382 |
382 |
383 def test_attribute_security_rqlexpr(self): |
383 def test_attribute_security_rqlexpr(self): |
384 # Note.para attribute editable by managers or if the note is in "todo" state |
384 # Note.para attribute editable by managers or if the note is in "todo" state |
385 note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
385 note = self.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
386 self.commit() |
386 self.commit() |
387 note.fire_transition('markasdone') |
387 note.cw_adapt_to('IWorkflowable').fire_transition('markasdone') |
388 self.execute('SET X para "truc" WHERE X eid %(x)s', {'x': note.eid}) |
388 self.execute('SET X para "truc" WHERE X eid %(x)s', {'x': note.eid}) |
389 self.commit() |
389 self.commit() |
390 cnx = self.login('iaminusersgrouponly') |
390 cnx = self.login('iaminusersgrouponly') |
391 cu = cnx.cursor() |
391 cu = cnx.cursor() |
392 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note.eid}) |
392 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note.eid}) |
393 self.assertRaises(Unauthorized, cnx.commit) |
393 self.assertRaises(Unauthorized, cnx.commit) |
394 note2 = cu.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
394 note2 = cu.execute("INSERT Note X: X para 'bidule'").get_entity(0, 0) |
395 cnx.commit() |
395 cnx.commit() |
396 note2.fire_transition('markasdone') |
396 note2.cw_adapt_to('IWorkflowable').fire_transition('markasdone') |
397 cnx.commit() |
397 cnx.commit() |
398 self.assertEquals(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s', {'x': note2.eid})), |
398 self.assertEquals(len(cu.execute('Any X WHERE X in_state S, S name "todo", X eid %(x)s', {'x': note2.eid})), |
399 0) |
399 0) |
400 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}) |
400 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}) |
401 self.assertRaises(Unauthorized, cnx.commit) |
401 self.assertRaises(Unauthorized, cnx.commit) |
402 note2.fire_transition('redoit') |
402 note2.cw_adapt_to('IWorkflowable').fire_transition('redoit') |
403 cnx.commit() |
403 cnx.commit() |
404 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}) |
404 cu.execute("SET X para 'chouette' WHERE X eid %(x)s", {'x': note2.eid}) |
405 cnx.commit() |
405 cnx.commit() |
406 |
406 |
407 def test_attribute_read_security(self): |
407 def test_attribute_read_security(self): |
433 cu.execute('INSERT Societe X: X nom "ARCTIA"') |
433 cu.execute('INSERT Societe X: X nom "ARCTIA"') |
434 cu.execute('INSERT Affaire X: X ref "ARCT01", X concerne S WHERE S nom "ARCTIA"') |
434 cu.execute('INSERT Affaire X: X ref "ARCT01", X concerne S WHERE S nom "ARCTIA"') |
435 cnx.commit() |
435 cnx.commit() |
436 self.restore_connection() |
436 self.restore_connection() |
437 affaire = self.execute('Any X WHERE X ref "ARCT01"').get_entity(0, 0) |
437 affaire = self.execute('Any X WHERE X ref "ARCT01"').get_entity(0, 0) |
438 affaire.fire_transition('abort') |
438 affaire.cw_adapt_to('IWorkflowable').fire_transition('abort') |
439 self.commit() |
439 self.commit() |
440 self.assertEquals(len(self.execute('TrInfo X WHERE X wf_info_for A, A ref "ARCT01"')), |
440 self.assertEquals(len(self.execute('TrInfo X WHERE X wf_info_for A, A ref "ARCT01"')), |
441 1) |
441 1) |
442 self.assertEquals(len(self.execute('TrInfo X WHERE X wf_info_for A, A ref "ARCT01",' |
442 self.assertEquals(len(self.execute('TrInfo X WHERE X wf_info_for A, A ref "ARCT01",' |
443 'X owned_by U, U login "admin"')), |
