def test_cant_create_adhoc_when_no_access_to_meeting_dossier(self, browser):
        self.login(self.committee_responsible, browser)
        browser.open(self.meeting, view='agenda_items/schedule_text',
                     data={'title': u'Fail',
                           '_authenticator': createToken()})
        self.assertEquals(
            {u'messages': [
                {u'messageTitle': u'Information',
                 u'message': u'Text successfully added.',
                 u'messageClass': u'info'}],
             u'proceed': True},
            browser.json)

        with self.login(self.administrator):
            # Let committee_responsible have no access to meeting_dossier
            self.meeting_dossier.__ac_local_roles_block__ = True
            self.meeting_dossier.reindexObjectSecurity()

        self.login(self.committee_responsible, browser)
        with browser.expect_http_error(code=403):
            browser.open(self.meeting, view='agenda_items/schedule_text',
                         data={'title': u'Fail',
                               '_authenticator': createToken()})
            self.assertEquals(
                {u'messages': [
                    {u'messageTitle': u'Error',
                     u'message': u'Insufficient privileges to add a document '
                                  'to the meeting dossier.',
                     u'messageClass': u'error'}]},
                browser.json)
    def test_reopening_creates_history_entry(self, browser):
        self.submit_proposal()
        transaction.commit()
        browser.login().open(
            self.meeting.get_url(view='unscheduled_proposals/1/schedule'))
        browser.open(self.meeting.get_url(view='agenda_items/1/decide'),
                     data={'_authenticator': createToken()})
        browser.open(self.meeting.get_url(view='agenda_items/1/reopen'),
                     data={'_authenticator': createToken()})

        self.assert_proposal_history_records(
            u'Proposal reopened by Test User (test_user_1_)',
            with_submitted=True)
Exemplo n.º 3
0
    def test_can_only_add_invitations_with_Workspace_related_roles(self, browser):
        self.login(self.workspace_admin, browser=browser)
        with browser.expect_http_error(403):
            browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                         data={'userid': self.regular_user.getId(),
                               'role': 'Reader',
                               '_authenticator': createToken()})

        with browser.expect_http_error(500):
            browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                         data={'userid': self.regular_user.getId(),
                               'role': 'Site Administrator',
                               '_authenticator': createToken()})
Exemplo n.º 4
0
    def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well(self, browser):
        self.login(self.committee_responsible, browser)
        agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus')
        agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux')

        browser.open(self.agenda_item_url(agenda_item_1, 'decide'),
                     data={'_authenticator': createToken()})
        self.assertEquals(self.meeting.absolute_url(),
                          browser.json.get('redirectUrl'))

        browser.open(self.agenda_item_url(agenda_item_2, 'decide'),
                     data={'_authenticator': createToken()})
        self.assertEquals(None, browser.json.get('redirectUrl'))
    def test_can_only_add_invitations_with_Workspace_related_roles(self, browser):
        self.login(self.workspace_admin, browser=browser)
        with browser.expect_http_error(403):
            browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                         data={'userid': self.regular_user.getId(),
                               'role': 'Reader',
                               '_authenticator': createToken()})

        with browser.expect_http_error(500):
            browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                         data={'userid': self.regular_user.getId(),
                               'role': 'Site Administrator',
                               '_authenticator': createToken()})
    def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well(
            self, browser):
        self.login(self.committee_responsible, browser)
        agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus')
        agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux')

        browser.open(self.agenda_item_url(agenda_item_1, 'decide'),
                     data={'_authenticator': createToken()})
        self.assertEquals(self.meeting.absolute_url(),
                          browser.json.get('redirectUrl'))

        browser.open(self.agenda_item_url(agenda_item_2, 'decide'),
                     data={'_authenticator': createToken()})
        self.assertEquals(None, browser.json.get('redirectUrl'))
Exemplo n.º 7
0
    def test_revising_creates_history_entry(self, browser):
        self.submit_proposal()
        transaction.commit()
        browser.login().open(
            self.meeting.get_url(view='unscheduled_proposals/1/schedule'))
        browser.open(self.meeting.get_url(view='agenda_items/1/decide'),
                     data={'_authenticator': createToken()})
        browser.open(self.meeting.get_url(view='agenda_items/1/reopen'),
                     data={'_authenticator': createToken()})
        browser.open(self.meeting.get_url(view='agenda_items/1/revise'),
                     data={'_authenticator': createToken()})

        self.open_overview(browser)
        self.assertEqual(u'Proposal revised by Test User (test_user_1_)',
                         self.get_latest_history_entry_text(browser))
    def test_cannot_accept_invalid_invitation(self, browser):
        self.login(self.regular_user, browser=browser)

        with browser.expect_http_error(503):
            browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
                         data={'iid': 'someinvalidiid',
                               '_authenticator': createToken()})
Exemplo n.º 9
0
    def test_decide_agenda_item_creates_locked_excerpt_in_dossier(self, browser):
        self.setup_excerpt_template()
        proposal = self.setup_proposal()
        # schedule
        view = 'unscheduled_proposals/{}/schedule'.format(
            proposal.load_model().proposal_id)

        browser.login().open(self.meeting_wrapper, view=view)
        agenda_item = AgendaItem.query.first()
        browser.login().open(
            self.meeting_wrapper,
            view='agenda_items/{}/decide'.format(agenda_item.agenda_item_id),
            data={'_authenticator': createToken()})

