def test_closing_direct_execution_task_does_not_revoke_roles_if_revoke_permission_is_false( self, browser): self.login(self.regular_user, browser=browser) self.subtask.revoke_permissions = False self.subtask.task_type = 'direct-execution' self.subtask.sync() self.set_workflow_state('task-state-in-progress', self.subtask) # close browser.open(self.subtask, view='tabbedview_view-overview') browser.click_on('task-transition-in-progress-tested-and-closed') browser.click_on('Save') storage = RoleAssignmentManager(self.subtask).storage self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': self.regular_user.id }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': 'fa_inbox_users' }], storage._storage())
def test_closing_does_not_revoke_roles_on_task_if_revoke_permission_is_false(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-tested-and-closed', self.subtask) self.set_workflow_state('task-state-resolved', self.task) self.task.revoke_permissions = False storage = RoleAssignmentManager(self.task).storage self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'kathi.barfuss'}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'fa_inbox_users'}], storage._storage()) # close browser.open(self.task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.fill({'Response': 'Done!'}) browser.click_on('Save') self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'kathi.barfuss'}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'fa_inbox_users'}], storage._storage())
def test_closing_a_task_revokes_responsible_roles_on_related_documents(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-tested-and-closed', self.subtask) self.set_workflow_state('task-state-resolved', self.task) storage = RoleAssignmentManager(self.document).storage expected_oguids = [ Oguid.for_object(task).id for task in ( self.task, self.task, self.subtask, self.subtask, self.info_task, self.info_task, self.private_task, self.inbox_task) ] self.assertEqual( expected_oguids, [item.get('reference') for item in storage._storage()], ) # close browser.open(self.task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.fill({'Response': 'Done!'}) browser.click_on('Save') expected_oguids = [ Oguid.for_object(task).id for task in (self.subtask, self.subtask, self.info_task, self.info_task, self.private_task, self.inbox_task) ] self.assertEqual( expected_oguids, [item.get('reference') for item in storage._storage()], )
def test_closing_a_task_revokes_responsible_roles_on_task(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-tested-and-closed', self.subtask) self.set_workflow_state('task-state-resolved', self.task) storage = RoleAssignmentManager(self.task).storage self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'kathi.barfuss' }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task), 'principal': 'fa_inbox_users' }], storage._storage()) # close browser.open(self.task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.fill({'Response': 'Done!'}) browser.click_on('Save') self.assertEqual([], storage._storage())
def test_returns_serialized_assignments(self, browser): self.login(self.secretariat_user, browser=browser) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update(self.regular_user.id, ['Editor'], ASSIGNMENT_VIA_TASK, reference=self.task) manager.add_or_update(self.regular_user.id, ['Reader'], ASSIGNMENT_VIA_TASK_AGENCY) browser.open(self.empty_dossier, view='@role-assignments/{}'.format(self.regular_user.id), method='Get', headers={'Accept': 'application/json'}) self.assertEquals( [{u'cause': { u'id': ASSIGNMENT_VIA_TASK, u'title': u'By task'}, u'roles': [u'Editor'], u'reference': { u'url': self.task.absolute_url(), u'title': self.task.title}, u'principal': u'kathi.barfuss'}, {u'cause': { u'id': ASSIGNMENT_VIA_TASK_AGENCY, u'title': u'By task agency'}, u'roles': [u'Reader'], u'reference': None, u'principal': u'kathi.barfuss'}], browser.json)
def test_does_not_preserve_local_roles_from_committee_group(self, browser): assignment_type = ASSIGNMENT_VIA_COMMITTEE_GROUP assignment_class = RoleAssignment.registry[assignment_type] self.login(self.administrator, browser=browser) manager = RoleAssignmentManager(self.subdossier) manager.add_or_update_assignment( assignment_class(self.regular_user.id, ['Reader', 'Editor', 'Contributor'], self.committee)) manager = RoleAssignmentManager(self.subdossier) assignments = manager.get_assignments_by_cause(assignment_type) self.assertEqual(1, len(assignments)) browser.open(self.dossier, data=self.make_path_param(self.subdossier), view="copy_items") with self.observe_children(self. empty_repofolder) as children: browser.open(self.empty_repofolder) browser.click_on('Paste') self.assertEqual(1, len(children.get('added'))) subdossier_copy = children.get('added').pop() manager = RoleAssignmentManager(subdossier_copy) assignments = manager.get_assignments_by_cause(assignment_type) self.assertEqual(0, len(assignments), "{} should not get copied".format(assignment_class))
