def test_group_permissions_from_workspace_recursive_transitive(self): """ Johndoe is member in Workspace A, Janeschmo is member in Workspace B, Workspace A is member in Workspace B, Workspace B is member in Workspace C, Workspace C is member in Workspace A: => Johndoe can access all workspaces => Janeschmo can access all workspaces """ self.login_as_portal_owner() # john is already in A # Add Jane to B. self.add_user_to_workspace( 'janeschmo', self.workspace_b, ) # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) # the group workspace-b gets added as member to workspace-c self.add_user_to_workspace( 'workspace-b', self.workspace_c, ) # make c private instead of secret, so it can be added api.content.transition(self.workspace_c, 'make_private') # the group workspace-c gets added as member to workspace-a self.add_user_to_workspace( 'workspace-c', self.workspace_a, ) obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-c', 'admin', 'johndoe']), "Workspace A membership incorrect") obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin', 'janeschmo']), "Workspace B membership incorrect") obj = IGroup(self.workspace_c) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-b', 'admin']), "Workspace C membership incorrect") self.logout() # johndoe can now access all 3 workspaces self.login('johndoe') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.traverse_to_item(self.workspace_c) self.logout() # janeschmo can also access all 3 workspaces self.login('janeschmo') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.traverse_to_item(self.workspace_c)
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the Classification content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName wf = getToolByName(self.classification, 'portal_workflow') #adapt to IGroup g = IGroup(self.classification) #group title is the content object title self.classification.setTitle('New Title') self.failUnless( g.Title() == 'New Title', "IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.classification.Title(), g.Title())) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless( g.getGroupId() == self.classification.getId(), "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.classification.getId(), g.getGroupId())) #members are obtained correctly, regardless of how the classification was added #added from person object self.person.setClassifications((self.classification, )) self.person2.setClassifications((self.classification, )) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456'], "incorrect member list: %s" % members) #clear the list self.classification.setPeople(()) self.failIf( self.classification.getPeople(), "there are still people listed in this classification: %s" % self.classification.getPeople()) #added from classification object self.classification.setPeople((self.person, self.person2)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456'], "incorrect member list: %s" % members) #deactivate group and verify emptiness wf.doActionFor(self.classification, 'deactivate') members = list(g.getGroupMembers()) members.sort() self.failUnless( members == [], "deactivated group has non-empty member list: %s" % members)
def test_group_permissions_from_workspace(self): """ Johndoe is member in Workspace A, Workspace A is member in Workspace B => Johndoe can access Workspace B """ self.login('johndoe') # johndoe cannot access workspace-b with self.assertRaises(Unauthorized): self.traverse_to_item(self.workspace_b) self.logout() self.login_as_portal_owner() # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin'])) self.logout() # johndoe can now access workspace-b self.login('johndoe') self.traverse_to_item(self.workspace_b) self.logout() # but janeschmo still cannot self.login('janeschmo') with self.assertRaises(Unauthorized): self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName fsd = self.getPopulatedDirectory() wf = getToolByName(fsd,'portal_workflow') #adapt to IGroup g = IGroup(fsd) #group title is the content object title fsd.setTitle("My FSD") self.failUnless(g.Title()=="My FSD") #roles are set on the object, but only available when object is published fsd.setRoles(('Reviewer',)) # at first, object is 'visible', but not published, roles should be empty self.failIf('Reviewer' in g.getRoles(),"roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state'))) #publish object wf.doActionFor(fsd,'publish') # now check again, role should be there self.failUnless('Reviewer' in g.getRoles(),"Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd,'review_state'))) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless(g.getGroupId()==fsd.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId())) #members are obtained correctly self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person") self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons") self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage") members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456','ghi789'],"incorrect member list: %s" % members)
