def update_workflow_security(self, workflow_names, reindex_security=True):
"""Updates the object security of all objects with one of the
passed workflows.
`workflows` is expected to be a list of workflow names.
"""
if getattr(workflow_names, '__iter__', None) is None or \
isinstance(workflow_names, (str, unicode)):
raise ValueError('"workflows" must be a list of workflow names.')
from ftw.upgrade.workflow import WorkflowSecurityUpdater
updater = WorkflowSecurityUpdater()
updater.update(workflow_names, reindex_security=reindex_security)
def update_workflow_security(self, workflow_names, reindex_security=True):
"""Updates the object security of all objects with one of the
passed workflows.
`workflows` is expected to be a list of workflow names.
"""
if getattr(workflow_names, '__iter__', None) is None or \
isinstance(workflow_names, (str, unicode)):
raise ValueError(
'"workflows" must be a list of workflow names.')
from ftw.upgrade.workflow import WorkflowSecurityUpdater
updater = WorkflowSecurityUpdater()
updater.update(workflow_names, reindex_security=reindex_security)
def test_updates_disabling_update_security(self):
self.set_workflow_chain(for_type='Folder',
to_workflow='folder_workflow')
folder = create(Builder('folder'))
folder.manage_permission('View', roles=['Reader'], acquire=False)
folder.reindexObjectSecurity()
self.assertEquals(['Reader'],
self.get_allowed_roles_and_users(for_object=folder))
updater = WorkflowSecurityUpdater()
updater.update(['folder_workflow'], reindex_security=False)
self.assertEquals(['Reader'],
self.get_allowed_roles_and_users(for_object=folder))
updater.update(['folder_workflow'], reindex_security=True)
self.assertEquals(['Anonymous'],
self.get_allowed_roles_and_users(for_object=folder))
def update_workflow_security(self,
workflow_names,
reindex_security=True,
savepoints=1000):
"""Updates the object security of all objects with one of the
passed workflows.
`workflows` is expected to be a list of workflow names.
If `savepoints` is None, no savepoints will be created.
"""
if getattr(workflow_names, '__iter__', None) is None or \
isinstance(workflow_names, (str, six.text_type)):
raise ValueError('"workflows" must be a list of workflow names.')
from ftw.upgrade.workflow import WorkflowSecurityUpdater
updater = WorkflowSecurityUpdater()
updater.update(workflow_names,
reindex_security=reindex_security,
savepoints=savepoints)
def test_updates_only_objects_with_specified_workflows(self):
self.set_workflow_chain(for_type='Folder',
to_workflow='folder_workflow')
folder = create(Builder('folder'))
folder.manage_permission('View', roles=[], acquire=True)
self.set_workflow_chain(for_type='Document',
to_workflow='simple_publication_workflow')
document = create(Builder('document'))
document.manage_permission('View', roles=[], acquire=True)
self.assert_permission_acquired('View', folder)
self.assert_permission_acquired('View', document)
updater = WorkflowSecurityUpdater()
updater.update(['folder_workflow'])
self.assert_permission_not_acquired(
'View', folder, 'The folder should have been updated but wasnt.')
self.assert_permission_acquired(
'View', document,
'The document should NOT have been updated but it was.')
def test_respects_placeful_workflows_when_updating(self):
container = create(Builder('folder'))
document = create(Builder('document').within(container))
self.create_placeful_workflow_policy(
named='local_workflow',
with_workflows={'Document': 'simple_publication_workflow'})
activator = PlacefulWorkflowPolicyActivator(container)
activator.activate_policy(
'local_workflow',
review_state_mapping={
(None, 'simple_publication_workflow'): {
None: 'private'}})
document.manage_permission('View', roles=[],
acquire=True)
self.assert_permission_acquired('View', document)
updater = WorkflowSecurityUpdater()
updater.update(['simple_publication_workflow'])
self.assert_permission_not_acquired(
'View', document,
'The document should have been updated but was not.')
def test_updates_only_objects_with_specified_workflows(self):
self.set_workflow_chain(for_type='Folder',
to_workflow='folder_workflow')
folder = create(Builder('folder'))
folder.manage_permission('View', roles=[],
acquire=True)
self.set_workflow_chain(for_type='Document',
to_workflow='simple_publication_workflow')
document = create(Builder('document'))
document.manage_permission('View', roles=[],
acquire=True)
self.assert_permission_acquired('View', folder)
self.assert_permission_acquired('View', document)
updater = WorkflowSecurityUpdater()
updater.update(['folder_workflow'])
self.assert_permission_not_acquired(
'View', folder, 'The folder should have been updated but wasnt.')
self.assert_permission_acquired(
'View', document,
'The document should NOT have been updated but it was.')
def test_respects_placeful_workflows_when_updating(self):
container = create(Builder('folder'))
document = create(Builder('document').within(container))
self.create_placeful_workflow_policy(
named='local_workflow',
with_workflows={'Document': 'simple_publication_workflow'})
activator = PlacefulWorkflowPolicyActivator(container)
activator.activate_policy('local_workflow',
review_state_mapping={
(None, 'simple_publication_workflow'): {
None: 'private'
}
})
document.manage_permission('View', roles=[], acquire=True)
self.assert_permission_acquired('View', document)
updater = WorkflowSecurityUpdater()
updater.update(['simple_publication_workflow'])
self.assert_permission_not_acquired(
'View', document,
'The document should have been updated but was not.')
def get_documents_and_mails_in_committee_containers(self):
committee_container_brains = self.catalog_unrestricted_search(
{'object_provides': ICommitteeContainer.__identifier__})
if not committee_container_brains:
return []
query = {
'path':
map(methodcaller('getPath'), committee_container_brains),
'portal_type':
WorkflowSecurityUpdater().get_suspected_types(
['opengever_document_workflow', 'opengever_mail_workflow'])
}
message = 'Update document- and mail-workflow in committee containers.'
return self.objects(query, message)
def test_updates_disabling_update_security(self):
self.set_workflow_chain(for_type='Folder',
to_workflow='folder_workflow')
folder = create(Builder('folder'))
folder.manage_permission('View', roles=['Reader'], acquire=False)
folder.reindexObjectSecurity()
self.assertEquals(['Reader'],
self.get_allowed_roles_and_users(for_object=folder))
updater = WorkflowSecurityUpdater()
updater.update(['folder_workflow'], reindex_security=False)
self.assertEquals(['Reader'],
self.get_allowed_roles_and_users(for_object=folder))
updater.update(['folder_workflow'], reindex_security=True)
self.assertEquals(['Anonymous'],
self.get_allowed_roles_and_users(for_object=folder))
