def test_cant_create_adhoc_when_no_access_to_meeting_dossier(self, browser): self.login(self.committee_responsible, browser) browser.open(self.meeting, view='agenda_items/schedule_text', data={'title': u'Fail', '_authenticator': createToken()}) self.assertEquals( {u'messages': [ {u'messageTitle': u'Information', u'message': u'Text successfully added.', u'messageClass': u'info'}], u'proceed': True}, browser.json) with self.login(self.administrator): # Let committee_responsible have no access to meeting_dossier self.meeting_dossier.__ac_local_roles_block__ = True self.meeting_dossier.reindexObjectSecurity() self.login(self.committee_responsible, browser) with browser.expect_http_error(code=403): browser.open(self.meeting, view='agenda_items/schedule_text', data={'title': u'Fail', '_authenticator': createToken()}) self.assertEquals( {u'messages': [ {u'messageTitle': u'Error', u'message': u'Insufficient privileges to add a document ' 'to the meeting dossier.', u'messageClass': u'error'}]}, browser.json)
def test_reopening_creates_history_entry(self, browser): self.submit_proposal() transaction.commit() browser.login().open( self.meeting.get_url(view='unscheduled_proposals/1/schedule')) browser.open(self.meeting.get_url(view='agenda_items/1/decide'), data={'_authenticator': createToken()}) browser.open(self.meeting.get_url(view='agenda_items/1/reopen'), data={'_authenticator': createToken()}) self.assert_proposal_history_records( u'Proposal reopened by Test User (test_user_1_)', with_submitted=True)
def test_can_only_add_invitations_with_Workspace_related_roles(self, browser): self.login(self.workspace_admin, browser=browser) with browser.expect_http_error(403): browser.open(self.workspace.absolute_url() + '/manage-participants/add', data={'userid': self.regular_user.getId(), 'role': 'Reader', '_authenticator': createToken()}) with browser.expect_http_error(500): browser.open(self.workspace.absolute_url() + '/manage-participants/add', data={'userid': self.regular_user.getId(), 'role': 'Site Administrator', '_authenticator': createToken()})
def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well(self, browser): self.login(self.committee_responsible, browser) agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus') agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux') browser.open(self.agenda_item_url(agenda_item_1, 'decide'), data={'_authenticator': createToken()}) self.assertEquals(self.meeting.absolute_url(), browser.json.get('redirectUrl')) browser.open(self.agenda_item_url(agenda_item_2, 'decide'), data={'_authenticator': createToken()}) self.assertEquals(None, browser.json.get('redirectUrl'))
def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well( self, browser): self.login(self.committee_responsible, browser) agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus') agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux') browser.open(self.agenda_item_url(agenda_item_1, 'decide'), data={'_authenticator': createToken()}) self.assertEquals(self.meeting.absolute_url(), browser.json.get('redirectUrl')) browser.open(self.agenda_item_url(agenda_item_2, 'decide'), data={'_authenticator': createToken()}) self.assertEquals(None, browser.json.get('redirectUrl'))
def test_revising_creates_history_entry(self, browser): self.submit_proposal() transaction.commit() browser.login().open( self.meeting.get_url(view='unscheduled_proposals/1/schedule')) browser.open(self.meeting.get_url(view='agenda_items/1/decide'), data={'_authenticator': createToken()}) browser.open(self.meeting.get_url(view='agenda_items/1/reopen'), data={'_authenticator': createToken()}) browser.open(self.meeting.get_url(view='agenda_items/1/revise'), data={'_authenticator': createToken()}) self.open_overview(browser) self.assertEqual(u'Proposal revised by Test User (test_user_1_)', self.get_latest_history_entry_text(browser))
def test_cannot_accept_invalid_invitation(self, browser): self.login(self.regular_user, browser=browser) with browser.expect_http_error(503): browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept', data={'iid': 'someinvalidiid', '_authenticator': createToken()})