def test_preserves_local_roles_from_invitation(self, browser): assignment_type = ASSIGNMENT_VIA_INVITATION assignment_class = RoleAssignment.registry[assignment_type] self.login(self.administrator, browser=browser) manager = RoleAssignmentManager(self.subdossier) manager.add_or_update_assignment( assignment_class(self.regular_user.id, ['Reader', 'Editor', 'Contributor'], self.workspace)) manager = RoleAssignmentManager(self.subdossier) assignments = manager.get_assignments_by_cause(assignment_type) self.assertEqual(1, len(assignments)) browser.open(self.dossier, data=self.make_path_param(self.subdossier), view="copy_items") with self.observe_children(self. empty_repofolder) as children: browser.open(self.empty_repofolder) browser.click_on('Paste') self.assertEqual(1, len(children.get('added'))) subdossier_copy = children.get('added').pop() manager = RoleAssignmentManager(subdossier_copy) assignments = manager.get_assignments_by_cause(assignment_type) self.assertEqual(1, len(assignments), "{} should get copied".format(assignment_class)) assignment = assignments[0] expected_assignment = {'cause': assignment_type, 'roles': ['Reader', 'Editor', 'Contributor'], 'reference': Oguid.for_object(self.workspace).id, 'principal': self.regular_user.id} self.assertEqual(expected_assignment, assignment)
def test_skip_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser): self.login(self.secretariat_user, browser=browser) self.seq_subtask_2.revoke_permissions = False storage = RoleAssignmentManager(self.seq_subtask_2).storage self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'kathi.barfuss'}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'fa_inbox_users'}], storage._storage()) # skip browser.open(self.seq_subtask_2, view='tabbedview_view-overview') browser.click_on('task-transition-planned-skipped') browser.click_on('Save') self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'kathi.barfuss'}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'fa_inbox_users'}], storage._storage())
def test_error_when_no_access_to_meeting_dossier(self, browser): with self.login(self.administrator): RoleAssignmentManager( self.committee_container).add_or_update_assignment( SharingRoleAssignment(self.regular_user.getId(), ['Reader'])) RoleAssignmentManager(self.committee).add_or_update_assignment( SharingRoleAssignment(self.regular_user.getId(), ['CommitteeResponsible', 'Editor'])) # Let regular_user have no access to meeting_dossier self.meeting_dossier.__ac_local_roles_block__ = True agenda_item = self.schedule_proposal(self.meeting, self.submitted_proposal) agenda_item.decide() self.login(self.regular_user, browser) with browser.expect_http_error(code=403): browser.open( self.agenda_item_url(agenda_item, 'generate_excerpt'), data={'excerpt_title': 'Excerption \xc3\x84nderungen'}) expected_messages = { u'messages': [{ u'messageTitle': u'Error', u'message': u'Insufficient privileges to add a document to the meeting dossier.', u'messageClass': u'error', }], } self.assertEquals(expected_messages, browser.json)
def test_remove_role_assignments_and_updates_local_roles(self, browser): self.login(self.administrator, browser=browser) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update_assignment( SharingRoleAssignment( self.regular_user.id, ['Reader', 'Editor', 'Contributor'])) data = json.dumps({ "entries": [ {"id": self.regular_user.id, "roles": {"Contributor": False, "Editor": False, "Reader": False, "Reviewer": False, "Publisher": False}, "type": "user"}, ], "inherit": True}) browser.open(self.empty_dossier, data, view='@sharing', method='POST', headers={'Accept': 'application/json', 'Content-Type': 'application/json'}) self.assertEquals( (('robert.ziegler', ('Owner',)),), self.empty_dossier.get_local_roles()) self.assertEquals( [], RoleAssignmentManager(self.empty_dossier).storage._storage())
def test_skip_task_does_not_revoke_roles_if_revoke_permission_is_false( self, browser): self.login(self.secretariat_user, browser=browser) self.seq_subtask_2.revoke_permissions = False storage = RoleAssignmentManager(self.seq_subtask_2).storage self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'kathi.barfuss' }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'fa_inbox_users' }], storage._storage()) # skip browser.open(self.seq_subtask_2, view='tabbedview_view-overview') browser.click_on('task-transition-planned-skipped') browser.click_on('Save') self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'kathi.barfuss' }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.seq_subtask_2), 'principal': 'fa_inbox_users' }], storage._storage())
def test_status_message_shown_when_local_roles_on_subdossier_are_copied(self, browser): assignment_type = ASSIGNMENT_VIA_SHARING assignment_class = RoleAssignment.registry[assignment_type] self.login(self.administrator, browser=browser) browser.open(self.dossier, data=self.make_path_param(self.subdossier), view="copy_items") browser.open(self.empty_repofolder) browser.click_on('Paste') self.assertItemsEqual(info_messages(), ["Objects from clipboard successfully pasted."]) manager = RoleAssignmentManager(self.subsubdossier) manager.add_or_update_assignment( assignment_class(self.regular_user.id, ['Reader', 'Editor', 'Contributor'])) manager = RoleAssignmentManager(self.subsubdossier) assignments = manager.get_assignments_by_cause(assignment_type) self.assertEqual(1, len(assignments)) browser.open(self.dossier, data=self.make_path_param(self.subdossier), view="copy_items") browser.open(self.empty_repofolder) browser.click_on('Paste') self.assertItemsEqual(info_messages(), ["Some local roles were copied with the objects", "Objects from clipboard successfully pasted."])
