Exemplo n.º 1
0
    def test_update_localroles_if_user_has_changed_protection_fields(
            self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.leaf_repofolder)
        factoriesmenu.add(u'Business Case Dossier')
        browser.fill({'Title': 'My Dossier'})
        form = browser.find_form_by_field('Reading')
        form.find_widget('Reading and writing').fill(self.regular_user.getId())
        browser.click_on('Save')

        new_dossier = browser.context
        RoleAssignmentManager(new_dossier).add_or_update_assignment(
            SharingRoleAssignment('projekt_a', ['Contributor']))

        self.assert_local_roles(
            IProtectDossier(new_dossier).READING_AND_WRITING_ROLES,
            self.regular_user.getId(), new_dossier)

        self.assert_local_roles(['Contributor'], 'projekt_a', new_dossier)

        browser.open(new_dossier, view="@@edit")
        browser.fill({'Title': 'My new Dossier'})
        form = browser.find_form_by_field('Reading')
        form.find_widget('Reading and writing').fill([])
        form.find_widget('Reading').fill([self.regular_user.getId()])
        browser.click_on('Save')

        self.assert_local_roles(
            IProtectDossier(new_dossier).READING_ROLES,
            self.regular_user.getId(), new_dossier)

        self.assert_local_roles([], 'projekt_a', new_dossier)
    def test_protect_dossier_will_add_selected_reading_and_writing_users_to_localroles(
            self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading_and_writing = [self.regular_user.getId()]
        dossier_protector.protect()

        self.assert_local_roles(dossier_protector.READING_AND_WRITING_ROLES,
                                self.regular_user.getId(), self.dossier)
    def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.protect()
        view = getMultiAdapter((self.dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertIsNone(json.loads(view()).get('messages'))
    def test_protect_dossier_will_add_selected_reading_and_writing_users_to_localroles(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading_and_writing = [self.regular_user.getId()]
        dossier_protector.protect()

        self.assert_local_roles(
            dossier_protector.READING_AND_WRITING_ROLES,
            self.regular_user.getId(), self.dossier)
    def test_protect_dossier_wont_exclude_current_logged_in_user(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assert_local_roles(
            IProtectDossier(self.dossier).DOSSIER_MANAGER_ROLES,
            self.dossier_manager.getId(), self.dossier)
    def test_check_protect_dossier_consistency_returns_error_msg_if_inconsistent(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.protect()
        self.dossier.manage_setLocalRoles(self.regular_user.getId(), ['DossierManager'])
        view = getMultiAdapter((self.dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertEqual(1, len(json.loads(view()).get('messages')))
    def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(
            self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.protect()
        view = getMultiAdapter((self.dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertIsNone(json.loads(view()).get('messages'))
Exemplo n.º 8
0
    def test_dossier_manager_can_set_protect_dossier_fields(self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.dossier, view="@@edit")
        form = browser.find_form_by_field('Reading')
        form.find_widget('Reading').fill('projekt_a')
        form.find_widget('Reading and writing').fill('projekt_b')
        form.find_widget('Dossier manager').fill(self.dossier_manager.getId())
        browser.click_on('Save')

        self.assertEqual(['projekt_a'], IProtectDossier(self.dossier).reading)
        self.assertEqual(['projekt_b'],
                         IProtectDossier(self.dossier).reading_and_writing)
    def test_check_protect_dossier_consistency_returns_error_msg_if_inconsistent(
            self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.protect()
        self.dossier.manage_setLocalRoles(self.regular_user.getId(),
                                          ['DossierManager'])
        view = getMultiAdapter((self.dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertEqual(1, len(json.loads(view()).get('messages')))
Exemplo n.º 10
0
    def test_full_dossier_protection_check(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId(), 'projekt_a']
        dossier_protector.reading_and_writing = [
            self.secretariat_user.getId(), 'projekt_b'
        ]
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assert_local_roles(dossier_protector.READING_ROLES,
                                self.regular_user.getId(), self.dossier)

        self.assert_local_roles(dossier_protector.READING_ROLES, 'projekt_a',
                                self.dossier)

        self.assert_local_roles(dossier_protector.READING_AND_WRITING_ROLES,
                                self.secretariat_user.getId(), self.dossier)

        self.assert_local_roles(dossier_protector.READING_AND_WRITING_ROLES,
                                'projekt_b', self.dossier)

        self.assert_local_roles(dossier_protector.DOSSIER_MANAGER_ROLES,
                                self.dossier_manager.getId(), self.dossier)
Exemplo n.º 11
0
    def check_consistency(self, json_response):
        if IProtectDossier(self.context).check_local_role_consistency():
            return

        json_response.warning(
            _(u'dossier_protection_inconsistency_warning',
              default="The local roles do not match with the current "
              "dossier protection settings. If you save this "
              "form, the local roles will be overridden."))
Exemplo n.º 12
0
    def add(self, object):
        super(DossierAddForm, self).add(object)