def test_decide_agenda_item_creates_locked_excerpt_in_dossier(self, browser): self.setup_excerpt_template() proposal = self.setup_proposal() # schedule view = 'unscheduled_proposals/{}/schedule'.format( proposal.load_model().proposal_id) browser.login().open(self.meeting_wrapper, view=view) agenda_item = AgendaItem.query.first() browser.login().open( self.meeting_wrapper, view='agenda_items/{}/decide'.format(agenda_item.agenda_item_id), data={'_authenticator': createToken()}) agenda_item = AgendaItem.query.first() # refresh proposal = agenda_item.proposal excerpt_in_dossier = proposal.excerpt_document.resolve_document() lockable = ILockable(excerpt_in_dossier) self.assertTrue(lockable.locked()) self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK)) browser.open(excerpt_in_dossier) self.assertEqual(u'This document is a copy of the excerpt Fooo - ' u'C\xf6mmunity meeting from the meeting C\xf6mmunity ' u'meeting and cannot be edited directly.', info_messages()[0]) message_links = browser.css('.portalMessage.info a') self.assertEqual( 'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3', message_links[0].get('href')) self.assertEqual( 'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view', message_links[1].get('href'))
def test_document_status_json(self): site_id = api.portal.get().id path_segments = [ s for s in self.document.getPhysicalPath() if s != site_id ] document_path = '/'.join(path_segments) response = self.api.get(document_path + '/status').json() self.assertIn('int_id', response) self.assertEqual( getUtility(IIntIds).getId(self.document), response['int_id']) self.assertIn('title', response) self.assertEqual(self.document.title_or_id(), response['title']) self.assertIn('checked_out', response) self.assertEqual(False, response['checked_out']) self.assertIn('checked_out_by', response) self.assertEqual(None, response['checked_out_by']) # Check out the document self.api.headers.update({'Accept': 'text/html'}) self.api.get(document_path + '/@@checkout_documents' + '?_authenticator={}'.format(createToken())) self.api.headers.update({'Accept': 'application/json'}) response = self.api.get(document_path + '/status').json() self.assertIn('checked_out', response) self.assertEqual(True, response['checked_out']) self.assertIn('checked_out_by', response) self.assertEqual(TEST_USER_ID, response['checked_out_by'])
def test_can_only_add_invitations_with_the_right_permission(self, browser): self.login(self.workspace_member, browser=browser) with browser.expect_http_error(400): browser.open(self.workspace.absolute_url() + '/manage-participants/add', data={'userid': self.regular_user.getId(), 'role': 'WorkspaceAdmin', '_authenticator': createToken()})
def test_add_invitiation(self, browser): self.login(self.workspace_admin, browser=browser) browser.open(self.workspace.absolute_url() + '/manage-participants/add', data={'userid': self.regular_user.getId(), 'role': 'WorkspaceGuest', '_authenticator': createToken()}) invitations = tuple(self.storage.iter_invitions_for_context(self.workspace)) self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.') invitations_in_response = filter( lambda entry: entry['type_'] == 'invitation', browser.json) self.assertEquals(1, len(invitations_in_response), 'Expect one invitation in response') self.assertDictEqual( {u'can_manage': True, u'token': invitations[0]['iid'], u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)', u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)', u'roles': [u'WorkspaceGuest'], u'type_': u'invitation', u'userid': u'kathi.barfuss'}, invitations_in_response[0])
def test_repository_folder(self, browser): self.grant('Manager') browser.login().open() factoriesmenu.add('RepositoryRoot') browser.fill({'Title': 'Registraturplan'}).save() self.assertEquals(('tabbed_view', 'opengever-repository-repositoryroot'), plone.view_and_portal_type()) registraturplan = browser.context # This will cause a WRITE to registraturplan the first time it is accessed. browser.open(registraturplan, view='++add++opengever.repository.repositoryfolder', data={'_authenticator': createToken()}) browser.fill({'Title': 'Accounting'}).save() self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'), plone.view_and_portal_type()) accounting = browser.context self.assertEquals(u'1', IReferenceNumberPrefix(accounting).reference_number_prefix) self.assertEquals(('test_user_1_',), accounting.listCreators()) browser.open(registraturplan) factoriesmenu.add('RepositoryFolder') browser.fill({'Title': 'Custody'}).save() self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'), plone.view_and_portal_type()) custody = browser.context self.assertEquals(u'2', IReferenceNumberPrefix(custody).reference_number_prefix)