def test_add_recursive_documents_and_subdossiers_local_roles( self, browser): self.login(self.regular_user, browser) RoleAssignmentManager( self.subdossiertemplate).add_or_update_assignment( SharingRoleAssignment(self.regular_user.getId(), ['Reader', 'Contributor', 'Editor'])) browser.open(self.leaf_repofolder) factoriesmenu.add('Dossier with template') token = browser.css( 'input[name="form.widgets.template"]').first.attrib.get('value') browser.fill({'form.widgets.template': token}).submit() browser.click_on('Save') dossier = browser.context self.assertEqual('Bauvorhaben klein', dossier.title) subdossier = dossier.listFolderContents()[1] self.assertEqual( [u'Werkst\xe4tte', u'Anfragen'], [obj.title for obj in dossier.listFolderContents()], "The content of the subdossiertemplate is not correct!") expected_role_assignments = [{ 'cause': 3, 'reference': None, 'roles': ['Reader', 'Contributor', 'Editor'], 'principal': 'kathi.barfuss', }] role_assignments = RoleAssignmentManager(subdossier).storage._storage() self.assertEqual(expected_role_assignments, role_assignments)
def test_only_users_of_current_admin_unit_are_found_by_search(self): self.login(self.workspace_admin) source = ActualWorkspaceMembersSource(self.workspace) admin_unit2 = create( Builder('admin_unit').id('additional').having(title='additional')) org_unit_3 = create( Builder('org_unit').id('org-unit-3').having( title=u"Org Unit 3", admin_unit=admin_unit2).with_default_groups()) peter = create( Builder('ogds_user').id('peter.meier').having( firstname='Peter', lastname='Meier').assign_to_org_units([org_unit_3])) RoleAssignmentManager(self.workspace).add_or_update( self.regular_user.id, ['WorkspaceGuest'], ASSIGNMENT_VIA_INVITATION) RoleAssignmentManager(self.workspace).add_or_update( peter.userid, ['WorkspaceGuest'], ASSIGNMENT_VIA_INVITATION) results = source.search(self.regular_user.id) self.assertEqual(1, len(results)) self.assertEqual(self.regular_user.id, results[0].value) # User from other admin_unit cannot be found results = source.search('peter.meier') self.assertEqual(0, len(results))
def test_closing_does_not_revoke_roles_on_related_documents_if_revoke_permission_is_false( self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-tested-and-closed', self.subtask) self.set_workflow_state('task-state-resolved', self.task) self.task.revoke_permissions = False storage = RoleAssignmentManager(self.document).storage expected_oguids = [ Oguid.for_object(task).id for task in (self.task, self.task, self.subtask, self.subtask, self.info_task, self.info_task, self.private_task, self.inbox_task) ] self.assertEqual( expected_oguids, [item.get('reference') for item in storage._storage()]) # close browser.open(self.task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.fill({'Response': 'Done!'}) browser.click_on('Save') self.assertEqual( expected_oguids, [item.get('reference') for item in storage._storage()])
def test_assign_updates_role_assignment_on_forwarding(self, browser): self.login(self.secretariat_user, browser) assignment_manager = RoleAssignmentManager(self.inbox_forwarding) assignments = assignment_manager.storage._storage() self.assertEqual(2, len(assignments)) assignment = assignments[0] self.assertEqual(ASSIGNMENT_VIA_TASK, assignment["cause"]) self.assertEqual(["Editor"], assignment["roles"]) self.assertEqual(self.regular_user.getId(), assignment["principal"]) browser.open(self.inbox_forwarding) browser.click_on('forwarding-transition-reassign') form = browser.find_form_by_field('Responsible') form.find_widget('Responsible').fill(self.secretariat_user) browser.click_on('Assign') assignment_manager = RoleAssignmentManager(self.inbox_forwarding) assignments = assignment_manager.storage._storage() self.assertEqual(2, len(assignments)) user_assignment, inbox_assignment = assignments self.assertEqual(ASSIGNMENT_VIA_TASK, user_assignment["cause"]) self.assertEqual(["Editor"], user_assignment["roles"]) self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"]) self.assertEqual(ASSIGNMENT_VIA_TASK_AGENCY, inbox_assignment["cause"]) self.assertEqual(["Editor"], inbox_assignment["roles"]) self.assertEqual(u'fa_inbox_users', inbox_assignment["principal"])
def test_local_roles_assigned_properly_when_creating_forwarding(self): self.login(self.secretariat_user) self.forwarding = create( Builder('forwarding') .within(self.inbox) .titled(u'Test forwarding') .having(responsible_client='fa', responsible=self.secretariat_user.getId(), issuer=self.secretariat_user.getId()) .relate_to(self.inbox_document)) # Editor role is granted to forwarding responsible assignment_manager = RoleAssignmentManager(self.forwarding) assignments = assignment_manager.storage._storage() self.assertEqual(2, len(assignments)) user_assignment, inbox_assignment = assignments self.assertEqual(ASSIGNMENT_VIA_TASK, user_assignment["cause"]) self.assertEqual(["Editor"], user_assignment["roles"]) self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"]) self.assertEqual(ASSIGNMENT_VIA_TASK_AGENCY, inbox_assignment["cause"]) self.assertEqual(["Editor"], inbox_assignment["roles"]) self.assertEqual(self.secretariat_user.getId(), user_assignment["principal"]) # No role assignments on contained objects as they already # inherit from the forwarding inbox_document, = self.forwarding.listFolderContents() assignment_manager = RoleAssignmentManager(inbox_document) assignments = assignment_manager.storage._storage() self.assertEqual(0, len(assignments))
