def test_group_permissions_from_workspace_recursive_transitive(self):
"""
Johndoe is member in Workspace A,
Janeschmo is member in Workspace B,
Workspace A is member in Workspace B,
Workspace B is member in Workspace C,
Workspace C is member in Workspace A:
=> Johndoe can access all workspaces
=> Janeschmo can access all workspaces
"""
self.login_as_portal_owner()
# john is already in A
# Add Jane to B.
self.add_user_to_workspace(
'janeschmo',
self.workspace_b,
)
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
# the group workspace-b gets added as member to workspace-c
self.add_user_to_workspace(
'workspace-b',
self.workspace_c,
)
# make c private instead of secret, so it can be added
api.content.transition(self.workspace_c, 'make_private')
# the group workspace-c gets added as member to workspace-a
self.add_user_to_workspace(
'workspace-c',
self.workspace_a,
)
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-c', 'admin', 'johndoe']),
"Workspace A membership incorrect")
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin', 'janeschmo']),
"Workspace B membership incorrect")
obj = IGroup(self.workspace_c)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-b', 'admin']),
"Workspace C membership incorrect")
self.logout()
# johndoe can now access all 3 workspaces
self.login('johndoe')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.traverse_to_item(self.workspace_c)
self.logout()
# janeschmo can also access all 3 workspaces
self.login('janeschmo')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.traverse_to_item(self.workspace_c)
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the Classification content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
wf = getToolByName(self.classification, 'portal_workflow')
#adapt to IGroup
g = IGroup(self.classification)
#group title is the content object title
self.classification.setTitle('New Title')
self.failUnless(
g.Title() == 'New Title',
"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s"
% (self.classification.Title(), g.Title()))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(
g.getGroupId() == self.classification.getId(),
"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
% (self.classification.getId(), g.getGroupId()))
#members are obtained correctly, regardless of how the classification was added
#added from person object
self.person.setClassifications((self.classification, ))
self.person2.setClassifications((self.classification, ))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456'],
"incorrect member list: %s" % members)
#clear the list
self.classification.setPeople(())
self.failIf(
self.classification.getPeople(),
"there are still people listed in this classification: %s" %
self.classification.getPeople())
#added from classification object
self.classification.setPeople((self.person, self.person2))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456'],
"incorrect member list: %s" % members)
#deactivate group and verify emptiness
wf.doActionFor(self.classification, 'deactivate')
members = list(g.getGroupMembers())
members.sort()
self.failUnless(
members == [],
"deactivated group has non-empty member list: %s" % members)
def test_group_permissions_from_workspace(self):
"""
Johndoe is member in Workspace A,
Workspace A is member in Workspace B
=> Johndoe can access Workspace B
"""
self.login('johndoe')
# johndoe cannot access workspace-b
with self.assertRaises(Unauthorized):
self.traverse_to_item(self.workspace_b)
self.logout()
self.login_as_portal_owner()
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin']))
self.logout()
# johndoe can now access workspace-b
self.login('johndoe')
self.traverse_to_item(self.workspace_b)
self.logout()
# but janeschmo still cannot
self.login('janeschmo')
with self.assertRaises(Unauthorized):
self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
fsd = self.getPopulatedDirectory()
wf = getToolByName(fsd,'portal_workflow')
#adapt to IGroup
g = IGroup(fsd)
#group title is the content object title
fsd.setTitle("My FSD")
self.failUnless(g.Title()=="My FSD")
#roles are set on the object, but only available when object is published
fsd.setRoles(('Reviewer',))
# at first, object is 'visible', but not published, roles should be empty
self.failIf('Reviewer' in g.getRoles(),"roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
#publish object
wf.doActionFor(fsd,'publish')
# now check again, role should be there
self.failUnless('Reviewer' in g.getRoles(),"Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state')))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(g.getGroupId()==fsd.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId()))
#members are obtained correctly
self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person")
self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons")
self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage")
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456','ghi789'],"incorrect member list: %s" % members)
def test_group_permissions_from_workspace_recursive(self):
"""
Johndoe is member in Workspace A,
Janeschmo is member in Workspace B,
Workspace A is member in Workspace B,
Workspace B is member in Workspace A:
=> Johndoe can access both workspaces
=> Janeschmo can access both workspaces
"""
self.login_as_portal_owner()
