def testPermissions(self):
for content in self.demo_instances:
self.assertTrue(checkPerm(permissions.View, content))
self.assertTrue(
checkPerm(permissions.AccessContentsInformation, content))
self.assertTrue(
checkPerm(permissions.ModifyPortalContent, content))
def test_view_comments(self):
"""Make sure published comments can be viewed by everyone.
"""
# Owner is allowed
# self.login(default_user)
# self.assertTrue(checkPerm(View, self.doc))
# Member is allowed
login(self.portal, TEST_USER_NAME)
workflow = self.portal.portal_workflow
workflow.doActionFor(self.doc, 'publish')
login(self.portal, 'member')
self.assertTrue(checkPerm(View, self.comment))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(View, self.comment))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(View, self.comment))
# Editor is allowed
login(self.portal, 'editor')
self.assertTrue(checkPerm(View, self.comment))
# Reader is allowed
login(self.portal, 'reader')
self.assertTrue(checkPerm(View, self.comment))
def testPermissions(self):
for content in self.demo_instances:
# XXX: Strangely enough we have correct permissions here, but not so
# in initializeArchetype
self.failUnless(checkPerm(permissions.View, content))
self.failUnless(checkPerm(permissions.AccessContentsInformation, content))
self.failUnless(checkPerm(permissions.ModifyPortalContent, content))
def test_view_comments(self):
"""Make sure published comments can be viewed by everyone.
"""
# Owner is allowed
# self.login(default_user)
# self.assertTrue(checkPerm(View, self.doc))
# Member is allowed
login(self.portal, TEST_USER_NAME)
workflow = self.portal.portal_workflow
workflow.doActionFor(self.doc, 'publish')
login(self.portal, 'member')
self.assertTrue(checkPerm(View, self.comment))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(View, self.comment))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(View, self.comment))
# Editor is allowed
login(self.portal, 'editor')
self.assertTrue(checkPerm(View, self.comment))
# Reader is allowed
login(self.portal, 'reader')
self.assertTrue(checkPerm(View, self.comment))
def testPermissions(self):
for content in self.demo_instances:
self.assertTrue(checkPerm(permissions.View, content))
self.assertTrue(
checkPerm(permissions.AccessContentsInformation, content))
self.assertTrue(checkPerm(permissions.ModifyPortalContent,
content))
def testAutoPublishMemberposting(self):
self.login('member')
self.failUnless(checkPerm(permissions.ApproveComment, self.forum))
self.failUnless(checkPerm(permissions.ApproveComment, self.conv))
self.failUnless(checkPerm(permissions.ApproveComment, self.comment))
self.assertEqual(self.workflow.getInfoFor(self.forum, 'review_state'), 'memberposting')
self.assertEqual(self.workflow.getInfoFor(self.conv, 'review_state'), 'active')
self.assertEqual(self.workflow.getInfoFor(self.comment, 'review_state'), 'published')
def test_publish_comment_on_private_content_does_not_make_comment_visible_to_world(self):
logout()
self.assertFalse(checkPerm(View, self.comment))
# publish comment and check again
login(self.portal, TEST_USER_NAME)
workflow = self.portal.portal_workflow
workflow.doActionFor(self.comment, 'publish')
logout()
self.assertFalse(checkPerm(View, self.comment))
def test_publish_comment_on_private_content_not_visible_to_world(self):
logout()
self.assertFalse(checkPerm(View, self.comment))
# publish comment and check again
login(self.portal, TEST_USER_NAME)
workflow = self.portal.portal_workflow
workflow.doActionFor(self.comment, 'publish')
logout()
self.assertFalse(checkPerm(View, self.comment))
def testCommentEditing(self):
self.login('manager')
conv = self.forum.addConversation('conv2', 'conv2 body')
self.failUnless(checkPerm(permissions.EditComment, self.comment))
self.logout()
self.login('member2')
self.failIf(checkPerm(permissions.EditComment, self.comment))
def testCommentEditing(self):
self.login('manager')
conv = self.forum.addConversation('conv2', 'conv2 body')
self.failUnless(checkPerm(permissions.EditComment, self.comment))
self.logout()
self.login('member2')
self.failIf(checkPerm(permissions.EditComment, self.comment))
