def test_cant_create_adhoc_when_no_access_to_meeting_dossier(self, browser):
self.login(self.committee_responsible, browser)
browser.open(self.meeting, view='agenda_items/schedule_text',
data={'title': u'Fail',
'_authenticator': createToken()})
self.assertEquals(
{u'messages': [
{u'messageTitle': u'Information',
u'message': u'Text successfully added.',
u'messageClass': u'info'}],
u'proceed': True},
browser.json)
with self.login(self.administrator):
# Let committee_responsible have no access to meeting_dossier
self.meeting_dossier.__ac_local_roles_block__ = True
self.meeting_dossier.reindexObjectSecurity()
self.login(self.committee_responsible, browser)
with browser.expect_http_error(code=403):
browser.open(self.meeting, view='agenda_items/schedule_text',
data={'title': u'Fail',
'_authenticator': createToken()})
self.assertEquals(
{u'messages': [
{u'messageTitle': u'Error',
u'message': u'Insufficient privileges to add a document '
'to the meeting dossier.',
u'messageClass': u'error'}]},
browser.json)
def test_reopening_creates_history_entry(self, browser):
self.submit_proposal()
transaction.commit()
browser.login().open(
self.meeting.get_url(view='unscheduled_proposals/1/schedule'))
browser.open(self.meeting.get_url(view='agenda_items/1/decide'),
data={'_authenticator': createToken()})
browser.open(self.meeting.get_url(view='agenda_items/1/reopen'),
data={'_authenticator': createToken()})
self.assert_proposal_history_records(
u'Proposal reopened by Test User (test_user_1_)',
with_submitted=True)
def test_can_only_add_invitations_with_Workspace_related_roles(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(403):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'Reader',
'_authenticator': createToken()})
with browser.expect_http_error(500):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'Site Administrator',
'_authenticator': createToken()})
def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well(self, browser):
self.login(self.committee_responsible, browser)
agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus')
agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux')
browser.open(self.agenda_item_url(agenda_item_1, 'decide'),
data={'_authenticator': createToken()})
self.assertEquals(self.meeting.absolute_url(),
browser.json.get('redirectUrl'))
browser.open(self.agenda_item_url(agenda_item_2, 'decide'),
data={'_authenticator': createToken()})
self.assertEquals(None, browser.json.get('redirectUrl'))
def test_can_only_add_invitations_with_Workspace_related_roles(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(403):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'Reader',
'_authenticator': createToken()})
with browser.expect_http_error(500):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'Site Administrator',
'_authenticator': createToken()})
def test_redirect_to_current_view_when_meeting_has_to_be_decided_as_well(
self, browser):
self.login(self.committee_responsible, browser)
agenda_item_1 = self.schedule_ad_hoc(self.meeting, 'Gugus')
agenda_item_2 = self.schedule_ad_hoc(self.meeting, 'Kux')
browser.open(self.agenda_item_url(agenda_item_1, 'decide'),
data={'_authenticator': createToken()})
self.assertEquals(self.meeting.absolute_url(),
browser.json.get('redirectUrl'))
browser.open(self.agenda_item_url(agenda_item_2, 'decide'),
data={'_authenticator': createToken()})
self.assertEquals(None, browser.json.get('redirectUrl'))
def test_revising_creates_history_entry(self, browser):
self.submit_proposal()
transaction.commit()
browser.login().open(
self.meeting.get_url(view='unscheduled_proposals/1/schedule'))
browser.open(self.meeting.get_url(view='agenda_items/1/decide'),
data={'_authenticator': createToken()})
browser.open(self.meeting.get_url(view='agenda_items/1/reopen'),
data={'_authenticator': createToken()})
browser.open(self.meeting.get_url(view='agenda_items/1/revise'),
data={'_authenticator': createToken()})
self.open_overview(browser)
self.assertEqual(u'Proposal revised by Test User (test_user_1_)',
self.get_latest_history_entry_text(browser))
def test_cannot_accept_invalid_invitation(self, browser):
self.login(self.regular_user, browser=browser)
with browser.expect_http_error(503):
browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
data={'iid': 'someinvalidiid',
'_authenticator': createToken()})
def test_decide_agenda_item_creates_locked_excerpt_in_dossier(self, browser):
self.setup_excerpt_template()
proposal = self.setup_proposal()
# schedule
view = 'unscheduled_proposals/{}/schedule'.format(
proposal.load_model().proposal_id)
browser.login().open(self.meeting_wrapper, view=view)
agenda_item = AgendaItem.query.first()
browser.login().open(
self.meeting_wrapper,
view='agenda_items/{}/decide'.format(agenda_item.agenda_item_id),
data={'_authenticator': createToken()})
agenda_item = AgendaItem.query.first() # refresh
proposal = agenda_item.proposal
excerpt_in_dossier = proposal.excerpt_document.resolve_document()
lockable = ILockable(excerpt_in_dossier)
self.assertTrue(lockable.locked())
self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK))
browser.open(excerpt_in_dossier)
self.assertEqual(u'This document is a copy of the excerpt Fooo - '
u'C\xf6mmunity meeting from the meeting C\xf6mmunity '
u'meeting and cannot be edited directly.',