def test_update_appraisal_for_multiple_dossiers_via_update_view(self, browser): repository2 = create(Builder('repository').within(self.root)) dossier3 = create(Builder('dossier') .having(archival_value=ARCHIVAL_VALUE_SAMPLING) .as_expired() .within(repository2)) dossier4 = create(Builder('dossier') .having(archival_value=ARCHIVAL_VALUE_SAMPLING) .as_expired() .within(repository2)) disposition = create(Builder('disposition') .within(self.root) .having(dossiers=[self.dossier1, self.dossier2, dossier3, dossier4])) intids = getUtility(IIntIds) dossier_ids = [intids.getId(self.dossier1), intids.getId(dossier3), intids.getId(dossier4)] browser.login().open(disposition, view='update_appraisal_view', data={'_authenticator': createToken(), 'dossier-ids': json.dumps(dossier_ids), 'should_be_archived': json.dumps(True)}) self.assertTrue(IAppraisal(disposition).get(self.dossier1)) self.assertTrue(IAppraisal(disposition).get(dossier3)) self.assertTrue(IAppraisal(disposition).get(dossier4))
def get_base_payloads(self): # Require an authenticated user if not api.user.is_anonymous(): documents = [] for uuid in self.uuids: document = api.content.get(UID=uuid) if self.document_is_valid(document): documents.append(document) else: # Fail per default raise Forbidden if documents: payloads = [] for document in documents: payloads.append({ 'csrf-token': createToken(), 'document-url': document.absolute_url(), 'document': document, }) return payloads # Fail per default raise NotFound
def test_multi_checkin_does_not_checkin_locked_documents(self, browser): self.login(self.regular_user, browser) browser.open(self.document, view='tabbedview_view-overview') browser.find('Checkout and edit').click() browser.open(self.subdocument, view='tabbedview_view-overview') browser.find('Checkout and edit').click() lockable = IRefreshableLockable(self.document) lockable.lock() browser.open( self.dossier, method='POST', data={ 'paths': [ obj2brain(self.document).getPath(), obj2brain(self.subdocument).getPath(), ], 'checkin_without_comment:method': 1, '_authenticator': createToken(), }, ) manager = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals('kathi.barfuss', manager.get_checked_out_by()) manager = getMultiAdapter((self.subdocument, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals(None, manager.get_checked_out_by()) self.assertEquals([u'Could not check in document Vertr\xe4gsentwurf'], error_messages())
def test_officeconnector_reauth_does_not_checkout(self, browser): api.portal.set_registry_record( 'direct_checkout_and_edit_enabled', True, interface=IOfficeConnectorSettings) transaction.commit() # We cannot freeze time due to the test browser being threaded oc_url = create_oc_url( self.doc1.REQUEST, self.doc1, {'action': 'checkout'}) decoded_oc_url = jwt.decode( oc_url.split(':')[-1], verify=False, algorithms=('HS256',)) redirector_js = browser.login().open( self.doc1, view='checkout_documents' '?_authenticator={}&mode=external&reauth=1' .format(createToken()), ).css('script.redirector')[0].text tokens_from_js = [token for token in redirector_js.split("\'") if 'oc:' in token] self.assertEqual(3, len(tokens_from_js)) parsed_oc_url = tokens_from_js[0] decoded_parsed_oc_url = jwt.decode( parsed_oc_url.split(':')[-1], verify=False, algorithms=('HS256',)) # Take out the timestamps del decoded_oc_url['exp'] del decoded_parsed_oc_url['exp'] self.assertEqual(decoded_oc_url, decoded_parsed_oc_url) self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
def test_cannot_accept_invalid_invitation(self, browser): self.login(self.regular_user, browser=browser) with browser.expect_http_error(400): browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept', data={'iid': 'someinvalidiid', '_authenticator': createToken()})
def test_cancel_checkouts_action_needs_confirmation(self, browser): self.login(self.regular_user, browser=browser) manager = getMultiAdapter((self.document, self.request), ICheckinCheckoutManager) manager.checkout() browser.open(self.dossier, view="tabbedview_view-documents-proxy") self.assertEqual('cancel_documents_checkout_confirmation:method', browser.find("Cancel").get("href")) paths = [ self.document.absolute_url_path(), self.subdocument.absolute_url_path() ] browser.open( self.dossier, { 'paths': paths, '_authenticator': createToken() }, view='cancel_documents_checkout_confirmation', ) self.assertEqual('kathi.barfuss', manager.get_checked_out_by()) browser.click_on("Cancel checkout") self.assertEqual(None, manager.get_checked_out_by())