def testViewVisibleFolder(self):
# Owner is allowed
self.assertTrue(checkPerm(View, self.dir))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(View, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(View, self.dir))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(View, self.dir))
def testListVisibleFolderContents(self):
# Owner is allowed
self.failUnless(checkPerm(ListFolderContents, self.dir))
# Member is denied
self.login('member')
self.failIf(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ListFolderContents, self.dir))
def testModifyVisibleEvent(self):
# Owner is allowed
self.failUnless(checkPerm(ChangeEvents, self.ev))
# Member is denied
self.login('member')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ChangeEvents, self.ev))
def testModifyVisibleEvent(self):
# Owner is allowed
self.assertTrue(checkPerm(ChangeEvents, self.ni))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ChangeEvents, self.ni))
def testViewVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(View, self.doc))
# Member is allowed
self.login("member")
self.failUnless(checkPerm(View, self.doc))
# Reviewer is allowed
self.login("reviewer")
self.failUnless(checkPerm(View, self.doc))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(View, self.doc))
def test_modify_permission_new_state(self):
perm = 'Modify portal content'
self.user('Manager')
self.assertTrue(checkPerm(perm, self.reg))
self.user('Editor')
self.assertTrue(checkPerm(perm, self.reg))
self.user('Member')
self.assertFalse(checkPerm(perm, self.reg))
self.user('Owner')
self.assertTrue(checkPerm(perm, self.reg))
logout()
self.assertFalse(checkPerm(perm, self.reg))
def test_view_permission_new_state(self):
perm = 'View'
self.user('Manager')
self.assertTrue(checkPerm(perm, self.reg))
self.user('Editor')
self.assertTrue(checkPerm(perm, self.reg))
self.user('Member')
self.assertFalse(checkPerm(perm, self.reg))
self.user('Owner')
self.assertTrue(checkPerm(perm, self.reg))
logout()
self.assertFalse(checkPerm(perm, self.reg))
def testAccessVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed
self.login("member")
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login("reviewer")
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
def testModifyVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login("member")
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is denied
self.login("reviewer")
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ModifyPortalContent, self.doc))
def testViewVisibleFolder(self):
# Owner is allowed
self.failUnless(checkPerm(View, self.dir))
# Member is allowed
self.login('member')
self.failUnless(checkPerm(View, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(View, self.dir))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(View, self.dir))
def testModifyVisibleEvent(self):
# Owner is allowed
self.assertTrue(checkPerm(ChangeEvents, self.ni))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ChangeEvents, self.ni))
def testModifyVisibleEvent(self):
# Owner is allowed
self.failUnless(checkPerm(ChangeEvents, self.ev))
# Member is denied
self.login('member')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ChangeEvents, self.ev))
def testViewVisibleFolder(self):
# Owner is allowed
self.assertTrue(checkPerm(View, self.dir))
# Member is allowed
login(self.portal, 'member')
self.assertTrue(checkPerm(View, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(View, self.dir))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(View, self.dir))
def testAccessVisibleFolderContents(self):
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Member is allowed
login(self.portal, 'member')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
def testAccessVisibleDocument(self):
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
def testViewVisibleDocument(self):
# Owner is allowed
self.assertTrue(checkPerm(View, self.doc))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(View, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(View, self.doc))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(View, self.doc))