        # CUSTOM: Handle dossier protection after successfully adding
        # the dossier. To be able to set the localroles correctly, we need
        # the acquisition wrapped object.
        new_object = self.context.unrestrictedTraverse(object.getId())
        if IProtectDossierMarker.providedBy(new_object):
            IProtectDossier(new_object).protect()
    def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(self):
        self.login(self.dossier_manager)

        RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
            SharingRoleAssignment(self.dossier_responsible.id, ['Reader']))
        RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
            SharingRoleAssignment(
                self.dossier_responsible.id,
                ['Reader', 'Editor', 'Contributor', 'Reviewer',
                 'Publisher', 'DossierManager', 'Owner']))

        dossier_protector = IProtectDossier(self.empty_dossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = [self.dossier_responsible.id]
        dossier_protector.protect()
        view = getMultiAdapter((self.empty_dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertIsNone(json.loads(view()).get('messages'))
Exemplo n.º 14
0
    def applyChanges(self, data):
        changes = super(DossierEditForm, self).applyChanges(data)

        # CUSTOM: Handle dossier protection after editing the dossier.
        # Only update localroles if the user changed one of the IProtectDossier
        # fields
        if changes.get(IProtectDossier):
            IProtectDossier(self.context).protect()

        return changes
Exemplo n.º 15
0
    def test_get_subdossiers_unrestricted_search(self):
        self.login(self.dossier_manager)
        # Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
        self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
        dossier_protector = IProtectDossier(self.subsubdossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = [self.secretariat_user.getId()]
        dossier_protector.protect()
        self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
        self.assertFalse(
            api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
            'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
        )

        with self.login(self.regular_user):
            restricted_subdossiers = self.subdossier.get_subdossiers()
            unrestricted_subdossiers = self.subdossier.get_subdossiers(unrestricted=True)

        self.assertSequenceEqual([], map(self.brain_to_object, restricted_subdossiers))
        self.assertSequenceEqual([self.subsubdossier], map(self.brain_to_object, unrestricted_subdossiers))
Exemplo n.º 16
0
    def test_edit_dossier_will_enable_dossier_protection(self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.dossier, view="@@edit")
        form = browser.find_form_by_field('Reading')
        form.find_widget('Reading').fill(self.regular_user.getId())
        form.find_widget('Dossier manager').fill(self.dossier_manager.getId())
        browser.click_on('Save')

        self.assert_local_roles(
            IProtectDossier(self.dossier).READING_ROLES,
            self.regular_user.getId(), browser.context)
    def test_full_dossier_protection_check(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId(), 'projekt_a']
        dossier_protector.reading_and_writing = [self.secretariat_user.getId(),
                                                 'projekt_b']
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assert_local_roles(
            dossier_protector.READING_ROLES,
            self.regular_user.getId(), self.dossier)

        self.assert_local_roles(
            dossier_protector.READING_ROLES,
            'projekt_a', self.dossier)

        self.assert_local_roles(
            dossier_protector.READING_AND_WRITING_ROLES,
            self.secretariat_user.getId(), self.dossier)

        self.assert_local_roles(
            dossier_protector.READING_AND_WRITING_ROLES,
            'projekt_b', self.dossier)

        self.assert_local_roles(
            dossier_protector.DOSSIER_MANAGER_ROLES,
            self.dossier_manager.getId(), self.dossier)
Exemplo n.º 18
0
    def test_subdossiers_the_user_cannot_view_can_also_block_deactivation(
            self, browser):
        with self.login(self.dossier_manager):
            # Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
            self.assertFalse(
                getattr(self.subsubdossier, '__ac_local_roles_block__', False))
            dossier_protector = IProtectDossier(self.subsubdossier)
            dossier_protector.dossier_manager = self.dossier_manager.getId()
            dossier_protector.reading = [self.secretariat_user.getId()]
            dossier_protector.protect()
            self.assertTrue(
                getattr(self.subsubdossier, '__ac_local_roles_block__', False))
            self.assertFalse(
                api.user.has_permission('View',
                                        user=self.regular_user,
                                        obj=self.subsubdossier),
                'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
            )

            # Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user
            RoleAssignmentManager(self.subdossier).add_or_update_assignment(
                SharingRoleAssignment(self.regular_user.getId(),
                                      ['Reader', 'Contributor', 'Editor']))

        self.login(self.regular_user, browser)
        self.deactivate(self.subdossier, browser)
        expected_msgs = [
            u"The Dossier 2016 contains a subdossier "
            u"which can't be deactivated by the user."
        ]
        self.assert_errors(self.subdossier, browser, expected_msgs)
Exemplo n.º 19
0
    def test_protect_dossier_wont_exclude_current_logged_in_user(self):
        self.login(self.dossier_manager)

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assert_local_roles(
            IProtectDossier(self.dossier).DOSSIER_MANAGER_ROLES,
            self.dossier_manager.getId(), self.dossier)
Exemplo n.º 20
0
    def test_add_dossier_will_enable_dossier_protection(self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.leaf_repofolder)
        factoriesmenu.add(u'Business Case Dossier')
        browser.fill({'Title': 'My Dossier'})
        form = browser.find_form_by_field('Reading')
        form.find_widget('Reading').fill(self.regular_user.getId())
        browser.click_on('Save')

        self.assert_local_roles(
            IProtectDossier(self.dossier).READING_ROLES,
            self.regular_user.getId(), browser.context)
Exemplo n.º 21
0
    def test_protect_dossier_will_disable_role_inheritance(self):
        self.login(self.dossier_manager)

        self.assertFalse(
            getattr(self.dossier, '__ac_local_roles_block__', False))

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = ['kathi.barfuss']
        dossier_protector.protect()

        self.assertTrue(
            getattr(self.dossier, '__ac_local_roles_block__', False))

        dossier_protector.reading = []
        dossier_protector.protect()

        self.assertFalse(
            getattr(self.dossier, '__ac_local_roles_block__', False))
Exemplo n.º 22
0
    def test_subdossiers_the_user_cannot_view_can_also_block_deactivation(self, browser):
        with self.login(self.dossier_manager):
            # Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
            self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
            dossier_protector = IProtectDossier(self.subsubdossier)
            dossier_protector.dossier_manager = self.dossier_manager.getId()
            dossier_protector.reading = [self.secretariat_user.getId()]
            dossier_protector.protect()
            self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
            self.assertFalse(
                api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
                'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
            )

            # Grant self.regular_user 'Editor' on self.subdossier so the action to deactivate is presented to the user
            RoleAssignmentManager(self.subdossier).add_or_update_assignment(
                SharingRoleAssignment(self.regular_user.getId(), ['Reader', 'Contributor', 'Editor']))

        self.login(self.regular_user, browser)
        self.deactivate(self.subdossier, browser)
        expected_msgs = [u"The Dossier 2016 contains a subdossier "
                         u"which can't be deactivated by the user."]
        self.assert_errors(self.subdossier, browser, expected_msgs)
    def test_protect_dossier_will_disable_role_inheritance(self):
        self.login(self.dossier_manager)

        self.assertFalse(getattr(self.dossier, '__ac_local_roles_block__', False))

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = ['kathi.barfuss']
        dossier_protector.protect()

        self.assertTrue(getattr(self.dossier, '__ac_local_roles_block__', False))

        dossier_protector.reading = []
        dossier_protector.protect()

        self.assertFalse(getattr(self.dossier, '__ac_local_roles_block__', False))
Exemplo n.º 24
0
    def test_user_without_field_permission_doesnt_get_added_as_dossier_manager_by_default(
            self, browser):
        """The current user must only be set as dossier_manager if they have
        the write permission for the dossier_manager field. Our regular_user,
        which doesn't have it, should not end up as dossier_manager after
        saving.
        """
        self.login(self.regular_user, browser)

        browser.open(self.leaf_repofolder)
        factoriesmenu.add(u'Business Case Dossier')

        browser.fill({'Title': 'My Dossier'})
        browser.click_on('Save')

        self.assertEqual(None,
                         IProtectDossier(browser.context).dossier_manager)
Exemplo n.º 25
0
    def test_current_user_is_default_dossier_manager(self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.leaf_repofolder)
        factoriesmenu.add(u'Business Case Dossier')
        field = browser.find('Dossier manager')
        selected_option = filter(lambda x: x.attrib.get('selected'),
                                 field.css('option'))[0]

        self.assertEqual(u'Fr\xfchling F\xe4ivel (faivel.fruhling)',
                         selected_option.text)

        browser.fill({'Title': 'My Dossier'})
        browser.click_on('Save')

        self.assertEqual(self.dossier_manager.getId(),
                         IProtectDossier(browser.context).dossier_manager)
    def test_reindex_object_security_on_dossier(self):
        self.login(self.dossier_manager)

        self.assertItemsEqual([
            'Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
            'user:fa_users', 'user:{}'.format(self.regular_user.getId())
        ], self.get_allowed_roles_and_users_for(self.dossier))