def test_multi_checkin_from_tabbedview_with_comment(self, browser): document2 = create(Builder("document") .checked_out() .within(self.dossier)) browser.login().open( self.dossier, data={'paths': [obj2brain(self.document).getPath(), obj2brain(document2).getPath()], 'checkin_documents:method': 1, '_authenticator': createToken()}) # fill and submit checkin form browser.fill({ 'Journal Comment Describe, why you checkin the selected documents': 'Checkini' }) browser.css('#form-buttons-button_checkin').first.click() manager1 = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals(None, manager1.get_checked_out_by()) manager2 = getMultiAdapter((document2, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals(None, manager2.get_checked_out_by()) # check last history entry to verify the checkin repository_tool = getToolByName(document2, 'portal_repository') history = repository_tool.getHistory(document2) last_entry = repository_tool.retrieve(document2, len(history)-1) self.assertEquals('Checkini', last_entry.comment)
def test_error_when_untrashing_removed_document(self, browser): self.login(self.manager, browser=browser) data = self.make_path_param(self.empty_document) data['_authenticator'] = createToken() self.trash_documents(self.empty_document) Remover([self.empty_document]).remove() # Removed document cannot be untrashed browser.open(self.empty_dossier, view="untrashed", data=data) self.assertTrue(ITrashed.providedBy(self.empty_document)) self.assertEquals( [u'Untrashing {} is forbidden'.format(self.empty_document.title)], error_messages()) # When restored, document can be untrashed api.content.transition( obj=self.empty_document, transition=self.empty_document.restore_transition) self.assertEqual(self.empty_document.active_state, api.content.get_state(self.empty_document)) browser.open(self.empty_dossier, view="untrashed", data=data) self.assertFalse(ITrashed.providedBy(self.empty_document))
def test_only_expired_dossiers_can_be_added(self, browser): self.login(self.records_manager, browser) data = { 'paths:list': obj2paths([self.expired_dossier]), '_authenticator': createToken() } self.assertEqual(date(2000, 12, 31), IDossier(self.expired_dossier).end) with freeze(datetime(2001, 1, 1)): browser.open(self.repository_root, view='++add++opengever.disposition.disposition', data=data) browser.find('Save').click() self.assertEquals(['There were some errors.'], error_messages()) self.assertEquals([ 'The retention period of the selected dossiers is not expired.' ], browser.css('.fieldErrorBox .error').text) with freeze(datetime(2021, 1, 1)): browser.open(self.repository_root, view='++add++opengever.disposition.disposition', data=data) browser.find('Save').click() self.assertEquals([], error_messages()) self.assertEquals(['Item created'], info_messages())
def test_cant_create_adhoc_when_no_access_to_meeting_dossier( self, browser): with self.login(self.administrator): # Let committee_responsible have no access to meeting_dossier self.meeting_dossier.__ac_local_roles_block__ = True self.meeting_dossier.reindexObjectSecurity() self.login(self.committee_responsible, browser) browser.open(self.meeting, view='agenda_items/schedule_text', data={ 'title': u'Fail', '_authenticator': createToken() }) self.assertEquals( { u'messages': [{ u'messageTitle': u'Error', u'message': u'Insufficient privileges to add a document ' 'to the meeting dossier.', u'messageClass': u'error' }], u'proceed': False }, browser.json)
def test_only_expired_dossiers_can_be_added(self, browser): self.login(self.records_manager, browser) data = {'paths:list': obj2paths([self.expired_dossier]), '_authenticator': createToken()} self.assertEqual(date(2000, 12, 31), IDossier(self.expired_dossier).end) with freeze(datetime(2001, 1, 1)): browser.open(self.repository_root, view='++add++opengever.disposition.disposition', data=data) browser.find('Save').click() self.assertEquals(['There were some errors.'], error_messages()) self.assertEquals( ['The retention period of the selected dossiers is not expired.'], browser.css('.fieldErrorBox .error').text) with freeze(datetime(2021, 1, 1)): browser.open(self.repository_root, view='++add++opengever.disposition.disposition', data=data) browser.find('Save').click() self.assertEquals([], error_messages()) self.assertEquals(['Item created'], info_messages())
def test_execute(self): from Acquisition import Implicit from Testing.makerequest import makerequest from plone.app.z3cform.csrf import AuthenticatedButtonActions from plone.protect import createToken class DummyForm(object): enableCSRFProtection = True class DummyAction(object): def isExecuted(self): return True def execute(self): self.called = True form = DummyForm() request = makerequest(Implicit()).REQUEST request.form['_authenticator'] = createToken() actions = AuthenticatedButtonActions(form, request, None) actions._data['foo'] = action = DummyAction() actions._data_keys = ['foo'] actions._data_values = [action] actions.execute()