def update_role_settings(self): assignments = [] for principal, roles in self.generate_role_settings().items(): assignments.append(ProtectDossierRoleAssignment(principal, roles)) if assignments: manager = RoleAssignmentManager(self.context) manager.reset(assignments)
def reply(self): principal_id = self.read_params() manager = RoleAssignmentManager(self.context) assignments = manager.get_assignments_by_principal_id(principal_id) return [assignment.serialize() for assignment in assignments if assignment.cause != ASSIGNMENT_VIA_SHARING]
def test_role_assignmets_on_tasks_with_inbox_agency(self): self.login(self.regular_user) self.add_additional_org_unit() document = create( Builder('document').within( self.empty_dossier).titled(u'Vertr\xe4gsentwurf')) task = create( Builder('task').within(self.empty_dossier). titled(u'Vertragsentwurf \xdcberpr\xfcfen').having( responsible_client='fa', responsible=self.regular_user.getId(), issuer=self.dossier_responsible.getId(), task_type='correction', deadline=date( 2016, 11, 1)).in_state('task-state-in-progress').relate_to(document)) self.assertItemsEqual([{ 'principal': self.regular_user.id, 'roles': ['Editor'], 'cause': ASSIGNMENT_VIA_TASK, 'reference': Oguid.for_object(task).id }, { 'principal': u'fa_inbox_users', 'roles': ['Editor'], 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'reference': Oguid.for_object(task).id }], RoleAssignmentManager(task).storage._storage()) self.assertItemsEqual( [{ 'principal': self.regular_user.id, 'roles': ['Reader', 'Editor'], 'cause': ASSIGNMENT_VIA_TASK, 'reference': Oguid.for_object(task).id }, { 'principal': u'fa_inbox_users', 'roles': ['Reader', 'Editor'], 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'reference': Oguid.for_object(task).id }], RoleAssignmentManager(document).storage._storage()) self.assertItemsEqual([{ 'principal': self.regular_user.id, 'roles': ['Contributor'], 'cause': ASSIGNMENT_VIA_TASK, 'reference': Oguid.for_object(task).id }, { 'principal': u'fa_inbox_users', 'roles': ['Contributor'], 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'reference': Oguid.for_object(task).id }], RoleAssignmentManager( self.empty_dossier).storage._storage())
def test_closing_does_not_revoke_roles_on_distinct_parent_if_revoke_permission_is_false( self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-resolved', self.meeting_task) self.meeting_task.revoke_permissions = False self.assertEqual((('fa_inbox_users', ('Contributor', )), ('franzi.muller', ('Owner', )), ('robert.ziegler', ('Contributor', ))), self.meeting_dossier.get_local_roles()) storage = RoleAssignmentManager(self.meeting_dossier).storage self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': self.dossier_responsible.id }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': 'fa_inbox_users' }, { 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_subtask), 'principal': self.dossier_responsible.id }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_subtask), 'principal': 'fa_inbox_users' }], storage._storage()) # close subtask browser.open(self.meeting_subtask, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.click_on('Save') browser.open(self.meeting_task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.click_on('Save') self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': self.dossier_responsible.id }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': 'fa_inbox_users' }], storage._storage()) self.assertEqual((('fa_inbox_users', ('Contributor', )), ('franzi.muller', ('Owner', )), ('robert.ziegler', ('Contributor', ))), self.meeting_dossier.get_local_roles())
def reply(self): principal_id = self.read_params() manager = RoleAssignmentManager(self.context) assignments = manager.get_assignments_by_principal_id(principal_id) return [ assignment.serialize() for assignment in assignments if assignment.cause != ASSIGNMENT_VIA_SHARING ]
def test_closing_does_not_revoke_roles_on_distinct_parent_if_revoke_permission_is_false(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-resolved', self.meeting_task) self.meeting_task.revoke_permissions = False self.assertEqual( (('fa_inbox_users', ('Contributor',)), ('franzi.muller', ('Owner',)), ('robert.ziegler', ('Contributor',))), self.meeting_dossier.get_local_roles()) storage = RoleAssignmentManager(self.meeting_dossier).storage self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': self.dossier_responsible.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': 'fa_inbox_users'}, {'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_subtask), 'principal': self.dossier_responsible.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_subtask), 'principal': 'fa_inbox_users'}], storage._storage()) # close subtask browser.open(self.meeting_subtask, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.click_on('Save') browser.open(self.meeting_task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.click_on('Save') self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': self.dossier_responsible.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Contributor'], 'reference': Oguid.for_object(self.meeting_task), 'principal': 'fa_inbox_users'}], storage._storage()) self.assertEqual( (('fa_inbox_users', ('Contributor',)), ('franzi.muller', ('Owner',)), ('robert.ziegler', ('Contributor',))), self.meeting_dossier.get_local_roles())
