def testVocabularyMissing(self):
view = VocabularyView(self.portal, self.request)
self.request.form.update({
'name': 'vocabulary.that.does.not.exist',
})
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
def testVocabularyBatching(self):
amount = 30
for i in xrange(amount):
self.portal.invokeFactory('Document',
id="page" + str(i),
title="Page" + str(i))
self.portal['page' + str(i)].reindexObject()
view = VocabularyView(self.portal, self.request)
query = {
'criteria': [{
'i': 'path',
'o': 'plone.app.querystring.operation.string.path',
'v': '/plone'
}]
}
# batch pages are 1-based
self.request.form.update({
'name': 'plone.app.vocabularies.Catalog',
'query': json.dumps(query),
'attributes': ['UID', 'id', 'title', 'path'],
'batch': {
'page': '1',
'size': '10'
}
})
data = json.loads(view())
self.assertEquals(len(data['results']), 10)
self.assertEquals(data['total'], amount)
def testVocabularyFunctionQueryString(self):
"""Test querying a function based vocabulary with a search string.
"""
view = VocabularyView(self.portal, self.request)
self.request.form.update({'name': 'vocab_function', 'query': 'third'})
data = json.loads(view())
self.assertEquals(len(data['results']), 1)
def test_vocabulary_field_disallowed(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'disallowed_field',
})
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
def test_vocabulary_field_allowed(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'allowed_field',
})
data = json.loads(view())
self.assertEquals(len(data['results']),
len(self.portal.portal_types.objectIds()))
def test_vocabulary_missing_field(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'missing_field',
})
setRoles(self.portal, TEST_USER_ID, ['Member'])
with self.assertRaises(AttributeError):
view()
def testVocabularyUnauthorized(self):
setRoles(self.portal, TEST_USER_ID, [])
view = VocabularyView(self.portal, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.Users',
'query': TEST_USER_NAME
})
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
def test_vocabulary_field_default_permission_wrong_vocab(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.Fake',
'field': 'default_field',
})
setRoles(self.portal, TEST_USER_ID, ['Editor'])
# Now access should be allowed, but the vocabulary does not exist
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
def testPermissionCheckerUnknownField(self):
_enable_permission_checker(self.portal)
view = VocabularyView(self.portal, self.request)
# Unknown field is raises error
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'missing_field',
})
with self.assertRaises(AttributeError):
view()
_disable_permission_checker(self.portal)
def testPermissionCheckerDisallowed(self):
_enable_permission_checker(self.portal)
view = VocabularyView(self.portal, self.request)
# Disallowed field is not allowed
# Allowed field is allowed
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'disallowed_field',
})
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
_disable_permission_checker(self.portal)
def test_vocabulary_on_widget(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'custom_widget_field',
})
data = json.loads(view())
self.assertEquals(len(data['results']),
len(self.portal.portal_types.objectIds()))
self.request.form['name'] = 'plone.app.vocabularies.Fake'
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
def testPermissionCheckerUnknownVocab(self):
_enable_permission_checker(self.portal)
view = VocabularyView(self.portal, self.request)
# Unknown vocabulary gives error
self.request.form.update({
'name': 'vocab.does.not.exist',
'field': 'allowed_field',
})
data = json.loads(view())
self.assertEquals(
data['error'],
'No factory with name "{}" exists.'.format('vocab.does.not.exist'))
_disable_permission_checker(self.portal)
def testPermissionCheckerShortCircuit(self):
_enable_permission_checker(self.portal)
view = VocabularyView(self.portal, self.request)
# Known vocabulary name short-circuits field permission check
# global permission
self.request.form['name'] = 'plone.app.vocabularies.Users'
self.request.form.update({
'name': 'plone.app.vocabularies.Users',
'field': 'disallowed_field',
})
data = json.loads(view())
self.assertEquals(data['results'], [])
_disable_permission_checker(self.portal)
def testPermissionCheckerAllowed(self):
# Setup a custom permission checker on the portal
_enable_permission_checker(self.portal)
view = VocabularyView(self.portal, self.request)
# Allowed field is allowed
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'allowed_field',
})
data = json.loads(view())
self.assertEquals(len(data['results']),
len(self.portal.portal_types.objectIds()))
_disable_permission_checker(self.portal)
def testVocabularyUsers(self):
acl_users = self.portal.acl_users
membership = self.portal.portal_membership
amount = 10
for i in range(amount):
id = 'user' + str(i)
acl_users.userFolderAddUser(id, 'secret', ['Member'], [])
member = membership.getMemberById(id)
member.setMemberProperties(mapping={"fullname": id})
view = VocabularyView(self.portal, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.Users',
'query': 'user'
})
data = json.loads(view())
self.assertEqual(len(data['results']), amount)
def testVocabularyNoResults(self):
"""Tests that the widgets displays correctly
"""
view = VocabularyView(self.portal, self.request)
query = {
'criteria': [{
'i': 'path',
'o': 'plone.app.querystring.operation.string.path',
'v': '/foo'
}]
}
self.request.form.update({
'name': 'plone.app.vocabularies.Catalog',
'query': json.dumps(query)
})
data = json.loads(view())
self.assertEquals(len(data['results']), 0)
def test_vocabulary_field_default_permission(self):
view = VocabularyView(self.portal.test_dx, self.request)
self.request.form.update({
'name': 'plone.app.vocabularies.PortalTypes',
'field': 'default_field',
})
# If the field is does not have a security declaration, the
# default edit permission is tested (Modify portal content)
setRoles(self.portal, TEST_USER_ID, ['Member'])
data = json.loads(view())
self.assertEquals(data['error'], 'Vocabulary lookup not allowed')
setRoles(self.portal, TEST_USER_ID, ['Editor'])
# Now access should be allowed, but the vocabulary does not exist
data = json.loads(view())
self.assertEquals(len(data['results']),
len(self.portal.portal_types.objectIds()))
def testVocabularyCatalogResults(self):
self.portal.invokeFactory('Document', id="page", title="page")
self.portal.page.reindexObject()
view = VocabularyView(self.portal, self.request)
query = {
'criteria': [{
'i': 'path',
'o': 'plone.app.querystring.operation.string.path',
'v': '/plone'
}]
}
self.request.form.update({
'name': 'plone.app.vocabularies.Catalog',
'query': json.dumps(query),
'attributes': ['UID', 'id', 'title', 'path']
})
data = json.loads(view())
self.assertEquals(len(data['results']), 1)
self.portal.manage_delObjects(['page'])