def publish(self, path, basic=None, env=None, extra=None, request_method="GET", stdin=None, handle_errors=True): """ Override publish method using zope.testbrowser with CSFR protection """ if not extra: extra = {} extra["_authenticator"] = createToken() return ATTestCase.publish(self, path, basic, env, extra, request_method, stdin, handle_errors)
def test_update_paragraph_order(self, browser): self.login(self.dossier_responsible, browser=browser) self.assertEquals( ['paragraphtemplate-1', 'paragraphtemplate-2', 'paragraphtemplate-3'], self.meeting_template.objectIds()) for item in self.meeting_template.objectIds(): self.assertIsInstance(item, str) new_order = ['paragraphtemplate-2', 'paragraphtemplate-1', 'paragraphtemplate-3'] browser.open(self.meeting_template, view='update_content_order', data={ 'sortOrder': json.dumps(new_order), '_authenticator': createToken(), }) statusmessages.assert_no_error_messages() self.assertEquals( new_order, [paragraph.getId() for paragraph in self.meeting_template.get_paragraphs()]) for item in self.meeting_template.objectIds(): self.assertIsInstance(item, str)
def get_base_payloads(self): # Require an authenticated user if not api.user.is_anonymous(): documents = OrderedDict() for uuid in self.uuids: document = api.content.get(UID=uuid) if self.document_is_valid(document): documents[uuid] = document else: # Fail per default raise Forbidden if documents: payloads = [] for uuid, document in documents.items(): payloads.append( { 'csrf-token': createToken(), 'document-url': document.absolute_url(), 'document': document, 'uuid': uuid, } ) return payloads # Fail per default raise NotFound
def test_dossier_save_comments_endpoint(self, browser): payload = '{"comments": "New comment"}' browser.login().visit(self.dossier) browser.visit(self.dossier, view='save_comments', data={ 'data': payload, '_authenticator': createToken() }) dossier_data = IDossier(self.dossier) self.assertEquals("New comment", dossier_data.comments) browser.exception_bubbling = True with self.assertRaises(KeyError): payload = '{"invalidkey": "New comment"}' browser.login().visit(self.dossier, view='save_comments', data={'data': payload}) query = {'SearchableText': 'New comment'} result = self.portal.portal_catalog(**query) self.assertEquals(1, len(result), 'Expect one result') self.assertEquals(self.dossier, result[0].getObject())
def test_sets_end_date_to_current_date(self, browser): with freeze(datetime(2016, 3, 29)): browser.login().open(self.dossier, view='transition-deactivate', data={'_authenticator': createToken()}) self.assertEqual(date(2016, 3, 29), IDossier(self.dossier).end)
def test_error_for_untrashable_documents(self, browser): trashable = create( Builder('document').within( self.dossier).titled(u'Trashable document')) untrashable = create( Builder('document').within( self.dossier).titled(u'Untrashable document')) # Remove trash permission from all users. Permission('opengever.trash: Trash content', [], untrashable).setRoles( ()) transaction.commit() data = { 'paths:list': [ '/'.join(trashable.getPhysicalPath()), '/'.join(untrashable.getPhysicalPath()) ], '_authenticator': createToken() } browser.login().open(self.dossier, view="trashed", data=data) self.assertEquals([u'the object Trashable document trashed'], info_messages()) self.assertEquals([u'Trashing Untrashable document is forbidden'], error_messages()) self.assertEquals('http://nohost/plone/dossier-1#documents', browser.url)
def test_proposal_is_decided_only_when_excerpt_is_returned(self, browser): self.login(self.committee_responsible, browser) self.assertEqual(Proposal.STATE_SUBMITTED, self.submitted_proposal.get_state()) agenda_item = self.schedule_proposal(self.meeting, self.submitted_proposal) self.assertEqual(Proposal.STATE_SCHEDULED, self.submitted_proposal.get_state()) browser.open(self.agenda_item_url(agenda_item, 'decide'), data={'_authenticator': createToken()}) self.assertEqual(Proposal.STATE_SCHEDULED, self.submitted_proposal.get_state()) browser.open(self.meeting, view='agenda_items/list') generate_excerpt_link = browser.json['items'][0][ 'generate_excerpt_link'] browser.open(generate_excerpt_link, send_authenticator=True, data={'excerpt_title': 'Excerption \xc3\x84nderungen'}) self.assertEqual(Proposal.STATE_SCHEDULED, self.submitted_proposal.get_state()) browser.open(self.meeting, view='agenda_items/list') return_excerpt_link = browser.json[u"items"][0]['excerpts'][0][ 'return_link'] browser.open(return_excerpt_link, send_authenticator=True) self.assertEqual(Proposal.STATE_DECIDED, self.submitted_proposal.get_state())
