
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.protect()
self.dossier.manage_setLocalRoles(self.regular_user.getId(),
['DossierManager'])
view = getMultiAdapter((self.dossier, self.request),
name="check_protect_dossier_consistency")
self.assertEqual(1, len(json.loads(view()).get('messages')))
def test_reindex_object_security_on_dossier(self):
self.login(self.dossier_manager)
self.assertItemsEqual([
'Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
'user:fa_users', 'user:{}'.format(self.regular_user.getId())
], self.get_allowed_roles_and_users_for(self.dossier))
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.reading_and_writing = []
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assertItemsEqual([
'Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
'user:{}'.format(self.dossier_manager.getId()), 'user:{}'.format(
self.regular_user.getId())
], self.get_allowed_roles_and_users_for(self.dossier))
def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(self):
self.login(self.dossier_manager)
RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
SharingRoleAssignment(self.dossier_responsible.id, ['Reader']))
RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
SharingRoleAssignment(
self.dossier_responsible.id,
['Reader', 'Editor', 'Contributor', 'Reviewer',
'Publisher', 'DossierManager', 'Owner']))
dossier_protector = IProtectDossier(self.empty_dossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.dossier_responsible.id]
dossier_protector.protect()
view = getMultiAdapter((self.empty_dossier, self.request),
name="check_protect_dossier_consistency")
self.assertIsNone(json.loads(view()).get('messages'))
def test_reindex_object_security_on_dossier(self):
self.login(self.dossier_manager)
self.assertItemsEqual(
['Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
'user:fa_users', 'user:{}'.format(self.regular_user.getId())],
self.get_allowed_roles_and_users_for(self.dossier))
dossier_protector = IProtectDossier(self.dossier)
dossier_protector.reading = [self.regular_user.getId()]
dossier_protector.reading_and_writing = []
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.protect()
self.assertItemsEqual(
['Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
'user:{}'.format(self.dossier_manager.getId()),
'user:{}'.format(self.regular_user.getId())],
self.get_allowed_roles_and_users_for(self.dossier))
def test_get_subdossiers_unrestricted_search(self):
self.login(self.dossier_manager)
# Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.subsubdossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.secretariat_user.getId()]
dossier_protector.protect()
self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
self.assertFalse(
api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
)
with self.login(self.regular_user):
restricted_subdossiers = self.subdossier.get_subdossiers()
unrestricted_subdossiers = self.subdossier.get_subdossiers(unrestricted=True)
self.assertSequenceEqual([], map(self.brain_to_object, restricted_subdossiers))
self.assertSequenceEqual([self.subsubdossier], map(self.brain_to_object, unrestricted_subdossiers))
def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(
self):
self.login(self.dossier_manager)
RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
SharingRoleAssignment(self.dossier_responsible.id, ['Reader']))
RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
SharingRoleAssignment(self.dossier_responsible.id, [
'Reader', 'Editor', 'Contributor', 'Reviewer', 'Publisher',
'DossierManager', 'Owner'
]))
dossier_protector = IProtectDossier(self.empty_dossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.dossier_responsible.id]
dossier_protector.protect()
view = getMultiAdapter((self.empty_dossier, self.request),
name="check_protect_dossier_consistency")
self.assertIsNone(json.loads(view()).get('messages'))
def test_get_subdossiers_unrestricted_search(self):
self.login(self.dossier_manager)
# Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.subsubdossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.secretariat_user.getId()]
dossier_protector.protect()
self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
self.assertFalse(
api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
)
with self.login(self.regular_user):
restricted_subdossiers = self.subdossier.get_subdossiers()
unrestricted_subdossiers = self.subdossier.get_subdossiers(unrestricted=True)
self.assertSequenceEqual([], map(self.brain_to_object, restricted_subdossiers))
self.assertSequenceEqual([self.subsubdossier], map(self.brain_to_object, unrestricted_subdossiers))
def test_subdossiers_the_user_cannot_view_can_also_block_deactivation(self, browser):
with self.login(self.dossier_manager):
# Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
dossier_protector = IProtectDossier(self.subsubdossier)
dossier_protector.dossier_manager = self.dossier_manager.getId()
dossier_protector.reading = [self.secretariat_user.getId()]
dossier_protector.protect()
self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
self.assertFalse(
api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
)
# Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user
RoleAssignmentManager(self.subdossier).add_or_update_assignment(
SharingRoleAssignment(self.regular_user.getId(), ['Reader', 'Contributor', 'Editor']))
self.login(self.regular_user, browser)
self.deactivate(self.subdossier, browser)
expected_msgs = [u"The Dossier 2016 contains a subdossier "
u"which can't be deactivated by the user."]
self.assert_errors(self.subdossier, browser, expected_msgs)