def testAccessVisibleFolderContents(self):
# Owner is allowed
self.failUnless(checkPerm(AccessContentsInformation, self.dir))
# Member is allowed
self.login('member')
self.failUnless(checkPerm(AccessContentsInformation, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(AccessContentsInformation, self.dir))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(AccessContentsInformation, self.dir))
def testListVisibleFolderContents(self):
# Owner is allowed
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Member is denied
login(self.portal, 'member')
self.assertFalse(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
logout()
self.assertFalse(checkPerm(ListFolderContents, self.dir))
def testModifyVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ModifyPortalContent, self.doc))
def testListVisibleFolderContents(self):
# Owner is allowed
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ListFolderContents, self.dir))
def testAccessVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed
self.login('member')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
def testAccessVisibleFolderContents(self):
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
def testViewVisibleDocument(self):
# Owner is allowed
self.failUnless(checkPerm(View, self.doc))
# Member is allowed
self.login('member')
self.failUnless(checkPerm(View, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(View, self.doc))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(View, self.doc))
def testModifyVisibleDocument(self):
# Owner is allowed
self.assertTrue(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
def testAccessPrivateDocument(self):
self.workflow.doActionFor(self.doc, 'hide')
# Owner is allowed
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Member is denied
self.login('member')
self.failIf(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(AccessContentsInformation, self.doc))
def testModifyPrivateDocument(self):
self.workflow.doActionFor(self.doc, 'hide')
# Owner is allowed
self.assertTrue(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
def testViewPendingDocument(self):
self.workflow.doActionFor(self.doc, 'submit')
# Owner is allowed
self.assertTrue(checkPerm(View, self.doc))
# Member is allowed (TODO:?)
self.login('member')
self.assertTrue(checkPerm(View, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(View, self.doc))
# Anonymous is allowed (TODO:?)
self.logout()
self.assertTrue(checkPerm(View, self.doc))
def testListPrivateFolderContents(self):
self.workflow.doActionFor(self.dir, 'hide')
# Owner is allowed
self.failUnless(checkPerm(ListFolderContents, self.dir))
# Member is denied
self.login('member')
self.failIf(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ListFolderContents, self.dir))
def testModifyPendingEvent(self):
self.workflow.doActionFor(self.ni, 'submit')
# Owner is denied
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(ChangeEvents, self.ni))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ChangeEvents, self.ni))
def testViewPrivateFolder(self):
self.workflow.doActionFor(self.dir, 'hide')
# Owner is allowed
self.assertTrue(checkPerm(View, self.dir))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(View, self.dir))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(View, self.dir))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(View, self.dir))
def testAccessPendingDocument(self):
self.workflow.doActionFor(self.doc, 'submit')
# Owner is allowed
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed (TODO:?)
self.login('member')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed (TODO:?)
self.logout()
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
def testModifyPendingDocument(self):
self.workflow.doActionFor(self.doc, 'submit')
# Owner is denied
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ModifyPortalContent, self.doc))
def testAccessPendingDocument(self):
self.workflow.doActionFor(self.doc, 'submit')
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed (TODO:?)
self.login('member')
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed (TODO:?)