        agenda_item = AgendaItem.query.first()  # refresh
        proposal = agenda_item.proposal
        excerpt_in_dossier = proposal.excerpt_document.resolve_document()
        lockable = ILockable(excerpt_in_dossier)
        self.assertTrue(lockable.locked())
        self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK))

        browser.open(excerpt_in_dossier)
        self.assertEqual(u'This document is a copy of the excerpt Fooo - '
                         u'C\xf6mmunity meeting from the meeting C\xf6mmunity '
                         u'meeting and cannot be edited directly.',
                         info_messages()[0])
        message_links = browser.css('.portalMessage.info a')
        self.assertEqual(
            'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3',
            message_links[0].get('href'))
        self.assertEqual(
            'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view',
            message_links[1].get('href'))
Exemplo n.º 10
0
    def test_document_status_json(self):
        site_id = api.portal.get().id
        path_segments = [
            s for s in self.document.getPhysicalPath() if s != site_id
        ]
        document_path = '/'.join(path_segments)
        response = self.api.get(document_path + '/status').json()

        self.assertIn('int_id', response)
        self.assertEqual(
            getUtility(IIntIds).getId(self.document), response['int_id'])

        self.assertIn('title', response)
        self.assertEqual(self.document.title_or_id(), response['title'])

        self.assertIn('checked_out', response)
        self.assertEqual(False, response['checked_out'])

        self.assertIn('checked_out_by', response)
        self.assertEqual(None, response['checked_out_by'])

        # Check out the document
        self.api.headers.update({'Accept': 'text/html'})
        self.api.get(document_path + '/@@checkout_documents' +
                     '?_authenticator={}'.format(createToken()))

        self.api.headers.update({'Accept': 'application/json'})
        response = self.api.get(document_path + '/status').json()

        self.assertIn('checked_out', response)
        self.assertEqual(True, response['checked_out'])

        self.assertIn('checked_out_by', response)
        self.assertEqual(TEST_USER_ID, response['checked_out_by'])
Exemplo n.º 11
0
 def test_can_only_add_invitations_with_the_right_permission(self, browser):
     self.login(self.workspace_member, browser=browser)
     with browser.expect_http_error(400):
         browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                      data={'userid': self.regular_user.getId(),
                            'role': 'WorkspaceAdmin',
                            '_authenticator': createToken()})
Exemplo n.º 12
0
    def test_add_invitiation(self, browser):
        self.login(self.workspace_admin, browser=browser)
        browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                     data={'userid': self.regular_user.getId(),
                           'role': 'WorkspaceGuest',
                           '_authenticator': createToken()})

        invitations = tuple(self.storage.iter_invitions_for_context(self.workspace))
        self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.')

        invitations_in_response = filter(
            lambda entry: entry['type_'] == 'invitation',
            browser.json)

        self.assertEquals(1, len(invitations_in_response),
                          'Expect one invitation in response')

        self.assertDictEqual(
            {u'can_manage': True,
             u'token': invitations[0]['iid'],
             u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)',
             u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)',
             u'roles': [u'WorkspaceGuest'],
             u'type_': u'invitation',
             u'userid': u'kathi.barfuss'},
            invitations_in_response[0])
Exemplo n.º 13
0
    def test_repository_folder(self, browser):
        self.grant('Manager')

        browser.login().open()
        factoriesmenu.add('RepositoryRoot')
        browser.fill({'Title': 'Registraturplan'}).save()
        self.assertEquals(('tabbed_view', 'opengever-repository-repositoryroot'),
                          plone.view_and_portal_type())
        registraturplan = browser.context

        # This will cause a WRITE to registraturplan the first time it is accessed.
        browser.open(registraturplan, view='++add++opengever.repository.repositoryfolder',
                     data={'_authenticator': createToken()})
        browser.fill({'Title': 'Accounting'}).save()
        self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'),
                          plone.view_and_portal_type())
        accounting = browser.context
        self.assertEquals(u'1', IReferenceNumberPrefix(accounting).reference_number_prefix)
        self.assertEquals(('test_user_1_',), accounting.listCreators())

        browser.open(registraturplan)
        factoriesmenu.add('RepositoryFolder')
        browser.fill({'Title': 'Custody'}).save()
        self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'),
                          plone.view_and_portal_type())
        custody = browser.context
        self.assertEquals(u'2', IReferenceNumberPrefix(custody).reference_number_prefix)
Exemplo n.º 14
0
    def test_update_appraisal_for_multiple_dossiers_via_update_view(self, browser):
        repository2 = create(Builder('repository').within(self.root))
        dossier3 = create(Builder('dossier')
                          .having(archival_value=ARCHIVAL_VALUE_SAMPLING)
                          .as_expired()
                          .within(repository2))
        dossier4 = create(Builder('dossier')
                          .having(archival_value=ARCHIVAL_VALUE_SAMPLING)
                          .as_expired()
                          .within(repository2))
        disposition = create(Builder('disposition')
                             .within(self.root)
                             .having(dossiers=[self.dossier1, self.dossier2,
                                               dossier3, dossier4]))

        intids = getUtility(IIntIds)
        dossier_ids = [intids.getId(self.dossier1),
                       intids.getId(dossier3),
                       intids.getId(dossier4)]
        browser.login().open(disposition, view='update_appraisal_view',
                             data={'_authenticator': createToken(),
                                   'dossier-ids': json.dumps(dossier_ids),
                                   'should_be_archived': json.dumps(True)})

        self.assertTrue(IAppraisal(disposition).get(self.dossier1))
        self.assertTrue(IAppraisal(disposition).get(dossier3))
        self.assertTrue(IAppraisal(disposition).get(dossier4))
Exemplo n.º 15
0
    def get_base_payloads(self):
        # Require an authenticated user
        if not api.user.is_anonymous():
            documents = []