info_messages()[0])
message_links = browser.css('.portalMessage.info a')
self.assertEqual(
'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3',
message_links[0].get('href'))
self.assertEqual(
'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view',
message_links[1].get('href'))
def test_document_status_json(self):
site_id = api.portal.get().id
path_segments = [
s for s in self.document.getPhysicalPath() if s != site_id
]
document_path = '/'.join(path_segments)
response = self.api.get(document_path + '/status').json()
self.assertIn('int_id', response)
self.assertEqual(
getUtility(IIntIds).getId(self.document), response['int_id'])
self.assertIn('title', response)
self.assertEqual(self.document.title_or_id(), response['title'])
self.assertIn('checked_out', response)
self.assertEqual(False, response['checked_out'])
self.assertIn('checked_out_by', response)
self.assertEqual(None, response['checked_out_by'])
# Check out the document
self.api.headers.update({'Accept': 'text/html'})
self.api.get(document_path + '/@@checkout_documents' +
'?_authenticator={}'.format(createToken()))
self.api.headers.update({'Accept': 'application/json'})
response = self.api.get(document_path + '/status').json()
self.assertIn('checked_out', response)
self.assertEqual(True, response['checked_out'])
self.assertIn('checked_out_by', response)
self.assertEqual(TEST_USER_ID, response['checked_out_by'])
def test_can_only_add_invitations_with_the_right_permission(self, browser):
self.login(self.workspace_member, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'WorkspaceAdmin',
'_authenticator': createToken()})
def test_add_invitiation(self, browser):
self.login(self.workspace_admin, browser=browser)
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'WorkspaceGuest',
'_authenticator': createToken()})
invitations = tuple(self.storage.iter_invitions_for_context(self.workspace))
self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.')
invitations_in_response = filter(
lambda entry: entry['type_'] == 'invitation',
browser.json)
self.assertEquals(1, len(invitations_in_response),
'Expect one invitation in response')
self.assertDictEqual(
{u'can_manage': True,
u'token': invitations[0]['iid'],
u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)',
u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)',
u'roles': [u'WorkspaceGuest'],
u'type_': u'invitation',
u'userid': u'kathi.barfuss'},
invitations_in_response[0])
def test_repository_folder(self, browser):
self.grant('Manager')
browser.login().open()
factoriesmenu.add('RepositoryRoot')
browser.fill({'Title': 'Registraturplan'}).save()
self.assertEquals(('tabbed_view', 'opengever-repository-repositoryroot'),
plone.view_and_portal_type())
registraturplan = browser.context
# This will cause a WRITE to registraturplan the first time it is accessed.
browser.open(registraturplan, view='++add++opengever.repository.repositoryfolder',
data={'_authenticator': createToken()})
browser.fill({'Title': 'Accounting'}).save()
self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'),
plone.view_and_portal_type())
accounting = browser.context
self.assertEquals(u'1', IReferenceNumberPrefix(accounting).reference_number_prefix)
self.assertEquals(('test_user_1_',), accounting.listCreators())
browser.open(registraturplan)
factoriesmenu.add('RepositoryFolder')
browser.fill({'Title': 'Custody'}).save()
self.assertEquals(('tabbed_view', 'opengever-repository-repositoryfolder'),
plone.view_and_portal_type())
custody = browser.context
self.assertEquals(u'2', IReferenceNumberPrefix(custody).reference_number_prefix)
def test_update_appraisal_for_multiple_dossiers_via_update_view(self, browser):
repository2 = create(Builder('repository').within(self.root))
dossier3 = create(Builder('dossier')
.having(archival_value=ARCHIVAL_VALUE_SAMPLING)
.as_expired()
.within(repository2))
dossier4 = create(Builder('dossier')
.having(archival_value=ARCHIVAL_VALUE_SAMPLING)
.as_expired()
.within(repository2))
disposition = create(Builder('disposition')
.within(self.root)
.having(dossiers=[self.dossier1, self.dossier2,
dossier3, dossier4]))
intids = getUtility(IIntIds)
dossier_ids = [intids.getId(self.dossier1),
intids.getId(dossier3),
intids.getId(dossier4)]
browser.login().open(disposition, view='update_appraisal_view',
data={'_authenticator': createToken(),
'dossier-ids': json.dumps(dossier_ids),
'should_be_archived': json.dumps(True)})
self.assertTrue(IAppraisal(disposition).get(self.dossier1))
self.assertTrue(IAppraisal(disposition).get(dossier3))
self.assertTrue(IAppraisal(disposition).get(dossier4))
def get_base_payloads(self):
# Require an authenticated user
if not api.user.is_anonymous():
documents = []
for uuid in self.uuids:
document = api.content.get(UID=uuid)
if self.document_is_valid(document):
documents.append(document)
else:
# Fail per default
raise Forbidden
if documents:
payloads = []
for document in documents:
payloads.append({
'csrf-token': createToken(),
'document-url': document.absolute_url(),
'document': document,
})
return payloads
# Fail per default
raise NotFound
def test_multi_checkin_does_not_checkin_locked_documents(self, browser):
self.login(self.regular_user, browser)
browser.open(self.document, view='tabbedview_view-overview')
browser.find('Checkout and edit').click()