def get_base_payloads(self): # Require an authenticated user if api.user.is_anonymous(): raise Forbidden documents = [] for uuid in self.uuids: document = api.content.get(UID=uuid) if document and document.has_file(): documents.append(document) if not documents: raise NotFound payloads = [] for document in documents: payloads.append({ 'content-type': document.get_file().contentType, 'csrf-token': createToken(), 'document-url': document.absolute_url(), 'document': document, 'download': document.get_download_view_name(), 'filename': document.get_filename(), }) return payloads
def test_deleted_workspace_member_is_removed_as_watcher_from_all_todos( self, browser): self.login(self.workspace_admin, browser=browser) self.center.add_watcher_to_resource(self.todo, self.workspace_member.getId(), WORKSPACE_MEMBER_ROLE) watcher = self.center.fetch_watcher(self.workspace_member.getId()) subscriptions = watcher.subscriptions self.assertEqual(2, len(subscriptions)) expected = [(TODO_RESPONSIBLE_ROLE, self.assigned_todo), (WORKSPACE_MEMBER_ROLE, self.todo)] actual = [(subscription.role, subscription.resource.oguid.resolve_object()) for subscription in subscriptions] self.assertItemsEqual(expected, actual) browser.open(self.workspace.absolute_url() + '/manage-participants/delete', data={ 'token': self.workspace_member.getId(), 'type': 'user', '_authenticator': createToken() }) self.center.session.refresh(watcher) self.assertEqual([], watcher.subscriptions)
def test_add_invitiation(self, browser): self.login(self.workspace_admin, browser=browser) browser.open(self.workspace.absolute_url() + '/manage-participants/add', data={'userid': self.regular_user.getId(), 'role': 'WorkspaceGuest', '_authenticator': createToken()}) invitations = tuple(self.storage.iter_invitions_for_context(self.workspace)) self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.') invitations_in_response = filter( lambda entry: entry['type_'] == 'invitation', browser.json) self.assertEquals(1, len(invitations_in_response), 'Expect one invitation in response') self.assertDictEqual( {u'can_manage': True, u'token': invitations[0]['iid'], u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)', u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)', u'roles': [u'WorkspaceGuest'], u'type_': u'invitation'}, invitations_in_response[0])
def test_export(self): view.addViewTemplate('simple_test_type') default_script.addDefaultScript('simple_test_type', 'test_string_field') default_script.addDefaultScript('simple_test_type', 'test_integer_field') validator_script.addValidatorScript('simple_test_type', 'test_string_field') vocabulary_script.addVocabularyScript('simple_test_type', 'test_choice_field') request = self.layer['request'] form = request.form form['_authenticator'] = createToken() form['ctype'] = 'simple_test_type' export_view = self.portal.unrestrictedTraverse( '@@ambidexterity-export') rez = export_view() # check headers headers = request.response.headers self.assertEqual(headers['content-type'], 'application/zip') self.assertTrue(headers['content-disposition'].startswith( 'attachment; filename=ambidexterity-simple_test_type-')) # check content self.assertTrue(zipfile.is_zipfile(StringIO(rez)))
def test_officeconnector_reauth_does_not_checkout(self, browser): api.portal.set_registry_record( 'direct_checkout_and_edit_enabled', True, interface=IOfficeConnectorSettings) transaction.commit() # We cannot freeze time due to the test browser being threaded oc_url = create_oc_url( self.doc1.REQUEST, self.doc1, {'action': 'checkout'}) decoded_oc_url = jwt.decode(oc_url.split(':')[-1], verify=False) redirector_js = browser.login().open( self.doc1, view='checkout_documents' '?_authenticator={}&mode=external&reauth=1' .format(createToken()), ).css('script.redirector')[0].text tokens_from_js = [token for token in redirector_js.split("\'") if 'oc:' in token] self.assertEqual(3, len(tokens_from_js)) parsed_oc_url = tokens_from_js[0] decoded_parsed_oc_url = jwt.decode( parsed_oc_url.split(':')[-1], verify=False) # Take out the timestamps del decoded_oc_url['exp'] del decoded_parsed_oc_url['exp'] self.assertEqual(decoded_oc_url, decoded_parsed_oc_url) self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