            for uuid in self.uuids:
                document = api.content.get(UID=uuid)

                if self.document_is_valid(document):
                    documents.append(document)

        else:
            # Fail per default
            raise Forbidden

        if documents:
            payloads = []

            for document in documents:
                payloads.append({
                    'csrf-token': createToken(),
                    'document-url': document.absolute_url(),
                    'document': document,
                })

            return payloads

        # Fail per default
        raise NotFound
Exemplo n.º 16
0
    def test_multi_checkin_does_not_checkin_locked_documents(self, browser):
        self.login(self.regular_user, browser)

        browser.open(self.document, view='tabbedview_view-overview')
        browser.find('Checkout and edit').click()

        browser.open(self.subdocument, view='tabbedview_view-overview')
        browser.find('Checkout and edit').click()

        lockable = IRefreshableLockable(self.document)
        lockable.lock()

        browser.open(
            self.dossier,
            method='POST',
            data={
                'paths': [
                    obj2brain(self.document).getPath(),
                    obj2brain(self.subdocument).getPath(),
                    ],
                'checkin_without_comment:method': 1,
                '_authenticator': createToken(),
                },
            )

        manager = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals('kathi.barfuss', manager.get_checked_out_by())

        manager = getMultiAdapter((self.subdocument, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals(None, manager.get_checked_out_by())

        self.assertEquals([u'Could not check in document Vertr\xe4gsentwurf'],
                          error_messages())
Exemplo n.º 17
0
    def test_officeconnector_reauth_does_not_checkout(self, browser):
        api.portal.set_registry_record(
            'direct_checkout_and_edit_enabled',
            True,
            interface=IOfficeConnectorSettings)
        transaction.commit()

        # We cannot freeze time due to the test browser being threaded
        oc_url = create_oc_url(
            self.doc1.REQUEST, self.doc1, {'action': 'checkout'})
        decoded_oc_url = jwt.decode(
            oc_url.split(':')[-1], verify=False, algorithms=('HS256',))

        redirector_js = browser.login().open(
            self.doc1,
            view='checkout_documents'
            '?_authenticator={}&mode=external&reauth=1'
            .format(createToken()),
            ).css('script.redirector')[0].text

        tokens_from_js = [token for token in redirector_js.split("\'")
                          if 'oc:' in token]

        self.assertEqual(3, len(tokens_from_js))

        parsed_oc_url = tokens_from_js[0]
        decoded_parsed_oc_url = jwt.decode(
            parsed_oc_url.split(':')[-1], verify=False, algorithms=('HS256',))

        # Take out the timestamps
        del decoded_oc_url['exp']
        del decoded_parsed_oc_url['exp']

        self.assertEqual(decoded_oc_url, decoded_parsed_oc_url)
        self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
Exemplo n.º 18
0
    def test_cannot_accept_invalid_invitation(self, browser):
        self.login(self.regular_user, browser=browser)

        with browser.expect_http_error(400):
            browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
                         data={'iid': 'someinvalidiid',
                               '_authenticator': createToken()})
Exemplo n.º 19
0
    def test_cancel_checkouts_action_needs_confirmation(self, browser):
        self.login(self.regular_user, browser=browser)
        manager = getMultiAdapter((self.document, self.request),
                                  ICheckinCheckoutManager)

        manager.checkout()
        browser.open(self.dossier, view="tabbedview_view-documents-proxy")
        self.assertEqual('cancel_documents_checkout_confirmation:method',
                         browser.find("Cancel").get("href"))

        paths = [
            self.document.absolute_url_path(),
            self.subdocument.absolute_url_path()
        ]
        browser.open(
            self.dossier,
            {
                'paths': paths,
                '_authenticator': createToken()
            },
            view='cancel_documents_checkout_confirmation',
        )
        self.assertEqual('kathi.barfuss', manager.get_checked_out_by())
        browser.click_on("Cancel checkout")
        self.assertEqual(None, manager.get_checked_out_by())
Exemplo n.º 20
0
    def test_multi_checkin_from_tabbedview_with_comment(self, browser):
        document2 = create(Builder("document")
                           .checked_out()
                           .within(self.dossier))

        browser.login().open(
            self.dossier,
            data={'paths': [obj2brain(self.document).getPath(),
                            obj2brain(document2).getPath()],
                  'checkin_documents:method': 1,
                  '_authenticator': createToken()})

        # fill and submit checkin form
        browser.fill({
            'Journal Comment Describe, why you checkin the selected documents':
            'Checkini'
            })
        browser.css('#form-buttons-button_checkin').first.click()

        manager1 = getMultiAdapter((self.document, self.portal.REQUEST),
                                   ICheckinCheckoutManager)
        self.assertEquals(None, manager1.get_checked_out_by())
        manager2 = getMultiAdapter((document2, self.portal.REQUEST),
                                   ICheckinCheckoutManager)
        self.assertEquals(None, manager2.get_checked_out_by())

        # check last history entry to verify the checkin
        repository_tool = getToolByName(document2, 'portal_repository')
        history = repository_tool.getHistory(document2)
        last_entry = repository_tool.retrieve(document2, len(history)-1)
        self.assertEquals('Checkini', last_entry.comment)
Exemplo n.º 21
0
    def test_error_when_untrashing_removed_document(self, browser):
        self.login(self.manager, browser=browser)

        data = self.make_path_param(self.empty_document)
        data['_authenticator'] = createToken()

        self.trash_documents(self.empty_document)
        Remover([self.empty_document]).remove()