browser.open(self.subdocument, view='tabbedview_view-overview')
browser.find('Checkout and edit').click()
lockable = IRefreshableLockable(self.document)
lockable.lock()
browser.open(
self.dossier,
method='POST',
data={
'paths': [
obj2brain(self.document).getPath(),
obj2brain(self.subdocument).getPath(),
],
'checkin_without_comment:method': 1,
'_authenticator': createToken(),
},
)
manager = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals('kathi.barfuss', manager.get_checked_out_by())
manager = getMultiAdapter((self.subdocument, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals(None, manager.get_checked_out_by())
self.assertEquals([u'Could not check in document Vertr\xe4gsentwurf'],
error_messages())
def test_officeconnector_reauth_does_not_checkout(self, browser):
api.portal.set_registry_record(
'direct_checkout_and_edit_enabled',
True,
interface=IOfficeConnectorSettings)
transaction.commit()
# We cannot freeze time due to the test browser being threaded
oc_url = create_oc_url(
self.doc1.REQUEST, self.doc1, {'action': 'checkout'})
decoded_oc_url = jwt.decode(
oc_url.split(':')[-1], verify=False, algorithms=('HS256',))
redirector_js = browser.login().open(
self.doc1,
view='checkout_documents'
'?_authenticator={}&mode=external&reauth=1'
.format(createToken()),
).css('script.redirector')[0].text
tokens_from_js = [token for token in redirector_js.split("\'")
if 'oc:' in token]
self.assertEqual(3, len(tokens_from_js))
parsed_oc_url = tokens_from_js[0]
decoded_parsed_oc_url = jwt.decode(
parsed_oc_url.split(':')[-1], verify=False, algorithms=('HS256',))
# Take out the timestamps
del decoded_oc_url['exp']
del decoded_parsed_oc_url['exp']
self.assertEqual(decoded_oc_url, decoded_parsed_oc_url)
self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
def test_cannot_accept_invalid_invitation(self, browser):
self.login(self.regular_user, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
data={'iid': 'someinvalidiid',
'_authenticator': createToken()})
def test_cancel_checkouts_action_needs_confirmation(self, browser):
self.login(self.regular_user, browser=browser)
manager = getMultiAdapter((self.document, self.request),
ICheckinCheckoutManager)
manager.checkout()
browser.open(self.dossier, view="tabbedview_view-documents-proxy")
self.assertEqual('cancel_documents_checkout_confirmation:method',
browser.find("Cancel").get("href"))
paths = [
self.document.absolute_url_path(),
self.subdocument.absolute_url_path()
]
browser.open(
self.dossier,
{
'paths': paths,
'_authenticator': createToken()
},
view='cancel_documents_checkout_confirmation',
)
self.assertEqual('kathi.barfuss', manager.get_checked_out_by())
browser.click_on("Cancel checkout")
self.assertEqual(None, manager.get_checked_out_by())
def test_multi_checkin_from_tabbedview_with_comment(self, browser):
document2 = create(Builder("document")
.checked_out()
.within(self.dossier))
browser.login().open(
self.dossier,
data={'paths': [obj2brain(self.document).getPath(),
obj2brain(document2).getPath()],
'checkin_documents:method': 1,
'_authenticator': createToken()})
# fill and submit checkin form
browser.fill({
'Journal Comment Describe, why you checkin the selected documents':
'Checkini'
})
browser.css('#form-buttons-button_checkin').first.click()
manager1 = getMultiAdapter((self.document, self.portal.REQUEST),
ICheckinCheckoutManager)
self.assertEquals(None, manager1.get_checked_out_by())
manager2 = getMultiAdapter((document2, self.portal.REQUEST),
ICheckinCheckoutManager)
self.assertEquals(None, manager2.get_checked_out_by())
# check last history entry to verify the checkin
repository_tool = getToolByName(document2, 'portal_repository')
history = repository_tool.getHistory(document2)
last_entry = repository_tool.retrieve(document2, len(history)-1)
self.assertEquals('Checkini', last_entry.comment)
def test_error_when_untrashing_removed_document(self, browser):
self.login(self.manager, browser=browser)
data = self.make_path_param(self.empty_document)
data['_authenticator'] = createToken()
self.trash_documents(self.empty_document)
Remover([self.empty_document]).remove()
# Removed document cannot be untrashed
browser.open(self.empty_dossier, view="untrashed", data=data)
self.assertTrue(ITrashed.providedBy(self.empty_document))
self.assertEquals(
[u'Untrashing {} is forbidden'.format(self.empty_document.title)],
error_messages())
# When restored, document can be untrashed
api.content.transition(
obj=self.empty_document,
transition=self.empty_document.restore_transition)
self.assertEqual(self.empty_document.active_state,
api.content.get_state(self.empty_document))
browser.open(self.empty_dossier, view="untrashed", data=data)
self.assertFalse(ITrashed.providedBy(self.empty_document))
def test_only_expired_dossiers_can_be_added(self, browser):
self.login(self.records_manager, browser)
data = {
'paths:list': obj2paths([self.expired_dossier]),
'_authenticator': createToken()
}
self.assertEqual(date(2000, 12, 31),
IDossier(self.expired_dossier).end)
with freeze(datetime(2001, 1, 1)):
browser.open(self.repository_root,
view='++add++opengever.disposition.disposition',
data=data)
browser.find('Save').click()
self.assertEquals(['There were some errors.'], error_messages())
self.assertEquals([
'The retention period of the selected dossiers is not expired.'