# john is already in A
# Add Jane to B.
self.add_user_to_workspace(
'janeschmo',
self.workspace_b,
)
# the group workspace-a gets added as member to workspace-b
self.add_user_to_workspace(
'workspace-a',
self.workspace_b,
)
# the group workspace-b gets added as member to workspace-a
self.add_user_to_workspace(
'workspace-b',
self.workspace_a,
)
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-b', 'admin', 'johndoe']),
"Workspace A membership incorrect")
obj = IGroup(self.workspace_b)
self.assertEqual(set(obj.getGroupMembers()),
set(['workspace-a', 'admin', 'janeschmo']),
"Workspace B membership incorrect")
self.logout()
# johndoe can now access workspace-a and workspace-b
self.login('johndoe')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
self.logout()
# janeschmo can also access both workspaces
self.login('janeschmo')
self.traverse_to_item(self.workspace_a)
self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the Classification content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
wf = getToolByName(self.committee,'portal_workflow')
#adapt to IGroup
g = IGroup(self.committee)
#group title is the content object title
self.committee.setTitle('New Title')
self.failUnless(g.Title()=='New Title',"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.committee.Title(),g.Title()))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(g.getGroupId()==self.committee.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.committee.getId(), g.getGroupId()))
#members are obtained correctly, regardless of how the classification was added
#added from person object
self.person.setCommittees((self.committee,))
self.person2.setCommittees((self.committee,))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456'],
"incorrect member list: %s" % members)
#clear the list
self.committee.setMembers(());
self.failIf(self.committee.getMembers(),
"there are still people listed in this committee: %s" % self.committee.getMembers())
#added from classification object
self.committee.setMembers((self.person,self.person2))
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123','def456'],
"incorrect member list: %s" % members)
#deactivate group and verify emptiness
wf.doActionFor(self.committee,'deactivate')
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == [],"deactivated group has non-empty member list: %s" % members)
def test_workgroup_security(self):
''' Check if that a workgroup assigned to a workspace allows his
members to see the workspace
'''
group = IGroup(self.workspace)
self.assertSetEqual(
set(group.getGroupMembers()),
{'test_user_1_', 'Test workgroup'},
)
self.assertTrue(
api.user.has_permission('View',
user=self.userprofile,
obj=self.workspace))
def testIGroupAdapter(self):
"""Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type
"""
from Products.membrane.interfaces import IGroup
from Products.CMFCore.utils import getToolByName
fsd = self.getPopulatedDirectory()
wf = getToolByName(fsd, 'portal_workflow')
#adapt to IGroup
g = IGroup(fsd)
#group title is the content object title
fsd.setTitle("My FSD")
self.failUnless(g.Title() == "My FSD")
#roles are set on the object, but only available when object is published
fsd.setRoles(('Reviewer', ))
# at first, object is 'visible', but not published, roles should be empty
self.failIf(
'Reviewer' in g.getRoles(),
"roles are active, but content unpublished\nRoles: %s\nReviewState: %s"
% (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))
#publish object
wf.doActionFor(fsd, 'publish')
# now check again, role should be there
self.failUnless(
'Reviewer' in g.getRoles(),
"Roles not active, but content published\nRoles: %s\nReviewState: %s"
% (g.getRoles(), wf.getInfoFor(fsd, 'review_state')))
# group id is set on content object, uniqueness is enforced elsewhere
self.failUnless(
g.getGroupId() == fsd.getId(),
"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s"
% (fsd.getId(), g.getGroupId()))
#members are obtained correctly
self.person1 = self.getPerson(id='abc123',
firstName="Test",
lastName="Person")
self.person2 = self.getPerson(id='def456',
firstName="Testy",
lastName="Persons")
self.person3 = self.getPerson(id='ghi789',
firstName="Tester",
lastName="Personage")
members = list(g.getGroupMembers())
members.sort()
self.failUnless(members == ['abc123', 'def456', 'ghi789'],
"incorrect member list: %s" % members)
def test_basic_group_membership(self):
obj = IGroup(self.workspace_a)
self.assertEqual(set(obj.getGroupMembers()), set(['johndoe', 'admin']))