        # Removed document cannot be untrashed
        browser.open(self.empty_dossier, view="untrashed", data=data)

        self.assertTrue(ITrashed.providedBy(self.empty_document))
        self.assertEquals(
            [u'Untrashing {} is forbidden'.format(self.empty_document.title)],
            error_messages())

        # When restored, document can be untrashed
        api.content.transition(
            obj=self.empty_document,
            transition=self.empty_document.restore_transition)

        self.assertEqual(self.empty_document.active_state,
                         api.content.get_state(self.empty_document))

        browser.open(self.empty_dossier, view="untrashed", data=data)
        self.assertFalse(ITrashed.providedBy(self.empty_document))
    def test_only_expired_dossiers_can_be_added(self, browser):
        self.login(self.records_manager, browser)

        data = {
            'paths:list': obj2paths([self.expired_dossier]),
            '_authenticator': createToken()
        }

        self.assertEqual(date(2000, 12, 31),
                         IDossier(self.expired_dossier).end)

        with freeze(datetime(2001, 1, 1)):
            browser.open(self.repository_root,
                         view='++add++opengever.disposition.disposition',
                         data=data)

            browser.find('Save').click()

            self.assertEquals(['There were some errors.'], error_messages())
            self.assertEquals([
                'The retention period of the selected dossiers is not expired.'
            ],
                              browser.css('.fieldErrorBox .error').text)

        with freeze(datetime(2021, 1, 1)):
            browser.open(self.repository_root,
                         view='++add++opengever.disposition.disposition',
                         data=data)

            browser.find('Save').click()

            self.assertEquals([], error_messages())
            self.assertEquals(['Item created'], info_messages())
Exemplo n.º 23
0
    def test_cant_create_adhoc_when_no_access_to_meeting_dossier(
            self, browser):
        with self.login(self.administrator):
            # Let committee_responsible have no access to meeting_dossier
            self.meeting_dossier.__ac_local_roles_block__ = True
            self.meeting_dossier.reindexObjectSecurity()

        self.login(self.committee_responsible, browser)
        browser.open(self.meeting,
                     view='agenda_items/schedule_text',
                     data={
                         'title': u'Fail',
                         '_authenticator': createToken()
                     })
        self.assertEquals(
            {
                u'messages':
                [{
                    u'messageTitle': u'Error',
                    u'message': u'Insufficient privileges to add a document '
                    'to the meeting dossier.',
                    u'messageClass': u'error'
                }],
                u'proceed':
                False
            }, browser.json)
Exemplo n.º 24
0
    def test_only_expired_dossiers_can_be_added(self, browser):
        self.login(self.records_manager, browser)

        data = {'paths:list': obj2paths([self.expired_dossier]),
                '_authenticator': createToken()}

        self.assertEqual(date(2000, 12, 31), IDossier(self.expired_dossier).end)

        with freeze(datetime(2001, 1, 1)):
            browser.open(self.repository_root,
                         view='++add++opengever.disposition.disposition',
                         data=data)

            browser.find('Save').click()

            self.assertEquals(['There were some errors.'], error_messages())
            self.assertEquals(
                ['The retention period of the selected dossiers is not expired.'],
                browser.css('.fieldErrorBox .error').text)

        with freeze(datetime(2021, 1, 1)):
            browser.open(self.repository_root,
                         view='++add++opengever.disposition.disposition',
                         data=data)

            browser.find('Save').click()

            self.assertEquals([], error_messages())
            self.assertEquals(['Item created'], info_messages())
Exemplo n.º 25
0
    def test_execute(self):
        from Acquisition import Implicit
        from Testing.makerequest import makerequest
        from plone.app.z3cform.csrf import AuthenticatedButtonActions
        from plone.protect import createToken

        class DummyForm(object):
            enableCSRFProtection = True

        class DummyAction(object):
            def isExecuted(self):
                return True

            def execute(self):
                self.called = True

        form = DummyForm()
        request = makerequest(Implicit()).REQUEST
        request.form['_authenticator'] = createToken()
        actions = AuthenticatedButtonActions(form, request, None)
        actions._data['foo'] = action = DummyAction()
        actions._data_keys = ['foo']
        actions._data_values = [action]

        actions.execute()
Exemplo n.º 26
0
 def publish(self, path, basic=None, env=None, extra=None, request_method="GET", stdin=None, handle_errors=True):
     """ Override publish method using zope.testbrowser with CSFR protection
     """
     if not extra:
         extra = {}
     extra["_authenticator"] = createToken()
     return ATTestCase.publish(self, path, basic, env, extra, request_method, stdin, handle_errors)
    def test_update_paragraph_order(self, browser):
        self.login(self.dossier_responsible, browser=browser)

        self.assertEquals(
            ['paragraphtemplate-1',
             'paragraphtemplate-2',
             'paragraphtemplate-3'],
            self.meeting_template.objectIds())
        for item in self.meeting_template.objectIds():
            self.assertIsInstance(item, str)

        new_order = ['paragraphtemplate-2',
                     'paragraphtemplate-1',
                     'paragraphtemplate-3']

        browser.open(self.meeting_template,
                     view='update_content_order',
                     data={
                         'sortOrder': json.dumps(new_order),
                         '_authenticator': createToken(),
                     })
        statusmessages.assert_no_error_messages()