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.reading_and_writing = []
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assertItemsEqual([
            'Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
            'user:{}'.format(self.dossier_manager.getId()), 'user:{}'.format(
                self.regular_user.getId())
        ], self.get_allowed_roles_and_users_for(self.dossier))
Exemplo n.º 27
0
    def test_prefilled_dossier_manager_can_be_removed(self, browser):
        self.login(self.dossier_manager, browser)

        browser.open(self.leaf_repofolder)
        factoriesmenu.add(u'Business Case Dossier')
        browser.fill({'Title': 'My Dossier'})
        form = browser.find_form_by_field('Reading')

        # Guard assertion - make sure the widget's value has been prefilled
        dossier_manager_widget = form.find_widget('Dossier manager')
        select = dossier_manager_widget.xpath('select').first
        self.assertEqual('faivel.fruhling', select.value)

        # Reset the widget's value
        dossier_manager_widget.fill('')

        browser.click_on('Save')
        new_dossier = browser.context

        # No dossier manager should have been saved
        self.assertIsNone(IProtectDossier(new_dossier).dossier_manager)
    def test_reindex_object_security_on_dossier(self):
        self.login(self.dossier_manager)

        self.assertItemsEqual(
            ['Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
             'user:fa_users', 'user:{}'.format(self.regular_user.getId())],
            self.get_allowed_roles_and_users_for(self.dossier))

        dossier_protector = IProtectDossier(self.dossier)
        dossier_protector.reading = [self.regular_user.getId()]
        dossier_protector.reading_and_writing = []
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.protect()

        self.assertItemsEqual(
            ['Administrator', 'Contributor', 'Editor', 'Manager', 'Reader',
             'user:{}'.format(self.dossier_manager.getId()),
             'user:{}'.format(self.regular_user.getId())],
            self.get_allowed_roles_and_users_for(self.dossier))
Exemplo n.º 29
0
    def test_check_protect_dossier_consistency_returns_no_messages_if_no_inconsistency(
            self):
        self.login(self.dossier_manager)

        RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
            SharingRoleAssignment(self.dossier_responsible.id, ['Reader']))
        RoleAssignmentManager(self.empty_dossier).add_or_update_assignment(
            SharingRoleAssignment(self.dossier_responsible.id, [
                'Reader', 'Editor', 'Contributor', 'Reviewer', 'Publisher',
                'DossierManager', 'Owner'
            ]))

        dossier_protector = IProtectDossier(self.empty_dossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = [self.dossier_responsible.id]
        dossier_protector.protect()
        view = getMultiAdapter((self.empty_dossier, self.request),
                               name="check_protect_dossier_consistency")

        self.assertIsNone(json.loads(view()).get('messages'))
Exemplo n.º 30
0
    def test_get_subdossiers_unrestricted_search(self):
        self.login(self.dossier_manager)
        # Protect self.subsubdossier so it cannot be seen by an 'Editor' of self.subdossier
        self.assertFalse(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
        dossier_protector = IProtectDossier(self.subsubdossier)
        dossier_protector.dossier_manager = self.dossier_manager.getId()
        dossier_protector.reading = [self.secretariat_user.getId()]
        dossier_protector.protect()
        self.assertTrue(getattr(self.subsubdossier, '__ac_local_roles_block__', False))
        self.assertFalse(
            api.user.has_permission('View', user=self.regular_user, obj=self.subsubdossier),
            'This test does not actually test what it says on the tin, if self.regular_user can see self.subsubdossier.',
        )

        with self.login(self.regular_user):
            restricted_subdossiers = self.subdossier.get_subdossiers()
            unrestricted_subdossiers = self.subdossier.get_subdossiers(unrestricted=True)

        self.assertSequenceEqual([], map(self.brain_to_object, restricted_subdossiers))
        self.assertSequenceEqual([self.subsubdossier], map(self.brain_to_object, unrestricted_subdossiers))