def test_group_permissions_from_workspace_recursive(self): """ Johndoe is member in Workspace A, Janeschmo is member in Workspace B, Workspace A is member in Workspace B, Workspace B is member in Workspace A: => Johndoe can access both workspaces => Janeschmo can access both workspaces """ self.login_as_portal_owner() # john is already in A # Add Jane to B. self.add_user_to_workspace( 'janeschmo', self.workspace_b, ) # the group workspace-a gets added as member to workspace-b self.add_user_to_workspace( 'workspace-a', self.workspace_b, ) # the group workspace-b gets added as member to workspace-a self.add_user_to_workspace( 'workspace-b', self.workspace_a, ) obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-b', 'admin', 'johndoe']), "Workspace A membership incorrect") obj = IGroup(self.workspace_b) self.assertEqual(set(obj.getGroupMembers()), set(['workspace-a', 'admin', 'janeschmo']), "Workspace B membership incorrect") self.logout() # johndoe can now access workspace-a and workspace-b self.login('johndoe') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b) self.logout() # janeschmo can also access both workspaces self.login('janeschmo') self.traverse_to_item(self.workspace_a) self.traverse_to_item(self.workspace_b)
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the Classification content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName wf = getToolByName(self.committee,'portal_workflow') #adapt to IGroup g = IGroup(self.committee) #group title is the content object title self.committee.setTitle('New Title') self.failUnless(g.Title()=='New Title',"IGroup.getTitle is not finding the correct title:\nexpected: %s\nfound: %s" % (self.committee.Title(),g.Title())) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless(g.getGroupId()==self.committee.getId(),"getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (self.committee.getId(), g.getGroupId())) #members are obtained correctly, regardless of how the classification was added #added from person object self.person.setCommittees((self.committee,)) self.person2.setCommittees((self.committee,)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456'], "incorrect member list: %s" % members) #clear the list self.committee.setMembers(()); self.failIf(self.committee.getMembers(), "there are still people listed in this committee: %s" % self.committee.getMembers()) #added from classification object self.committee.setMembers((self.person,self.person2)) members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123','def456'], "incorrect member list: %s" % members) #deactivate group and verify emptiness wf.doActionFor(self.committee,'deactivate') members = list(g.getGroupMembers()) members.sort() self.failUnless(members == [],"deactivated group has non-empty member list: %s" % members)
def test_workgroup_security(self): ''' Check if that a workgroup assigned to a workspace allows his members to see the workspace ''' group = IGroup(self.workspace) self.assertSetEqual( set(group.getGroupMembers()), {'test_user_1_', 'Test workgroup'}, ) self.assertTrue( api.user.has_permission('View', user=self.userprofile, obj=self.workspace))
def testIGroupAdapter(self): """Verify all methods of the IGroup adapter to the FacultyStaffDirectory content type """ from Products.membrane.interfaces import IGroup from Products.CMFCore.utils import getToolByName fsd = self.getPopulatedDirectory() wf = getToolByName(fsd, 'portal_workflow') #adapt to IGroup g = IGroup(fsd) #group title is the content object title fsd.setTitle("My FSD") self.failUnless(g.Title() == "My FSD") #roles are set on the object, but only available when object is published fsd.setRoles(('Reviewer', )) # at first, object is 'visible', but not published, roles should be empty self.failIf( 'Reviewer' in g.getRoles(), "roles are active, but content unpublished\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd, 'review_state'))) #publish object wf.doActionFor(fsd, 'publish') # now check again, role should be there self.failUnless( 'Reviewer' in g.getRoles(), "Roles not active, but content published\nRoles: %s\nReviewState: %s" % (g.getRoles(), wf.getInfoFor(fsd, 'review_state'))) # group id is set on content object, uniqueness is enforced elsewhere self.failUnless( g.getGroupId() == fsd.getId(), "getGroupId returning incorrect value:\nExpected: %s\nReceived: %s" % (fsd.getId(), g.getGroupId())) #members are obtained correctly self.person1 = self.getPerson(id='abc123', firstName="Test", lastName="Person") self.person2 = self.getPerson(id='def456', firstName="Testy", lastName="Persons") self.person3 = self.getPerson(id='ghi789', firstName="Tester", lastName="Personage") members = list(g.getGroupMembers()) members.sort() self.failUnless(members == ['abc123', 'def456', 'ghi789'], "incorrect member list: %s" % members)
def test_basic_group_membership(self): obj = IGroup(self.workspace_a) self.assertEqual(set(obj.getGroupMembers()), set(['johndoe', 'admin']))