],
browser.css('.fieldErrorBox .error').text)
with freeze(datetime(2021, 1, 1)):
browser.open(self.repository_root,
view='++add++opengever.disposition.disposition',
data=data)
browser.find('Save').click()
self.assertEquals([], error_messages())
self.assertEquals(['Item created'], info_messages())
def test_cant_create_adhoc_when_no_access_to_meeting_dossier(
self, browser):
with self.login(self.administrator):
# Let committee_responsible have no access to meeting_dossier
self.meeting_dossier.__ac_local_roles_block__ = True
self.meeting_dossier.reindexObjectSecurity()
self.login(self.committee_responsible, browser)
browser.open(self.meeting,
view='agenda_items/schedule_text',
data={
'title': u'Fail',
'_authenticator': createToken()
})
self.assertEquals(
{
u'messages':
[{
u'messageTitle': u'Error',
u'message': u'Insufficient privileges to add a document '
'to the meeting dossier.',
u'messageClass': u'error'
}],
u'proceed':
False
}, browser.json)
def test_only_expired_dossiers_can_be_added(self, browser):
self.login(self.records_manager, browser)
data = {'paths:list': obj2paths([self.expired_dossier]),
'_authenticator': createToken()}
self.assertEqual(date(2000, 12, 31), IDossier(self.expired_dossier).end)
with freeze(datetime(2001, 1, 1)):
browser.open(self.repository_root,
view='++add++opengever.disposition.disposition',
data=data)
browser.find('Save').click()
self.assertEquals(['There were some errors.'], error_messages())
self.assertEquals(
['The retention period of the selected dossiers is not expired.'],
browser.css('.fieldErrorBox .error').text)
with freeze(datetime(2021, 1, 1)):
browser.open(self.repository_root,
view='++add++opengever.disposition.disposition',
data=data)
browser.find('Save').click()
self.assertEquals([], error_messages())
self.assertEquals(['Item created'], info_messages())
def test_execute(self):
from Acquisition import Implicit
from Testing.makerequest import makerequest
from plone.app.z3cform.csrf import AuthenticatedButtonActions
from plone.protect import createToken
class DummyForm(object):
enableCSRFProtection = True
class DummyAction(object):
def isExecuted(self):
return True
def execute(self):
self.called = True
form = DummyForm()
request = makerequest(Implicit()).REQUEST
request.form['_authenticator'] = createToken()
actions = AuthenticatedButtonActions(form, request, None)
actions._data['foo'] = action = DummyAction()
actions._data_keys = ['foo']
actions._data_values = [action]
actions.execute()
def publish(self, path, basic=None, env=None, extra=None, request_method="GET", stdin=None, handle_errors=True):
""" Override publish method using zope.testbrowser with CSFR protection
"""
if not extra:
extra = {}
extra["_authenticator"] = createToken()
return ATTestCase.publish(self, path, basic, env, extra, request_method, stdin, handle_errors)
def test_update_paragraph_order(self, browser):
self.login(self.dossier_responsible, browser=browser)
self.assertEquals(
['paragraphtemplate-1',
'paragraphtemplate-2',
'paragraphtemplate-3'],
self.meeting_template.objectIds())
for item in self.meeting_template.objectIds():
self.assertIsInstance(item, str)
new_order = ['paragraphtemplate-2',
'paragraphtemplate-1',
'paragraphtemplate-3']
browser.open(self.meeting_template,
view='update_content_order',
data={
'sortOrder': json.dumps(new_order),
'_authenticator': createToken(),
})
statusmessages.assert_no_error_messages()
self.assertEquals(
new_order,
[paragraph.getId() for paragraph in self.meeting_template.get_paragraphs()])
for item in self.meeting_template.objectIds():
self.assertIsInstance(item, str)
def get_base_payloads(self):
# Require an authenticated user
if not api.user.is_anonymous():
documents = OrderedDict()
for uuid in self.uuids:
document = api.content.get(UID=uuid)
if self.document_is_valid(document):
documents[uuid] = document
else:
# Fail per default
raise Forbidden
if documents:
payloads = []
for uuid, document in documents.items():
payloads.append(
{
'csrf-token': createToken(),
'document-url': document.absolute_url(),
'document': document,
'uuid': uuid,
}
)
return payloads
# Fail per default
raise NotFound
def test_dossier_save_comments_endpoint(self, browser):
payload = '{"comments": "New comment"}'
browser.login().visit(self.dossier)
browser.visit(self.dossier,
view='save_comments',
data={
'data': payload,
'_authenticator': createToken()
})
dossier_data = IDossier(self.dossier)
self.assertEquals("New comment", dossier_data.comments)