def test_update_appraisal_for_multiple_dossiers_via_update_view( self, browser): repository2 = create(Builder('repository').within(self.root)) dossier3 = create( Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING). as_expired().within(repository2)) dossier4 = create( Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING). as_expired().within(repository2)) disposition = create( Builder('disposition').within(self.root).having( dossiers=[self.dossier1, self.dossier2, dossier3, dossier4])) intids = getUtility(IIntIds) dossier_ids = [ intids.getId(self.dossier1), intids.getId(dossier3), intids.getId(dossier4) ] browser.login().open(disposition, view='update_appraisal_view', data={ '_authenticator': createToken(), 'dossier-ids': json.dumps(dossier_ids), 'should_be_archived': json.dumps(True) }) self.assertTrue(IAppraisal(disposition).get(self.dossier1)) self.assertTrue(IAppraisal(disposition).get(dossier3)) self.assertTrue(IAppraisal(disposition).get(dossier4))
def get_checkout_url(self): if not self.has_file() or not self._is_checkout_and_edit_available(): return None return u'{}/editing_document?_authenticator={}'.format( self.context.absolute_url(), createToken())
def testAuthenticatedCustom(self): self.request['_authenticator'] = createToken('some-value') def func(REQUEST=self.request): return True self.assertEquals( protect(CustomCheckAuthenticator('some-value'))(func)(), True)
def test_multi_checkin_from_tabbedview_with_comment(self, browser): document2 = create(Builder("document").checked_out().within(self.dossier)) browser.login().open( self.dossier, data={ "paths": [obj2brain(self.document).getPath(), obj2brain(document2).getPath()], "checkin_documents:method": 1, "_authenticator": createToken(), }, ) # fill and submit checkin form browser.fill({"Journal Comment Describe, why you checkin the selected documents": "Checkini"}) browser.css("#form-buttons-button_checkin").first.click() manager1 = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals(None, manager1.get_checked_out_by()) manager2 = getMultiAdapter((document2, self.portal.REQUEST), ICheckinCheckoutManager) self.assertEquals(None, manager2.get_checked_out_by()) # check last history entry to verify the checkin repository_tool = getToolByName(document2, "portal_repository") history = repository_tool.getHistory(document2) last_entry = repository_tool.retrieve(document2, len(history) - 1) self.assertEquals("Checkini", last_entry.comment)
def test_decide_agenda_item_creates_locked_excerpt_in_dossier( self, browser): self.setup_excerpt_template() proposal = self.setup_proposal() # schedule view = 'unscheduled_proposals/{}/schedule'.format( proposal.load_model().proposal_id) browser.login().open(self.meeting_wrapper, view=view) agenda_item = AgendaItem.query.first() browser.login().open(self.meeting_wrapper, view='agenda_items/{}/decide'.format( agenda_item.agenda_item_id), data={'_authenticator': createToken()}) agenda_item = AgendaItem.query.first() # refresh proposal = agenda_item.proposal excerpt_in_dossier = proposal.excerpt_document.resolve_document() lockable = ILockable(excerpt_in_dossier) self.assertTrue(lockable.locked()) self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK)) browser.open(excerpt_in_dossier) self.assertEqual( u'This document is a copy of the excerpt Fooo - ' u'C\xf6mmunity meeting from the meeting C\xf6mmunity ' u'meeting and cannot be edited directly.', info_messages()[0]) message_links = browser.css('.portalMessage.info a') self.assertEqual( 'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3', message_links[0].get('href')) self.assertEqual( 'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view', message_links[1].get('href'))
def test_reopen_agenda_item(self, browser): proposal = create( Builder('proposal').within(self.dossier).having( committee=self.committee.load_model()).as_submitted()) proposal.load_model().workflow_state = 'decided' item = create( Builder('agenda_item').having(title=u'foo', meeting=self.meeting, workflow_state='decided', proposal=proposal.load_model())) browser.login().open(self.meeting_wrapper, view='agenda_items/{}/reopen'.format( item.agenda_item_id), data={'_authenticator': createToken()}) self.assertEquals(AgendaItem.STATE_REVISION, AgendaItem.query.first().get_state()) self.assertEquals(Proposal.STATE_DECIDED, Proposal.query.first().get_state()) self.assertEquals([{ u'message': u'Agenda Item successfully reopened.', u'messageClass': u'info', u'messageTitle': u'Information' }], browser.json.get('messages'))