def test_cancelling_a_task_revokes_roles(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-open', self.subtask) # cancel browser.open(self.subtask, view='tabbedview_view-overview') browser.click_on('task-transition-open-cancelled') browser.click_on('Save') storage = RoleAssignmentManager(self.subtask).storage self.assertEqual([], storage._storage())
def add_role_assignment_to_proposal(self, document, task): document_manager = RoleAssignmentManager(document) # abort if we do not have an assignment for local roles in the # document. it might be this is one of the migrated tasks where the # assignment has only been set for sharing but not based on the local # roles for the tasks. if not document_manager.get_assignments_by_cause(ASSIGNMENT_VIA_TASK): return # if we have an assignment it should be safe to set the assignment # again as would happen when the task has been modified. LocalRolesSetter(task).set_roles(event=None)
def test_guarded_by_modify_portal_content(self): self.login(self.regular_user) self.assertIn(self.transition, self.get_workflow_transitions_for(self.task)) RoleAssignmentManager(self.portal).add_or_update_assignment( SharingRoleAssignment(self.reader_user.getId(), ['Reader']), ) RoleAssignmentManager(self.dossier).add_or_update_assignment( SharingRoleAssignment(self.reader_user.getId(), ['Reader']), ) self.login(self.reader_user) self.assertNotIn(self.transition, self.get_workflow_transitions_for(self.task))
def test_closing_a_direct_execution_task_revokes_roles(self, browser): self.login(self.regular_user, browser=browser) self.subtask.task_type = 'direct-execution' self.subtask.sync() self.set_workflow_state('task-state-in-progress', self.subtask) # close browser.open(self.subtask, view='tabbedview_view-overview') browser.click_on('task-transition-in-progress-tested-and-closed') browser.click_on('Save') storage = RoleAssignmentManager(self.subtask).storage self.assertEqual([], storage._storage())
def test_add_register_assignment_in_the_storage(self): self.login(self.regular_user) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update(self.secretariat_user.id, ['Editor', 'Contributor', 'Reader'], ASSIGNMENT_VIA_TASK, self.task) self.assertEquals( [{'principal': self.secretariat_user.id, 'roles': ['Editor', 'Contributor', 'Reader'], 'cause': ASSIGNMENT_VIA_TASK, 'reference': Oguid.for_object(self.task).id}], manager.storage._storage())
def execute(self): obj = super(CreateDocumentFromTemplateCommand, self).execute() DocPropertyWriter(obj, recipient_data=self.recipient_data).initialize() # Set blocking of role inheritance based on the template object if self.block_role_inheritance is not None: obj.__ac_local_roles_block__ = self.block_role_inheritance # Copy the local roles assignations over from the template if self.role_assignments is not None: manager = RoleAssignmentManager(obj) # Passing an empty iterable in here creates an empty mapping manager.add_or_update_assignments(self.role_assignments) return obj
def test_revokes_permissions_on_proposal(self): self.login(self.dossier_responsible) intids = getUtility(IIntIds) relation = RelationValue(intids.getId(self.proposaldocument)) ITask(self.subtask).relatedItems.append(relation) notify(ObjectModifiedEvent(self.subtask)) self.set_workflow_state('task-state-tested-and-closed', self.subtask) expected_assignments = [{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Reader', 'Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': self.regular_user.id }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Reader', 'Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': u'fa_inbox_users' }] document_storage = RoleAssignmentManager(self.proposaldocument).storage self.assertEqual(expected_assignments, document_storage._storage()) proposal_storage = RoleAssignmentManager(self.proposal).storage self.assertEqual(expected_assignments, proposal_storage._storage()) RevokePermissions(self.subtask, self.request)() self.assertEqual([], proposal_storage._storage()) self.assertEqual([], document_storage._storage())
def test_add_register_assignment_in_the_storage(self): self.login(self.regular_user) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update(self.secretariat_user.id, ['Editor', 'Contributor', 'Reader'], ASSIGNMENT_VIA_TASK, self.task) self.assertEquals([{ 'principal': self.secretariat_user.id, 'roles': ['Editor', 'Contributor', 'Reader'], 'cause': ASSIGNMENT_VIA_TASK, 'reference': Oguid.for_object(self.task).id }], manager.storage._storage())