        self.assertEquals(
            new_order,
            [paragraph.getId() for paragraph in self.meeting_template.get_paragraphs()])
        for item in self.meeting_template.objectIds():
            self.assertIsInstance(item, str)
Exemplo n.º 28
0
    def get_base_payloads(self):
        # Require an authenticated user
        if not api.user.is_anonymous():
            documents = OrderedDict()

            for uuid in self.uuids:
                document = api.content.get(UID=uuid)

                if self.document_is_valid(document):
                    documents[uuid] = document

        else:
            # Fail per default
            raise Forbidden

        if documents:
            payloads = []

            for uuid, document in documents.items():
                payloads.append(
                    {
                        'csrf-token': createToken(),
                        'document-url': document.absolute_url(),
                        'document': document,
                        'uuid': uuid,
                        }
                    )

            return payloads

        # Fail per default
        raise NotFound
Exemplo n.º 29
0
    def test_dossier_save_comments_endpoint(self, browser):
        payload = '{"comments": "New comment"}'
        browser.login().visit(self.dossier)

        browser.visit(self.dossier,
                      view='save_comments',
                      data={
                          'data': payload,
                          '_authenticator': createToken()
                      })

        dossier_data = IDossier(self.dossier)
        self.assertEquals("New comment", dossier_data.comments)

        browser.exception_bubbling = True
        with self.assertRaises(KeyError):
            payload = '{"invalidkey": "New comment"}'
            browser.login().visit(self.dossier,
                                  view='save_comments',
                                  data={'data': payload})

        query = {'SearchableText': 'New comment'}
        result = self.portal.portal_catalog(**query)
        self.assertEquals(1, len(result), 'Expect one result')
        self.assertEquals(self.dossier, result[0].getObject())
Exemplo n.º 30
0
    def test_sets_end_date_to_current_date(self, browser):
        with freeze(datetime(2016, 3, 29)):
            browser.login().open(self.dossier,
                                 view='transition-deactivate',
                                 data={'_authenticator': createToken()})

        self.assertEqual(date(2016, 3, 29), IDossier(self.dossier).end)
Exemplo n.º 31
0
    def test_error_for_untrashable_documents(self, browser):
        trashable = create(
            Builder('document').within(
                self.dossier).titled(u'Trashable document'))
        untrashable = create(
            Builder('document').within(
                self.dossier).titled(u'Untrashable document'))
        # Remove trash permission from all users.
        Permission('opengever.trash: Trash content', [], untrashable).setRoles(
            ())
        transaction.commit()

        data = {
            'paths:list': [
                '/'.join(trashable.getPhysicalPath()),
                '/'.join(untrashable.getPhysicalPath())
            ],
            '_authenticator':
            createToken()
        }
        browser.login().open(self.dossier, view="trashed", data=data)

        self.assertEquals([u'the object Trashable document trashed'],
                          info_messages())
        self.assertEquals([u'Trashing Untrashable document is forbidden'],
                          error_messages())
        self.assertEquals('http://nohost/plone/dossier-1#documents',
                          browser.url)
Exemplo n.º 32
0
    def test_error_when_untrashing_removed_document(self, browser):
        self.login(self.manager, browser=browser)

        data = self.make_path_param(self.empty_document)
        data['_authenticator'] = createToken()

        self.trash_documents(self.empty_document)
        Remover([self.empty_document]).remove()

        # Removed document cannot be untrashed
        browser.open(self.empty_dossier, view="untrashed", data=data)

        self.assertTrue(ITrashed.providedBy(self.empty_document))
        self.assertEquals(
            [u'Untrashing {} is forbidden'.format(self.empty_document.title)],
            error_messages())

        # When restored, document can be untrashed
        api.content.transition(
            obj=self.empty_document,
            transition=self.empty_document.restore_transition)

        self.assertEqual(self.empty_document.active_state,
                         api.content.get_state(self.empty_document))

        browser.open(self.empty_dossier, view="untrashed", data=data)
        self.assertFalse(ITrashed.providedBy(self.empty_document))
Exemplo n.º 33
0
    def test_proposal_is_decided_only_when_excerpt_is_returned(self, browser):
        self.login(self.committee_responsible, browser)
        self.assertEqual(Proposal.STATE_SUBMITTED,
                         self.submitted_proposal.get_state())

        agenda_item = self.schedule_proposal(self.meeting,
                                             self.submitted_proposal)
        self.assertEqual(Proposal.STATE_SCHEDULED,
                         self.submitted_proposal.get_state())

        browser.open(self.agenda_item_url(agenda_item, 'decide'),
                     data={'_authenticator': createToken()})
        self.assertEqual(Proposal.STATE_SCHEDULED,
                         self.submitted_proposal.get_state())

        browser.open(self.meeting, view='agenda_items/list')
        generate_excerpt_link = browser.json['items'][0][
            'generate_excerpt_link']
        browser.open(generate_excerpt_link,
                     send_authenticator=True,
                     data={'excerpt_title': 'Excerption \xc3\x84nderungen'})
        self.assertEqual(Proposal.STATE_SCHEDULED,
                         self.submitted_proposal.get_state())

        browser.open(self.meeting, view='agenda_items/list')
        return_excerpt_link = browser.json[u"items"][0]['excerpts'][0][
            'return_link']
        browser.open(return_excerpt_link, send_authenticator=True)
        self.assertEqual(Proposal.STATE_DECIDED,
                         self.submitted_proposal.get_state())
Exemplo n.º 34
0
    def get_base_payloads(self):
        # Require an authenticated user
        if api.user.is_anonymous():
            raise Forbidden