browser.exception_bubbling = True
with self.assertRaises(KeyError):
payload = '{"invalidkey": "New comment"}'
browser.login().visit(self.dossier,
view='save_comments',
data={'data': payload})
query = {'SearchableText': 'New comment'}
result = self.portal.portal_catalog(**query)
self.assertEquals(1, len(result), 'Expect one result')
self.assertEquals(self.dossier, result[0].getObject())
def test_sets_end_date_to_current_date(self, browser):
with freeze(datetime(2016, 3, 29)):
browser.login().open(self.dossier,
view='transition-deactivate',
data={'_authenticator': createToken()})
self.assertEqual(date(2016, 3, 29), IDossier(self.dossier).end)
def test_error_for_untrashable_documents(self, browser):
trashable = create(
Builder('document').within(
self.dossier).titled(u'Trashable document'))
untrashable = create(
Builder('document').within(
self.dossier).titled(u'Untrashable document'))
# Remove trash permission from all users.
Permission('opengever.trash: Trash content', [], untrashable).setRoles(
())
transaction.commit()
data = {
'paths:list': [
'/'.join(trashable.getPhysicalPath()),
'/'.join(untrashable.getPhysicalPath())
],
'_authenticator':
createToken()
}
browser.login().open(self.dossier, view="trashed", data=data)
self.assertEquals([u'the object Trashable document trashed'],
info_messages())
self.assertEquals([u'Trashing Untrashable document is forbidden'],
error_messages())
self.assertEquals('http://nohost/plone/dossier-1#documents',
browser.url)
def test_error_when_untrashing_removed_document(self, browser):
self.login(self.manager, browser=browser)
data = self.make_path_param(self.empty_document)
data['_authenticator'] = createToken()
self.trash_documents(self.empty_document)
Remover([self.empty_document]).remove()
# Removed document cannot be untrashed
browser.open(self.empty_dossier, view="untrashed", data=data)
self.assertTrue(ITrashed.providedBy(self.empty_document))
self.assertEquals(
[u'Untrashing {} is forbidden'.format(self.empty_document.title)],
error_messages())
# When restored, document can be untrashed
api.content.transition(
obj=self.empty_document,
transition=self.empty_document.restore_transition)
self.assertEqual(self.empty_document.active_state,
api.content.get_state(self.empty_document))
browser.open(self.empty_dossier, view="untrashed", data=data)
self.assertFalse(ITrashed.providedBy(self.empty_document))
def test_proposal_is_decided_only_when_excerpt_is_returned(self, browser):
self.login(self.committee_responsible, browser)
self.assertEqual(Proposal.STATE_SUBMITTED,
self.submitted_proposal.get_state())
agenda_item = self.schedule_proposal(self.meeting,
self.submitted_proposal)
self.assertEqual(Proposal.STATE_SCHEDULED,
self.submitted_proposal.get_state())
browser.open(self.agenda_item_url(agenda_item, 'decide'),
data={'_authenticator': createToken()})
self.assertEqual(Proposal.STATE_SCHEDULED,
self.submitted_proposal.get_state())
browser.open(self.meeting, view='agenda_items/list')
generate_excerpt_link = browser.json['items'][0][
'generate_excerpt_link']
browser.open(generate_excerpt_link,
send_authenticator=True,
data={'excerpt_title': 'Excerption \xc3\x84nderungen'})
self.assertEqual(Proposal.STATE_SCHEDULED,
self.submitted_proposal.get_state())
browser.open(self.meeting, view='agenda_items/list')
return_excerpt_link = browser.json[u"items"][0]['excerpts'][0][
'return_link']
browser.open(return_excerpt_link, send_authenticator=True)
self.assertEqual(Proposal.STATE_DECIDED,
self.submitted_proposal.get_state())
def get_base_payloads(self):
# Require an authenticated user
if api.user.is_anonymous():
raise Forbidden
documents = []
for uuid in self.uuids:
document = api.content.get(UID=uuid)
if document and document.has_file():
documents.append(document)
if not documents:
raise NotFound
payloads = []
for document in documents:
payloads.append({
'content-type': document.get_file().contentType,
'csrf-token': createToken(),
'document-url': document.absolute_url(),
'document': document,
'download': document.get_download_view_name(),
'filename': document.get_filename(),
})
return payloads
def test_multi_checkin_does_not_checkin_locked_documents(self, browser):
self.login(self.regular_user, browser)
browser.open(self.document, view='tabbedview_view-overview')
browser.find('Checkout and edit').click()
browser.open(self.subdocument, view='tabbedview_view-overview')
browser.find('Checkout and edit').click()