def test_redirects_to_portal_when_current_user_has_no_longer_view_permission( self, browser): self.login(self.regular_user, browser=browser) api.content.disable_roles_acquisition(obj=self.dossier) self.assign_task(self.secretariat_user, u'Thats a job for you.') manager = RoleAssignmentManager(self.task) self.assertEqual([{ 'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task).id, 'principal': 'jurgen.konig' }, { 'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.task).id, 'principal': u'fa_inbox_users' }], manager.storage._storage()) self.assertEqual(self.portal.absolute_url(), browser.url) self.assertEqual([ 'Task successfully reassigned. You are no longer permitted to ' 'access the task.' ], info_messages())
def test_only_users_with_local_roles_with_view_permissions_are_found_by_search( self): self.login(self.workspace_admin) source = ActualWorkspaceMembersSource(self.workspace) results = source.search(self.workspace_guest.id) self.assertEqual(1, len(results)) self.assertEqual(self.workspace_guest.id, results[0].value) results = source.search(self.regular_user.id) self.assertEqual(0, len(results)) # Assigning WorkspaceGuest to regular_user and check that he is then # found in the ActualWorkspaceMembersSource RoleAssignmentManager(self.workspace).add_or_update( self.regular_user.id, ['WorkspaceGuest'], ASSIGNMENT_VIA_INVITATION) results = source.search(self.regular_user.id) self.assertEqual(1, len(results)) self.assertEqual(self.regular_user.id, results[0].value) # Only local roles that give view permissions are considered for # users found in the ActualWorkspaceMembersSource self.workspace.manage_permission('View', roles=[]) results = source.search(self.regular_user.id) self.assertEqual(0, len(results)) results = source.search(self.workspace_guest.id) self.assertEqual(0, len(results))
def assign_owner_role_on_creation(workspace, event): """The creator of the workspace should have the WorkspaceOwner role, so that the she / he can access the workspace. """ owner_userid = workspace.Creator() assignment = SharingRoleAssignment(owner_userid, ['WorkspaceOwner']) RoleAssignmentManager(workspace).add_or_update_assignment(assignment)
def test_subdossiers_the_user_cannot_view_can_also_block_deactivation( self, browser): with self.login(self.dossier_manager): # Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier self.assertFalse( getattr(self.subsubdossier, '__ac_local_roles_block__', False)) dossier_protector = IProtectDossier(self.subsubdossier) dossier_protector.dossier_manager = self.dossier_manager.getId() dossier_protector.reading = [self.secretariat_user.getId()] dossier_protector.protect() self.assertTrue( getattr(self.subsubdossier, '__ac_local_roles_block__', False)) self.assertFalse( api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier), 'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.', ) # Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user RoleAssignmentManager(self.subdossier).add_or_update_assignment( SharingRoleAssignment(self.regular_user.getId(), ['Reader', 'Contributor', 'Editor'])) self.login(self.regular_user, browser) self.deactivate(self.subdossier, browser) expected_msgs = [ u"The Dossier 2016 contains a subdossier " u"which can't be deactivated by the user." ] self.assert_errors(self.subdossier, browser, expected_msgs)
def _modify(self, token, role, type_): if not token or not type_: raise BadRequest('No userid or type provided.') if role not in MANAGED_ROLES: raise Unauthorized('Inavlid role provided.') if token == api.user.get_current().id: raise Unauthorized('Not allowed to modify the current user.') if type_ == 'user': user_roles = api.user.get_roles(username=token, obj=self.context, inherit=False) if user_roles and 'WorkspaceOwner' not in user_roles: assignment = InvitationRoleAssignment(token, [role], self.context) RoleAssignmentManager( self.context).add_or_update_assignment(assignment) self.context.setModificationDate() self.context.reindexObject(idxs=['modified']) self.request.RESPONSE.setStatus(204) return True else: raise BadRequest('User does not have any local roles') elif type_ == 'invitation': storage = getUtility(IInvitationStorage) storage.update_invitation(token, role=role) else: raise BadRequest('Wrong type')
def test_update_localroles_if_user_has_changed_protection_fields( self, browser): self.login(self.dossier_manager, browser) browser.open(self.leaf_repofolder) factoriesmenu.add(u'Business Case Dossier') browser.fill({'Title': 'My Dossier'}) form = browser.find_form_by_field('Reading') form.find_widget('Reading and writing').fill(self.regular_user.getId()) browser.click_on('Save') new_dossier = browser.context RoleAssignmentManager(new_dossier).add_or_update_assignment( SharingRoleAssignment('projekt_a', ['Contributor'])) self.assert_local_roles( IProtectDossier(new_dossier).READING_AND_WRITING_ROLES, self.regular_user.getId(), new_dossier) self.assert_local_roles(['Contributor'], 'projekt_a', new_dossier) browser.open(new_dossier, view="@@edit") browser.fill({'Title': 'My new Dossier'}) form = browser.find_form_by_field('Reading') form.find_widget('Reading and writing').fill([]) form.find_widget('Reading').fill([self.regular_user.getId()]) browser.click_on('Save') self.assert_local_roles( IProtectDossier(new_dossier).READING_ROLES, self.regular_user.getId(), new_dossier) self.assert_local_roles([], 'projekt_a', new_dossier)