443 'X owned_by U, U login "admin"')), |
535 self.assertRaises(Unauthorized, |
535 self.assertRaises(Unauthorized, |
536 self.schema['Affaire'].check_perm, session, 'update', eid=eid) |
536 self.schema['Affaire'].check_perm, session, 'update', eid=eid) |
537 cu = cnx.cursor() |
537 cu = cnx.cursor() |
538 self.schema['Affaire'].set_action_permissions('read', ('users',)) |
538 self.schema['Affaire'].set_action_permissions('read', ('users',)) |
539 aff = cu.execute('Any X WHERE X ref "ARCT01"').get_entity(0, 0) |
539 aff = cu.execute('Any X WHERE X ref "ARCT01"').get_entity(0, 0) |
540 aff.fire_transition('abort') |
540 aff.cw_adapt_to('IWorkflowable').fire_transition('abort') |
541 cnx.commit() |
541 cnx.commit() |
542 # though changing a user state (even logged user) is reserved to managers |
542 # though changing a user state (even logged user) is reserved to managers |
543 user = cnx.user(self.session) |
543 user = cnx.user(self.session) |
544 # XXX wether it should raise Unauthorized or ValidationError is not clear |
544 # XXX wether it should raise Unauthorized or ValidationError is not clear |
545 # the best would probably ValidationError if the transition doesn't exist |
545 # the best would probably ValidationError if the transition doesn't exist |
546 # from the current state but Unauthorized if it exists but user can't pass it |
546 # from the current state but Unauthorized if it exists but user can't pass it |
547 self.assertRaises(ValidationError, user.fire_transition, 'deactivate') |
547 self.assertRaises(ValidationError, |
|
548 user.cw_adapt_to('IWorkflowable').fire_transition, 'deactivate') |
548 finally: |
549 finally: |
549 # restore orig perms |
550 # restore orig perms |
550 for action, perms in affaire_perms.iteritems(): |
551 for action, perms in affaire_perms.iteritems(): |
551 self.schema['Affaire'].set_action_permissions(action, perms) |
552 self.schema['Affaire'].set_action_permissions(action, perms) |
552 |
553 |
553 def test_trinfo_security(self): |
554 def test_trinfo_security(self): |
554 aff = self.execute('INSERT Affaire X: X ref "ARCT01"').get_entity(0, 0) |
555 aff = self.execute('INSERT Affaire X: X ref "ARCT01"').get_entity(0, 0) |
555 self.commit() |
556 iworkflowable = aff.cw_adapt_to('IWorkflowable') |
556 aff.fire_transition('abort') |
557 self.commit() |
|
558 iworkflowable.fire_transition('abort') |
557 self.commit() |
559 self.commit() |
558 # can change tr info comment |
560 # can change tr info comment |
559 self.execute('SET TI comment %(c)s WHERE TI wf_info_for X, X ref "ARCT01"', |
561 self.execute('SET TI comment %(c)s WHERE TI wf_info_for X, X ref "ARCT01"', |
560 {'c': u'bouh!'}) |
562 {'c': u'bouh!'}) |
561 self.commit() |
563 self.commit() |
562 aff.clear_related_cache('wf_info_for', 'object') |
564 aff.clear_related_cache('wf_info_for', 'object') |
563 trinfo = aff.latest_trinfo() |
565 trinfo = iworkflowable.latest_trinfo() |
564 self.assertEquals(trinfo.comment, 'bouh!') |
566 self.assertEquals(trinfo.comment, 'bouh!') |
565 # but not from_state/to_state |
567 # but not from_state/to_state |
566 aff.clear_related_cache('wf_info_for', role='object') |
568 aff.clear_related_cache('wf_info_for', role='object') |
567 self.assertRaises(Unauthorized, |
569 self.assertRaises(Unauthorized, |
568 self.execute, 'SET TI from_state S WHERE TI eid %(ti)s, S name "ben non"', |
570 self.execute, 'SET TI from_state S WHERE TI eid %(ti)s, S name "ben non"', |