        documents = []
        for uuid in self.uuids:
            document = api.content.get(UID=uuid)
            if document and document.has_file():
                documents.append(document)

        if not documents:
            raise NotFound

        payloads = []
        for document in documents:
            payloads.append({
                'content-type': document.get_file().contentType,
                'csrf-token': createToken(),
                'document-url': document.absolute_url(),
                'document': document,
                'download': document.get_download_view_name(),
                'filename': document.get_filename(),
            })

        return payloads
Exemplo n.º 35
0
    def test_multi_checkin_does_not_checkin_locked_documents(self, browser):
        self.login(self.regular_user, browser)

        browser.open(self.document, view='tabbedview_view-overview')
        browser.find('Checkout and edit').click()

        browser.open(self.subdocument, view='tabbedview_view-overview')
        browser.find('Checkout and edit').click()

        lockable = IRefreshableLockable(self.document)
        lockable.lock()

        browser.open(
            self.dossier,
            method='POST',
            data={
                'paths': [
                    obj2brain(self.document).getPath(),
                    obj2brain(self.subdocument).getPath(),
                    ],
                'checkin_without_comment:method': 1,
                '_authenticator': createToken(),
                },
            )

        manager = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals('kathi.barfuss', manager.get_checked_out_by())

        manager = getMultiAdapter((self.subdocument, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals(None, manager.get_checked_out_by())

        self.assertEquals([u'Could not check in document Vertr\xe4gsentwurf'],
                          error_messages())
Exemplo n.º 36
0
    def test_deleted_workspace_member_is_removed_as_watcher_from_all_todos(
            self, browser):
        self.login(self.workspace_admin, browser=browser)
        self.center.add_watcher_to_resource(self.todo,
                                            self.workspace_member.getId(),
                                            WORKSPACE_MEMBER_ROLE)

        watcher = self.center.fetch_watcher(self.workspace_member.getId())
        subscriptions = watcher.subscriptions
        self.assertEqual(2, len(subscriptions))
        expected = [(TODO_RESPONSIBLE_ROLE, self.assigned_todo),
                    (WORKSPACE_MEMBER_ROLE, self.todo)]
        actual = [(subscription.role,
                   subscription.resource.oguid.resolve_object())
                  for subscription in subscriptions]
        self.assertItemsEqual(expected, actual)

        browser.open(self.workspace.absolute_url() +
                     '/manage-participants/delete',
                     data={
                         'token': self.workspace_member.getId(),
                         'type': 'user',
                         '_authenticator': createToken()
                     })

        self.center.session.refresh(watcher)
        self.assertEqual([], watcher.subscriptions)
    def test_add_invitiation(self, browser):
        self.login(self.workspace_admin, browser=browser)
        browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                     data={'userid': self.regular_user.getId(),
                           'role': 'WorkspaceGuest',
                           '_authenticator': createToken()})

        invitations = tuple(self.storage.iter_invitions_for_context(self.workspace))
        self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.')

        invitations_in_response = filter(
            lambda entry: entry['type_'] == 'invitation',
            browser.json)

        self.assertEquals(1, len(invitations_in_response),
                          'Expect one invitation in response')

        self.assertDictEqual(
            {u'can_manage': True,
             u'token': invitations[0]['iid'],
             u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)',
             u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)',
             u'roles': [u'WorkspaceGuest'],
             u'type_': u'invitation'},
            invitations_in_response[0])
    def test_export(self):
        view.addViewTemplate('simple_test_type')
        default_script.addDefaultScript('simple_test_type',
                                        'test_string_field')
        default_script.addDefaultScript('simple_test_type',
                                        'test_integer_field')
        validator_script.addValidatorScript('simple_test_type',
                                            'test_string_field')
        vocabulary_script.addVocabularyScript('simple_test_type',
                                              'test_choice_field')

        request = self.layer['request']
        form = request.form
        form['_authenticator'] = createToken()
        form['ctype'] = 'simple_test_type'

        export_view = self.portal.unrestrictedTraverse(
            '@@ambidexterity-export')
        rez = export_view()

        # check headers
        headers = request.response.headers
        self.assertEqual(headers['content-type'], 'application/zip')
        self.assertTrue(headers['content-disposition'].startswith(
            'attachment; filename=ambidexterity-simple_test_type-'))

        # check content
        self.assertTrue(zipfile.is_zipfile(StringIO(rez)))
Exemplo n.º 39
0
    def test_officeconnector_reauth_does_not_checkout(self, browser):
        api.portal.set_registry_record(
            'direct_checkout_and_edit_enabled',
            True,
            interface=IOfficeConnectorSettings)
        transaction.commit()

        # We cannot freeze time due to the test browser being threaded
        oc_url = create_oc_url(
            self.doc1.REQUEST, self.doc1, {'action': 'checkout'})
        decoded_oc_url = jwt.decode(oc_url.split(':')[-1], verify=False)

        redirector_js = browser.login().open(
            self.doc1,
            view='checkout_documents'
            '?_authenticator={}&mode=external&reauth=1'
            .format(createToken()),
            ).css('script.redirector')[0].text

        tokens_from_js = [token for token in redirector_js.split("\'")
                          if 'oc:' in token]

        self.assertEqual(3, len(tokens_from_js))

        parsed_oc_url = tokens_from_js[0]
        decoded_parsed_oc_url = jwt.decode(
            parsed_oc_url.split(':')[-1], verify=False)