def revoke_on_related_items(self): for item in getattr(aq_base(self.task), 'relatedItems', []): document = item.to_object manager = RoleAssignmentManager(document) manager.clear(ASSIGNMENT_VIA_TASK, self.responsible_permission_identfier, self.task) manager.clear(ASSIGNMENT_VIA_TASK_AGENCY, self.inbox_group_id, self.task) if self._is_inside_a_proposal(document): proposal = document.get_proposal() manager = RoleAssignmentManager(proposal) manager.clear(ASSIGNMENT_VIA_TASK, self.responsible_permission_identfier, self.task) manager.clear(ASSIGNMENT_VIA_TASK_AGENCY, self.inbox_group_id, self.task)
def test_add_updates_when_assignment_exists(self): self.login(self.regular_user) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update(self.secretariat_user.id, ['Editor', 'Contributor', 'Reader'], ASSIGNMENT_VIA_SHARING) # update manager.add_or_update(self.secretariat_user.id, ['Reader'], ASSIGNMENT_VIA_SHARING) self.assertEquals( [{'principal': self.secretariat_user.id, 'roles': ['Reader', ], 'cause': ASSIGNMENT_VIA_SHARING, 'reference': None}], manager.storage._storage())
def __init__(self, context, template_doc, title, recipient_data=tuple()): data = getattr(template_doc.get_file(), "data", None) super(CreateDocumentFromTemplateCommand, self).__init__( context, template_doc.get_filename(), data, title=title) self.recipient_data = recipient_data # Grab blocking of role inheritance self.block_role_inheritance = getattr( template_doc, '__ac_local_roles_block__', None) # Grab the local roles assignations from the template, if any self.role_assignments = None manager = RoleAssignmentManager(template_doc) if manager.has_storage(): self.role_assignments = tuple( RoleAssignment(**assignment) for assignment in manager.storage.get_all() )
def test_sharing_view_handles_groupids_with_spaces(self, browser): self.login(self.administrator, browser=browser) group_id = 'group with spaces' create(Builder('group') .with_groupid(group_id) .having(title='Group with sapces')) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update_assignment( TaskRoleAssignment(group_id, ['Reader'], self.task)) browser.open(self.empty_dossier, view='@sharing', method='Get', headers={'Accept': 'application/json'}) entry = [entry for entry in browser.json['entries'] if entry['id'] == u'group with spaces'][0] self.assertEquals( u'http://nohost/plone/@@list_groupmembers?group=group+with+spaces', entry['url'])
def _update_role_settings(self, new_settings, reindex=True): """Replaced because we need our own permission manager stuff. """ assignments = [] principals_to_clear = [] for s in new_settings: principal = s['id'] selected_roles = frozenset(s['roles']) if not selected_roles: principals_to_clear.append(principal) continue assignments.append(SharingRoleAssignment(principal, selected_roles)) manager = RoleAssignmentManager(self.context) if assignments: manager.reset(assignments) else: manager.clear_by_cause_and_principals( ASSIGNMENT_VIA_SHARING, principals_to_clear)
def __init__(self, context, template): kw = self._get_additional_attributes(template) self.fields = kw["IOpenGeverBase"] del kw["IOpenGeverBase"] self.additional_fields = kw # Grab blocking of role inheritance self.block_role_inheritance = getattr( template, '__ac_local_roles_block__', None) # Grab the local roles assignations from the template, if any self.role_assignments = None manager = RoleAssignmentManager(template) if manager.has_storage(): self.role_assignments = tuple( RoleAssignment(**assignment) for assignment in manager.storage.get_all() ) super(CreateDossierFromTemplateCommand, self).__init__( context, **self.fields)
def test_closing_does_not_revoke_roles_on_proposal_if_revoke_permission_is_false(self, browser): self.login(self.dossier_responsible, browser=browser) self.task.revoke_permissions = False intids = getUtility(IIntIds) relation = RelationValue(intids.getId(self.proposaldocument)) ITask(self.task).relatedItems.append(relation) notify(ObjectModifiedEvent(self.task)) expected_assignments = [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Reader', 'Editor'], 'reference': Oguid.for_object(self.task), 'principal': self.regular_user.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Reader', 'Editor'], 'reference': Oguid.for_object(self.task), 'principal': u'fa_inbox_users'}] document_storage = RoleAssignmentManager(self.proposaldocument).storage self.assertEqual(expected_assignments, document_storage._storage()) proposal_storage = RoleAssignmentManager(self.proposal).storage self.assertEqual(expected_assignments, proposal_storage._storage()) self.set_workflow_state('task-state-tested-and-closed', self.subtask) self.set_workflow_state('task-state-resolved', self.task) notify(ObjectModifiedEvent(self.task)) browser.open(self.task, view='tabbedview_view-overview') browser.click_on('task-transition-resolved-tested-and-closed') browser.click_on('Save') self.assertEqual(expected_assignments, proposal_storage._storage()) self.assertEqual(expected_assignments, document_storage._storage())