def test_reopen_agenda_item(self, browser): proposal = create(Builder('proposal') .within(self.dossier) .having(committee=self.committee.load_model()) .as_submitted()) proposal.load_model().workflow_state = 'decided' item = create(Builder('agenda_item').having( title=u'foo', meeting=self.meeting, workflow_state='decided', proposal=proposal.load_model())) browser.login().open( self.meeting_wrapper, view='agenda_items/{}/reopen'.format(item.agenda_item_id), data={'_authenticator': createToken()}) self.assertEquals(AgendaItem.STATE_REVISION, AgendaItem.query.first().get_state()) self.assertEquals(Proposal.STATE_DECIDED, Proposal.query.first().get_state()) self.assertEquals([{u'message': u'Agenda Item successfully reopened.', u'messageClass': u'info', u'messageTitle': u'Information'}], browser.json.get('messages'))
def test_multi_checkin_shows_message_when_no_documents_are_selected(self, browser): self.login(self.regular_user, browser) browser.open( self.dossier, data={ 'paths': [], 'checkin_without_comment:method': 1, '_authenticator': createToken(), }, ) self.assertEquals( ['You have not selected any documents.'], error_messages(), ) redirect_target_url = ''.join(( self.dossier.absolute_url(), '#documents' )) self.assertEquals( redirect_target_url, browser.url, ) browser.open( self.dossier, data={ 'paths': [], 'checkin_documents:method': 1, '_authenticator': createToken(), }, ) browser.click_on('Checkin') self.assertEquals( ['You have not selected any documents.'], error_messages(), ) self.assertIn( redirect_target_url, browser.url, )
def test_current_user_cannot_remove_its_local_roles(self, browser): self.login(self.workspace_admin, browser=browser) with browser.expect_http_error(400): browser.open(self.workspace.absolute_url() + '/manage-participants/delete', data={'token': self.workspace_admin.getId(), 'type': 'user', '_authenticator': createToken()})
def test_redirects_to_document_itself_when_view_is_called_on_a_document(self, browser): doc = create(Builder('document').within(self.dossier).checked_out()) browser.login().open(doc, {'_authenticator': createToken()}, view='cancel_document_checkouts', ) self.assertEquals(doc, browser.context) self.assertEquals([u'Cancel checkout: Testdokum\xe4nt'], info_messages())
def test_do_not_allow_modifying_the_WorkspaceOwnerRole(self, browser): self.login(self.workspace_admin, browser=browser) with browser.expect_http_error(400): browser.open(self.workspace.absolute_url() + '/manage-participants/modify', data={'token': self.workspace_owner.getId(), 'type': 'user', 'role': 'WorkspaceAdmin', '_authenticator': createToken()})
def test_browser_revert_view_raises_unauthorized_when_revert_disallowed(self, browser): self.manager.checkout() transaction.commit() with browser.expect_unauthorized(): browser.login().open( self.document, view='revert-file-to-version?version_id=2&_authenticator={}' .format(createToken()))
def test_cannot_accept_invitation_of_other_users(self, browser): self.login(self.workspace_admin, browser=browser) foreign_iid = tuple(self.storage.iter_invitions_for_context( self.workspace))[0]['iid'] with browser.expect_http_error(400): browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept', data={'iid': foreign_iid, '_authenticator': createToken()})
def test_can_only_modify_workspace_roles(self, browser): self.login(self.workspace_admin, browser=browser) with browser.expect_http_error(403): browser.open(self.workspace.absolute_url() + '/manage-participants/modify', data={'token': self.regular_user.getId(), 'role': 'Contributor', 'type': 'user', '_authenticator': createToken()})
def test_cannot_modify_inexisting_user(self, browser): self.login(self.workspace_admin, browser=browser) with browser.expect_http_error(400): browser.open(self.workspace.absolute_url() + '/manage-participants/modify', data={'token': self.regular_user.getId(), 'role': 'WorkspaceMember', 'type': 'user', '_authenticator': createToken()})
def test_decide_ad_hoc_agenda_item_generates_numbers(self, browser): self.login(self.committee_responsible, browser) agenda_item = self.schedule_ad_hoc(self.meeting, 'Gugus') browser.open(self.agenda_item_url(agenda_item, 'decide'), data={'_authenticator': createToken()}) self.assertEqual(2, agenda_item.decision_number) self.assertEqual(2, self.meeting.model.meeting_number)
def test_shows_message_when_checkout_cant_be_cancelled(self, browser): doc = create(Builder('document').within(self.dossier)) browser.login().open(doc, {'_authenticator': createToken()}, view='cancel_document_checkouts', ) self.assertEquals( [u'Could not cancel checkout on document Testdokum\xe4nt.'], error_messages())