        # Take out the timestamps
        del decoded_oc_url['exp']
        del decoded_parsed_oc_url['exp']

        self.assertEqual(decoded_oc_url, decoded_parsed_oc_url)
        self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
Exemplo n.º 40
0
    def test_update_appraisal_for_multiple_dossiers_via_update_view(
            self, browser):
        repository2 = create(Builder('repository').within(self.root))
        dossier3 = create(
            Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING).
            as_expired().within(repository2))
        dossier4 = create(
            Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING).
            as_expired().within(repository2))
        disposition = create(
            Builder('disposition').within(self.root).having(
                dossiers=[self.dossier1, self.dossier2, dossier3, dossier4]))

        intids = getUtility(IIntIds)
        dossier_ids = [
            intids.getId(self.dossier1),
            intids.getId(dossier3),
            intids.getId(dossier4)
        ]
        browser.login().open(disposition,
                             view='update_appraisal_view',
                             data={
                                 '_authenticator': createToken(),
                                 'dossier-ids': json.dumps(dossier_ids),
                                 'should_be_archived': json.dumps(True)
                             })

        self.assertTrue(IAppraisal(disposition).get(self.dossier1))
        self.assertTrue(IAppraisal(disposition).get(dossier3))
        self.assertTrue(IAppraisal(disposition).get(dossier4))
Exemplo n.º 41
0
    def get_checkout_url(self):
        if not self.has_file() or not self._is_checkout_and_edit_available():
            return None

        return u'{}/editing_document?_authenticator={}'.format(
            self.context.absolute_url(),
            createToken())
Exemplo n.º 42
0
    def get_checkout_url(self):
        if not self.has_file() or not self._is_checkout_and_edit_available():
            return None

        return u'{}/editing_document?_authenticator={}'.format(
            self.context.absolute_url(),
            createToken())
Exemplo n.º 43
0
    def testAuthenticatedCustom(self):
        self.request['_authenticator'] = createToken('some-value')

        def func(REQUEST=self.request):
            return True
        self.assertEquals(
            protect(CustomCheckAuthenticator('some-value'))(func)(), True)
Exemplo n.º 44
0
    def test_multi_checkin_from_tabbedview_with_comment(self, browser):
        document2 = create(Builder("document").checked_out().within(self.dossier))

        browser.login().open(
            self.dossier,
            data={
                "paths": [obj2brain(self.document).getPath(), obj2brain(document2).getPath()],
                "checkin_documents:method": 1,
                "_authenticator": createToken(),
            },
        )

        # fill and submit checkin form
        browser.fill({"Journal Comment Describe, why you checkin the selected documents": "Checkini"})
        browser.css("#form-buttons-button_checkin").first.click()

        manager1 = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals(None, manager1.get_checked_out_by())
        manager2 = getMultiAdapter((document2, self.portal.REQUEST), ICheckinCheckoutManager)
        self.assertEquals(None, manager2.get_checked_out_by())

        # check last history entry to verify the checkin
        repository_tool = getToolByName(document2, "portal_repository")
        history = repository_tool.getHistory(document2)
        last_entry = repository_tool.retrieve(document2, len(history) - 1)
        self.assertEquals("Checkini", last_entry.comment)
Exemplo n.º 45
0
    def test_decide_agenda_item_creates_locked_excerpt_in_dossier(
            self, browser):
        self.setup_excerpt_template()
        proposal = self.setup_proposal()
        # schedule
        view = 'unscheduled_proposals/{}/schedule'.format(
            proposal.load_model().proposal_id)

        browser.login().open(self.meeting_wrapper, view=view)
        agenda_item = AgendaItem.query.first()
        browser.login().open(self.meeting_wrapper,
                             view='agenda_items/{}/decide'.format(
                                 agenda_item.agenda_item_id),
                             data={'_authenticator': createToken()})

        agenda_item = AgendaItem.query.first()  # refresh
        proposal = agenda_item.proposal
        excerpt_in_dossier = proposal.excerpt_document.resolve_document()
        lockable = ILockable(excerpt_in_dossier)
        self.assertTrue(lockable.locked())
        self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK))

        browser.open(excerpt_in_dossier)
        self.assertEqual(
            u'This document is a copy of the excerpt Fooo - '
            u'C\xf6mmunity meeting from the meeting C\xf6mmunity '
            u'meeting and cannot be edited directly.',
            info_messages()[0])
        message_links = browser.css('.portalMessage.info a')
        self.assertEqual(
            'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3',
            message_links[0].get('href'))
        self.assertEqual(
            'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view',
            message_links[1].get('href'))
Exemplo n.º 46
0
    def test_reopen_agenda_item(self, browser):

        proposal = create(
            Builder('proposal').within(self.dossier).having(
                committee=self.committee.load_model()).as_submitted())
        proposal.load_model().workflow_state = 'decided'

        item = create(
            Builder('agenda_item').having(title=u'foo',
                                          meeting=self.meeting,
                                          workflow_state='decided',
                                          proposal=proposal.load_model()))

        browser.login().open(self.meeting_wrapper,
                             view='agenda_items/{}/reopen'.format(
                                 item.agenda_item_id),
                             data={'_authenticator': createToken()})

        self.assertEquals(AgendaItem.STATE_REVISION,
                          AgendaItem.query.first().get_state())
        self.assertEquals(Proposal.STATE_DECIDED,
                          Proposal.query.first().get_state())
        self.assertEquals([{
            u'message': u'Agenda Item successfully reopened.',
            u'messageClass': u'info',
            u'messageTitle': u'Information'
        }], browser.json.get('messages'))
 def test_can_only_add_invitations_with_the_right_permission(self, browser):
     self.login(self.workspace_member, browser=browser)
     with browser.expect_http_error(400):
         browser.open(self.workspace.absolute_url() + '/manage-participants/add',
                      data={'userid': self.regular_user.getId(),
                            'role': 'WorkspaceAdmin',
                            '_authenticator': createToken()})
Exemplo n.º 48
0
    def test_reopen_agenda_item(self, browser):