lockable = IRefreshableLockable(self.document)
lockable.lock()
browser.open(
self.dossier,
method='POST',
data={
'paths': [
obj2brain(self.document).getPath(),
obj2brain(self.subdocument).getPath(),
],
'checkin_without_comment:method': 1,
'_authenticator': createToken(),
},
)
manager = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals('kathi.barfuss', manager.get_checked_out_by())
manager = getMultiAdapter((self.subdocument, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals(None, manager.get_checked_out_by())
self.assertEquals([u'Could not check in document Vertr\xe4gsentwurf'],
error_messages())
def test_deleted_workspace_member_is_removed_as_watcher_from_all_todos(
self, browser):
self.login(self.workspace_admin, browser=browser)
self.center.add_watcher_to_resource(self.todo,
self.workspace_member.getId(),
WORKSPACE_MEMBER_ROLE)
watcher = self.center.fetch_watcher(self.workspace_member.getId())
subscriptions = watcher.subscriptions
self.assertEqual(2, len(subscriptions))
expected = [(TODO_RESPONSIBLE_ROLE, self.assigned_todo),
(WORKSPACE_MEMBER_ROLE, self.todo)]
actual = [(subscription.role,
subscription.resource.oguid.resolve_object())
for subscription in subscriptions]
self.assertItemsEqual(expected, actual)
browser.open(self.workspace.absolute_url() +
'/manage-participants/delete',
data={
'token': self.workspace_member.getId(),
'type': 'user',
'_authenticator': createToken()
})
self.center.session.refresh(watcher)
self.assertEqual([], watcher.subscriptions)
def test_add_invitiation(self, browser):
self.login(self.workspace_admin, browser=browser)
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'WorkspaceGuest',
'_authenticator': createToken()})
invitations = tuple(self.storage.iter_invitions_for_context(self.workspace))
self.assertEquals(1, len(tuple(invitations)), 'Expect one invitation.')
invitations_in_response = filter(
lambda entry: entry['type_'] == 'invitation',
browser.json)
self.assertEquals(1, len(invitations_in_response),
'Expect one invitation in response')
self.assertDictEqual(
{u'can_manage': True,
u'token': invitations[0]['iid'],
u'inviter': u'Hugentobler Fridolin (fridolin.hugentobler)',
u'name': u'B\xe4rfuss K\xe4thi (kathi.barfuss)',
u'roles': [u'WorkspaceGuest'],
u'type_': u'invitation'},
invitations_in_response[0])
def test_export(self):
view.addViewTemplate('simple_test_type')
default_script.addDefaultScript('simple_test_type',
'test_string_field')
default_script.addDefaultScript('simple_test_type',
'test_integer_field')
validator_script.addValidatorScript('simple_test_type',
'test_string_field')
vocabulary_script.addVocabularyScript('simple_test_type',
'test_choice_field')
request = self.layer['request']
form = request.form
form['_authenticator'] = createToken()
form['ctype'] = 'simple_test_type'
export_view = self.portal.unrestrictedTraverse(
'@@ambidexterity-export')
rez = export_view()
# check headers
headers = request.response.headers
self.assertEqual(headers['content-type'], 'application/zip')
self.assertTrue(headers['content-disposition'].startswith(
'attachment; filename=ambidexterity-simple_test_type-'))
# check content
self.assertTrue(zipfile.is_zipfile(StringIO(rez)))
def test_officeconnector_reauth_does_not_checkout(self, browser):
api.portal.set_registry_record(
'direct_checkout_and_edit_enabled',
True,
interface=IOfficeConnectorSettings)
transaction.commit()
# We cannot freeze time due to the test browser being threaded
oc_url = create_oc_url(
self.doc1.REQUEST, self.doc1, {'action': 'checkout'})
decoded_oc_url = jwt.decode(oc_url.split(':')[-1], verify=False)
redirector_js = browser.login().open(
self.doc1,
view='checkout_documents'
'?_authenticator={}&mode=external&reauth=1'
.format(createToken()),
).css('script.redirector')[0].text
tokens_from_js = [token for token in redirector_js.split("\'")
if 'oc:' in token]
self.assertEqual(3, len(tokens_from_js))
parsed_oc_url = tokens_from_js[0]
decoded_parsed_oc_url = jwt.decode(
parsed_oc_url.split(':')[-1], verify=False)
# Take out the timestamps
del decoded_oc_url['exp']
del decoded_parsed_oc_url['exp']
self.assertEqual(decoded_oc_url, decoded_parsed_oc_url)
self.assertFalse(self.get_manager(self.doc1).is_checked_out_by_current_user())
def test_update_appraisal_for_multiple_dossiers_via_update_view(
self, browser):
repository2 = create(Builder('repository').within(self.root))
dossier3 = create(
Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING).