def revoke_on_distinct_parent(self): distinct_parent = self.get_distinct_parent() # We disabled reindexObjectSecurity and reindex the security manually # instead, to avoid reindexing all objects including all documents. # Because there View permission isn't affected by the `Contributor` role # on the dossier. catalog = api.portal.get_tool('portal_catalog') subdossiers = [brain.getObject() for brain in catalog( object_provides=[IDossierMarker.__identifier__, IProposal.__identifier__], path='/'.join(distinct_parent.getPhysicalPath()))] manager = RoleAssignmentManager(distinct_parent) manager.clear( ASSIGNMENT_VIA_TASK, self.responsible_permission_identfier, self.task, reindex=False) manager.clear(ASSIGNMENT_VIA_TASK_AGENCY, self.inbox_group_id, self.task, reindex=False) for dossier in subdossiers: reindex_object_security_without_children(dossier)
def test_sharing_view_extends_information(self, browser): self.login(self.administrator, browser=browser) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update_assignment( TaskRoleAssignment( self.regular_user.id, ['Contributor'], self.task)) manager.add_or_update_assignment( SharingRoleAssignment( self.regular_user.id, ['Reader', 'Editor', 'Contributor'])) browser.open(self.empty_dossier, view='@sharing', method='Get', headers={'Accept': 'application/json'}) entries = browser.json['entries'] self.assertEquals( {u'automatic_roles': {u'Contributor': True, u'Editor': False, u'Publisher': False, u'Reader': False, u'Reviewer': False}, u'computed_roles': {u'Contributor': True, u'Editor': True, u'Publisher': False, u'Reader': True, u'Reviewer': False}, u'disabled': False, u'id': u'kathi.barfuss', u'login': u'kathi.barfuss', u'roles': {u'Contributor': True, u'Editor': True, u'Publisher': False, u'Reader': True, u'Reviewer': False}, u'title': u'B\xe4rfuss K\xe4thi', u'type': u'user', u'url': u'http://nohost/plone/@@user-details-plain/kathi.barfuss'}, [item for item in entries if item['id'] == self.regular_user.id][0])
def test_cancelling_a_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser): self.login(self.dossier_responsible, browser=browser) self.set_workflow_state('task-state-open', self.subtask) self.subtask.revoke_permissions = False # cancel browser.open(self.subtask, view='tabbedview_view-overview') browser.click_on('task-transition-open-cancelled') browser.click_on('Save') storage = RoleAssignmentManager(self.subtask).storage self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': self.regular_user.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': 'fa_inbox_users'}], storage._storage())
def test_closing_direct_execution_task_does_not_revoke_roles_if_revoke_permission_is_false(self, browser): self.login(self.regular_user, browser=browser) self.subtask.revoke_permissions = False self.subtask.task_type = 'direct-execution' self.subtask.sync() self.set_workflow_state('task-state-in-progress', self.subtask) # close browser.open(self.subtask, view='tabbedview_view-overview') browser.click_on('task-transition-in-progress-tested-and-closed') browser.click_on('Save') storage = RoleAssignmentManager(self.subtask).storage self.assertEqual( [{'cause': ASSIGNMENT_VIA_TASK, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': self.regular_user.id}, {'cause': ASSIGNMENT_VIA_TASK_AGENCY, 'roles': ['Editor'], 'reference': Oguid.for_object(self.subtask), 'principal': 'fa_inbox_users'}], storage._storage())
def execute(self): obj = super(CreateDossierFromTemplateCommand, self).execute() schemas = iterSchemataForType(self.portal_type) for schema in schemas: schema_name = BEHAVIOR_INTERFACE_MAPPING.get( schema.getName(), schema.getName()) if schema_name not in self.additional_fields: continue behavior = schema(obj) for prop_name in self.additional_fields[schema_name]: setattr(behavior, prop_name, self.additional_fields[schema_name][prop_name]) # Set blocking of role inheritance based on the template object if self.block_role_inheritance is not None: obj.__ac_local_roles_block__ = self.block_role_inheritance # Copy the local roles assignations over from the template if self.role_assignments is not None: manager = RoleAssignmentManager(obj) # Passing an empty iterable in here creates an empty mapping manager.add_or_update_assignments(self.role_assignments) return obj
def test_sets_local_roles_when_adding(self): self.login(self.regular_user) manager = RoleAssignmentManager(self.empty_dossier) manager.add_or_update(self.secretariat_user.id, ['Editor', 'Contributor', 'Reader'], ASSIGNMENT_VIA_SHARING) manager.add_or_update(self.secretariat_user.id, ['Reader'], ASSIGNMENT_VIA_TASK, self.task) manager.add_or_update(self.regular_user.id, ['Publisher', 'Reviewer'], ASSIGNMENT_VIA_SHARING) self.assertEquals( (('jurgen.konig', ('Contributor', 'Editor', 'Reader')), ('kathi.barfuss', ('Publisher', 'Reviewer')), ('robert.ziegler', ('Owner',))), self.empty_dossier.get_local_roles())
def revoke_roles_on_task(self): manager = RoleAssignmentManager(self.task) manager.clear(ASSIGNMENT_VIA_TASK, self.responsible_permission_identfier, self.task) manager.clear(ASSIGNMENT_VIA_TASK_AGENCY, self.inbox_group_id, self.task)
def add_role_assignments(self, obj): storage = RoleAssignmentManager(obj).storage for principal, roles in obj.get_local_roles(): storage.add_or_update( principal, roles, ASSIGNMENT_VIA_SHARING, None)