        proposal = create(Builder('proposal')
                          .within(self.dossier)
                          .having(committee=self.committee.load_model())
                          .as_submitted())
        proposal.load_model().workflow_state = 'decided'

        item = create(Builder('agenda_item').having(
            title=u'foo',
            meeting=self.meeting,
            workflow_state='decided',
            proposal=proposal.load_model()))

        browser.login().open(
            self.meeting_wrapper,
            view='agenda_items/{}/reopen'.format(item.agenda_item_id),
            data={'_authenticator': createToken()})

        self.assertEquals(AgendaItem.STATE_REVISION,
                          AgendaItem.query.first().get_state())
        self.assertEquals(Proposal.STATE_DECIDED,
                          Proposal.query.first().get_state())
        self.assertEquals([{u'message': u'Agenda Item successfully reopened.',
                            u'messageClass': u'info',
                            u'messageTitle': u'Information'}],
                          browser.json.get('messages'))
Exemplo n.º 49
0
    def test_multi_checkin_shows_message_when_no_documents_are_selected(self, browser):
        self.login(self.regular_user, browser)

        browser.open(
            self.dossier,
            data={
                'paths': [],
                'checkin_without_comment:method': 1,
                '_authenticator': createToken(),
                },
            )

        self.assertEquals(
            ['You have not selected any documents.'],
            error_messages(),
            )

        redirect_target_url = ''.join((
            self.dossier.absolute_url(),
            '#documents'
            ))

        self.assertEquals(
            redirect_target_url,
            browser.url,
            )

        browser.open(
            self.dossier,
            data={
                'paths': [],
                'checkin_documents:method': 1,
                '_authenticator': createToken(),
                },
            )

        browser.click_on('Checkin')

        self.assertEquals(
            ['You have not selected any documents.'],
            error_messages(),
            )

        self.assertIn(
            redirect_target_url,
            browser.url,
            )
    def test_current_user_cannot_remove_its_local_roles(self, browser):
        self.login(self.workspace_admin, browser=browser)

        with browser.expect_http_error(400):
            browser.open(self.workspace.absolute_url() + '/manage-participants/delete',
                         data={'token': self.workspace_admin.getId(),
                               'type': 'user',
                               '_authenticator': createToken()})
Exemplo n.º 51
0
    def test_redirects_to_document_itself_when_view_is_called_on_a_document(self, browser):
        doc = create(Builder('document').within(self.dossier).checked_out())
        browser.login().open(doc, {'_authenticator': createToken()},
                             view='cancel_document_checkouts', )

        self.assertEquals(doc, browser.context)
        self.assertEquals([u'Cancel checkout: Testdokum\xe4nt'],
                          info_messages())
    def test_do_not_allow_modifying_the_WorkspaceOwnerRole(self, browser):
        self.login(self.workspace_admin, browser=browser)

        with browser.expect_http_error(400):
            browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
                         data={'token': self.workspace_owner.getId(),
                               'type': 'user',
                               'role': 'WorkspaceAdmin',
                               '_authenticator': createToken()})
Exemplo n.º 53
0
    def test_browser_revert_view_raises_unauthorized_when_revert_disallowed(self, browser):
        self.manager.checkout()
        transaction.commit()

        with browser.expect_unauthorized():
            browser.login().open(
                self.document,
                view='revert-file-to-version?version_id=2&_authenticator={}'
                .format(createToken()))
Exemplo n.º 54
0
    def test_cannot_accept_invitation_of_other_users(self, browser):
        self.login(self.workspace_admin, browser=browser)
        foreign_iid = tuple(self.storage.iter_invitions_for_context(
            self.workspace))[0]['iid']

        with browser.expect_http_error(400):
            browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
                         data={'iid': foreign_iid,
                               '_authenticator': createToken()})
    def test_can_only_modify_workspace_roles(self, browser):
        self.login(self.workspace_admin, browser=browser)

        with browser.expect_http_error(403):
            browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
                         data={'token': self.regular_user.getId(),
                               'role': 'Contributor',
                               'type': 'user',
                               '_authenticator': createToken()})
    def test_cannot_modify_inexisting_user(self, browser):
        self.login(self.workspace_admin, browser=browser)

        with browser.expect_http_error(400):
            browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
                         data={'token': self.regular_user.getId(),
                               'role': 'WorkspaceMember',
                               'type': 'user',
                               '_authenticator': createToken()})
    def test_decide_ad_hoc_agenda_item_generates_numbers(self, browser):
        self.login(self.committee_responsible, browser)
        agenda_item = self.schedule_ad_hoc(self.meeting, 'Gugus')

        browser.open(self.agenda_item_url(agenda_item, 'decide'),
                     data={'_authenticator': createToken()})

        self.assertEqual(2, agenda_item.decision_number)
        self.assertEqual(2, self.meeting.model.meeting_number)
Exemplo n.º 58
0
    def test_shows_message_when_checkout_cant_be_cancelled(self, browser):
        doc = create(Builder('document').within(self.dossier))

        browser.login().open(doc, {'_authenticator': createToken()},
                             view='cancel_document_checkouts', )

        self.assertEquals(
            [u'Could not cancel checkout on document Testdokum\xe4nt.'],
            error_messages())