as_expired().within(repository2))
dossier4 = create(
Builder('dossier').having(archival_value=ARCHIVAL_VALUE_SAMPLING).
as_expired().within(repository2))
disposition = create(
Builder('disposition').within(self.root).having(
dossiers=[self.dossier1, self.dossier2, dossier3, dossier4]))
intids = getUtility(IIntIds)
dossier_ids = [
intids.getId(self.dossier1),
intids.getId(dossier3),
intids.getId(dossier4)
]
browser.login().open(disposition,
view='update_appraisal_view',
data={
'_authenticator': createToken(),
'dossier-ids': json.dumps(dossier_ids),
'should_be_archived': json.dumps(True)
})
self.assertTrue(IAppraisal(disposition).get(self.dossier1))
self.assertTrue(IAppraisal(disposition).get(dossier3))
self.assertTrue(IAppraisal(disposition).get(dossier4))
def get_checkout_url(self):
if not self.has_file() or not self._is_checkout_and_edit_available():
return None
return u'{}/editing_document?_authenticator={}'.format(
self.context.absolute_url(),
createToken())
def get_checkout_url(self):
if not self.has_file() or not self._is_checkout_and_edit_available():
return None
return u'{}/editing_document?_authenticator={}'.format(
self.context.absolute_url(),
createToken())
def testAuthenticatedCustom(self):
self.request['_authenticator'] = createToken('some-value')
def func(REQUEST=self.request):
return True
self.assertEquals(
protect(CustomCheckAuthenticator('some-value'))(func)(), True)
def test_multi_checkin_from_tabbedview_with_comment(self, browser):
document2 = create(Builder("document").checked_out().within(self.dossier))
browser.login().open(
self.dossier,
data={
"paths": [obj2brain(self.document).getPath(), obj2brain(document2).getPath()],
"checkin_documents:method": 1,
"_authenticator": createToken(),
},
)
# fill and submit checkin form
browser.fill({"Journal Comment Describe, why you checkin the selected documents": "Checkini"})
browser.css("#form-buttons-button_checkin").first.click()
manager1 = getMultiAdapter((self.document, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals(None, manager1.get_checked_out_by())
manager2 = getMultiAdapter((document2, self.portal.REQUEST), ICheckinCheckoutManager)
self.assertEquals(None, manager2.get_checked_out_by())
# check last history entry to verify the checkin
repository_tool = getToolByName(document2, "portal_repository")
history = repository_tool.getHistory(document2)
last_entry = repository_tool.retrieve(document2, len(history) - 1)
self.assertEquals("Checkini", last_entry.comment)
def test_decide_agenda_item_creates_locked_excerpt_in_dossier(
self, browser):
self.setup_excerpt_template()
proposal = self.setup_proposal()
# schedule
view = 'unscheduled_proposals/{}/schedule'.format(
proposal.load_model().proposal_id)
browser.login().open(self.meeting_wrapper, view=view)
agenda_item = AgendaItem.query.first()
browser.login().open(self.meeting_wrapper,
view='agenda_items/{}/decide'.format(
agenda_item.agenda_item_id),
data={'_authenticator': createToken()})
agenda_item = AgendaItem.query.first() # refresh
proposal = agenda_item.proposal
excerpt_in_dossier = proposal.excerpt_document.resolve_document()
lockable = ILockable(excerpt_in_dossier)
self.assertTrue(lockable.locked())
self.assertTrue(lockable.can_safely_unlock(MEETING_EXCERPT_LOCK))
browser.open(excerpt_in_dossier)
self.assertEqual(
u'This document is a copy of the excerpt Fooo - '
u'C\xf6mmunity meeting from the meeting C\xf6mmunity '
u'meeting and cannot be edited directly.',
info_messages()[0])
message_links = browser.css('.portalMessage.info a')
self.assertEqual(
'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/submitted-proposal-1/document-3',
message_links[0].get('href'))
self.assertEqual(
'http://nohost/plone/opengever-meeting-committeecontainer/committee-1/meeting-1/view',
message_links[1].get('href'))
def test_reopen_agenda_item(self, browser):
proposal = create(
Builder('proposal').within(self.dossier).having(
committee=self.committee.load_model()).as_submitted())
proposal.load_model().workflow_state = 'decided'
item = create(
Builder('agenda_item').having(title=u'foo',
meeting=self.meeting,
workflow_state='decided',
proposal=proposal.load_model()))
browser.login().open(self.meeting_wrapper,
view='agenda_items/{}/reopen'.format(
item.agenda_item_id),
data={'_authenticator': createToken()})
self.assertEquals(AgendaItem.STATE_REVISION,
AgendaItem.query.first().get_state())
self.assertEquals(Proposal.STATE_DECIDED,
Proposal.query.first().get_state())
self.assertEquals([{
u'message': u'Agenda Item successfully reopened.',
u'messageClass': u'info',
u'messageTitle': u'Information'
}], browser.json.get('messages'))
def test_can_only_add_invitations_with_the_right_permission(self, browser):