self.logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
def testModifyPendingEvent(self):
self.workflow.doActionFor(self.ev, 'submit')
# Owner is denied
self.failIf(checkPerm(ChangeEvents, self.ev))
# Member is denied
self.login('member')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(ChangeEvents, self.ev))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ChangeEvents, self.ev))
def testListPublishedFolderContents(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ListFolderContents, self.dir))
def testModifyPendingDocument(self):
self.workflow.doActionFor(self.doc, 'submit')
# Owner is denied
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ModifyPortalContent, self.doc))
def testAccessPublishedFolderContents(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
def testModifyPendingEvent(self):
self.workflow.doActionFor(self.ni, 'submit')
# Owner is denied
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(ChangeEvents, self.ni))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(ChangeEvents, self.ni))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(ChangeEvents, self.ni))
def testModifyPublishedFolderContents(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.failUnless(checkPerm(ModifyPortalContent, self.dir))
# Member is denied
self.login('member')
self.failIf(checkPerm(ModifyPortalContent, self.dir))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ModifyPortalContent, self.dir))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ModifyPortalContent, self.dir))
def testAccessPrivateDocument(self):
self.workflow.doActionFor(self.doc, 'hide')
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.doc))
# Member is denied
self.login('member')
self.assertFalse(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is denied
self.login('reviewer')
self.assertFalse(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is denied
self.logout()
self.assertFalse(checkPerm(AccessContentsInformation, self.doc))
def testListPublishedFolderContents(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Member is denied
login(self.portal, 'member')
self.assertFalse(checkPerm(ListFolderContents, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(ListFolderContents, self.dir))
# Anonymous is denied
logout()
self.assertFalse(checkPerm(ListFolderContents, self.dir))
def testViewPublishedFolder(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(View, self.dir))
# Member is allowed
self.login('member')
self.assertTrue(checkPerm(View, self.dir))
# Reviewer is allowed
self.login('reviewer')
self.assertTrue(checkPerm(View, self.dir))
# Anonymous is allowed
self.logout()
self.assertTrue(checkPerm(View, self.dir))
def testModifyPrivateFolderContents(self):
self.workflow.doActionFor(self.dir, 'hide')
# Owner is allowed
self.assertTrue(checkPerm(ModifyPortalContent, self.dir))
# Member is denied
login(self.portal, 'member')
self.assertFalse(checkPerm(ModifyPortalContent, self.dir))
# Reviewer is denied
login(self.portal, 'reviewer')
self.assertFalse(checkPerm(ModifyPortalContent, self.dir))
# Anonymous is denied
logout()
self.assertFalse(checkPerm(ModifyPortalContent, self.dir))
def testAccessPublishedFolderContents(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Member is allowed
login(self.portal, 'member')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(AccessContentsInformation, self.dir))
def testViewPublishedFolder(self):
self.workflow.doActionFor(self.dir, 'publish')
# Owner is allowed
self.assertTrue(checkPerm(View, self.dir))
# Member is allowed
login(self.portal, 'member')
self.assertTrue(checkPerm(View, self.dir))
# Reviewer is allowed
login(self.portal, 'reviewer')
self.assertTrue(checkPerm(View, self.dir))
# Anonymous is allowed
logout()
self.assertTrue(checkPerm(View, self.dir))
def testAutoPublishMemberposting(self):
self.login('member')
self.failUnless(checkPerm(permissions.ApproveComment, self.forum))
self.failUnless(checkPerm(permissions.ApproveComment, self.conv))
self.failUnless(checkPerm(permissions.ApproveComment, self.comment))
self.assertEqual(self.workflow.getInfoFor(self.forum, 'review_state'),
'memberposting')
self.assertEqual(self.workflow.getInfoFor(self.conv, 'review_state'),
'active')
self.assertEqual(
self.workflow.getInfoFor(self.comment, 'review_state'),
'published')
def testAccessPublishedDocument(self):
self.login('reviewer')
self.workflow.doActionFor(self.doc, 'publish')
# Owner is allowed
self.login(default_user)
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Member is allowed
self.login('member')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Reviewer is allowed
self.login('reviewer')
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
# Anonymous is allowed
self.logout()
self.failUnless(checkPerm(AccessContentsInformation, self.doc))
def testModifyPublishedDocument(self):
self.login('reviewer')
self.workflow.doActionFor(self.doc, 'publish')
# Owner is denied
self.login(default_user)
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Member is denied
self.login('member')
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ModifyPortalContent, self.doc))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ModifyPortalContent, self.doc))
def testModifyPublishedEvent(self):
self.login('reviewer')
self.workflow.doActionFor(self.ev, 'publish')
# Owner is denied
self.login(default_user)
self.failIf(checkPerm(ChangeEvents, self.ev))
# Member is denied
self.login('member')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Reviewer is denied
self.login('reviewer')
self.failIf(checkPerm(ChangeEvents, self.ev))
# Anonymous is denied
self.logout()
self.failIf(checkPerm(ChangeEvents, self.ev))