self.login(self.workspace_member, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace.absolute_url() + '/manage-participants/add',
data={'userid': self.regular_user.getId(),
'role': 'WorkspaceAdmin',
'_authenticator': createToken()})
def test_reopen_agenda_item(self, browser):
proposal = create(Builder('proposal')
.within(self.dossier)
.having(committee=self.committee.load_model())
.as_submitted())
proposal.load_model().workflow_state = 'decided'
item = create(Builder('agenda_item').having(
title=u'foo',
meeting=self.meeting,
workflow_state='decided',
proposal=proposal.load_model()))
browser.login().open(
self.meeting_wrapper,
view='agenda_items/{}/reopen'.format(item.agenda_item_id),
data={'_authenticator': createToken()})
self.assertEquals(AgendaItem.STATE_REVISION,
AgendaItem.query.first().get_state())
self.assertEquals(Proposal.STATE_DECIDED,
Proposal.query.first().get_state())
self.assertEquals([{u'message': u'Agenda Item successfully reopened.',
u'messageClass': u'info',
u'messageTitle': u'Information'}],
browser.json.get('messages'))
def test_multi_checkin_shows_message_when_no_documents_are_selected(self, browser):
self.login(self.regular_user, browser)
browser.open(
self.dossier,
data={
'paths': [],
'checkin_without_comment:method': 1,
'_authenticator': createToken(),
},
)
self.assertEquals(
['You have not selected any documents.'],
error_messages(),
)
redirect_target_url = ''.join((
self.dossier.absolute_url(),
'#documents'
))
self.assertEquals(
redirect_target_url,
browser.url,
)
browser.open(
self.dossier,
data={
'paths': [],
'checkin_documents:method': 1,
'_authenticator': createToken(),
},
)
browser.click_on('Checkin')
self.assertEquals(
['You have not selected any documents.'],
error_messages(),
)
self.assertIn(
redirect_target_url,
browser.url,
)
def test_current_user_cannot_remove_its_local_roles(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace.absolute_url() + '/manage-participants/delete',
data={'token': self.workspace_admin.getId(),
'type': 'user',
'_authenticator': createToken()})
def test_redirects_to_document_itself_when_view_is_called_on_a_document(self, browser):
doc = create(Builder('document').within(self.dossier).checked_out())
browser.login().open(doc, {'_authenticator': createToken()},
view='cancel_document_checkouts', )
self.assertEquals(doc, browser.context)
self.assertEquals([u'Cancel checkout: Testdokum\xe4nt'],
info_messages())
def test_do_not_allow_modifying_the_WorkspaceOwnerRole(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
data={'token': self.workspace_owner.getId(),
'type': 'user',
'role': 'WorkspaceAdmin',
'_authenticator': createToken()})
def test_browser_revert_view_raises_unauthorized_when_revert_disallowed(self, browser):
self.manager.checkout()
transaction.commit()
with browser.expect_unauthorized():
browser.login().open(
self.document,
view='revert-file-to-version?version_id=2&_authenticator={}'
.format(createToken()))
def test_cannot_accept_invitation_of_other_users(self, browser):
self.login(self.workspace_admin, browser=browser)
foreign_iid = tuple(self.storage.iter_invitions_for_context(
self.workspace))[0]['iid']
with browser.expect_http_error(400):
browser.open(self.workspace_root.absolute_url() + '/my-invitations/accept',
data={'iid': foreign_iid,
'_authenticator': createToken()})
def test_can_only_modify_workspace_roles(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(403):
browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
data={'token': self.regular_user.getId(),
'role': 'Contributor',
'type': 'user',
'_authenticator': createToken()})
def test_cannot_modify_inexisting_user(self, browser):
self.login(self.workspace_admin, browser=browser)
with browser.expect_http_error(400):
browser.open(self.workspace.absolute_url() + '/manage-participants/modify',
data={'token': self.regular_user.getId(),
'role': 'WorkspaceMember',
'type': 'user',
'_authenticator': createToken()})
def test_decide_ad_hoc_agenda_item_generates_numbers(self, browser):
self.login(self.committee_responsible, browser)
agenda_item = self.schedule_ad_hoc(self.meeting, 'Gugus')
browser.open(self.agenda_item_url(agenda_item, 'decide'),
data={'_authenticator': createToken()})
self.assertEqual(2, agenda_item.decision_number)
self.assertEqual(2, self.meeting.model.meeting_number)
def test_shows_message_when_checkout_cant_be_cancelled(self, browser):
doc = create(Builder('document').within(self.dossier))
browser.login().open(doc, {'_authenticator': createToken()},
view='cancel_document_checkouts', )
self.assertEquals(
[u'Could not cancel checkout on document Testdokum\xe4nt.'],
error_messages())
