Back to index

plone3  3.1.7
testContentSecurity.py
Go to the documentation of this file.
00001 #
00002 # Tests content security
00003 #
00004 
00005 from Products.CMFPlone.tests import PloneTestCase
00006 
00007 from AccessControl import Unauthorized
00008 from Acquisition import aq_base
00009 
00010 
00011 class TestContentSecurity(PloneTestCase.PloneTestCase):
00012 
00013     def afterSetUp(self):
00014         self.portal.acl_users._doAddUser('user1', 'secret', ['Member'], [])
00015         self.portal.acl_users._doAddUser('user2', 'secret', ['Member'], [])
00016         #_ender_'s member who's not a Member usecase
00017         self.portal.acl_users._doAddUser('user3', 'secret', [], [])
00018         self.membership = self.portal.portal_membership
00019         self.workflow= self.portal.portal_workflow
00020         self.createMemberarea('user1')
00021         self.createMemberarea('user2')
00022 
00023     def testCreateMemberContent(self):
00024         self.login('user1')
00025         folder = self.membership.getHomeFolder('user1')
00026         folder.invokeFactory('Document', id='new')
00027         self.failUnless(hasattr(aq_base(folder), 'new'))
00028 
00029     def testCreateOtherMemberContentFails(self):
00030         self.login('user1')
00031         folder = self.membership.getHomeFolder('user2')
00032         self.assertRaises(Unauthorized, folder.invokeFactory, 'Document', 'new')
00033 
00034     def testCreateRootContentFails(self):
00035         self.login('user1')
00036         self.assertRaises(Unauthorized, self.portal.invokeFactory, 'Document', 'new')
00037 
00038     def testDeleteMemberContent(self):
00039         self.login('user1')
00040         folder = self.membership.getHomeFolder('user1')
00041         folder.invokeFactory('Document', id='new')
00042         folder.manage_delObjects(['new'])
00043         self.failIf(hasattr(aq_base(folder), 'new'))
00044 
00045     def testDeleteOtherMemberContent(self):
00046         self.login('user1')
00047         folder = self.membership.getHomeFolder('user1')
00048         folder.invokeFactory('Document', id='new')
00049 
00050         self.login('user2')
00051         folder = self.membership.getHomeFolder('user1')
00052         self.assertRaises(Unauthorized, folder.manage_delObjects, ['new'])
00053 
00054     def testCreateWithLocalRole(self):
00055         self.login('user1')
00056         folder = self.membership.getHomeFolder('user1')
00057         folder.manage_addLocalRoles('user2', ('Owner',))
00058         self.login('user2')
00059         # This will raise Unauthorized if the role is not set
00060         folder.invokeFactory('Document', id='new')
00061 
00062     def testCreateFailsWithLocalRoleBlocked(self):
00063         # Ensure that local role blocking works for blocking content creation
00064         self.login('user1')
00065         self.setupAuthenticator()
00066         folder = self.membership.getHomeFolder('user1')
00067         folder.manage_addLocalRoles('user2', ('Owner',))
00068         folder.invokeFactory('Folder', id='subfolder')
00069         #Turn off local role acquisition
00070         self.setRequestMethod('POST')
00071         folder.subfolder.folder_localrole_set(use_acquisition=0)
00072         self.setRequestMethod('GET')
00073         self.login('user2')
00074         # This should now raise Unauthorized
00075         self.assertRaises(Unauthorized, folder.subfolder.invokeFactory, 'Document', 'new')
00076 
00077     def testCreateSucceedsWithLocalRoleBlockedInParentButAssingedInSubFolder(self):
00078         # Make sure that blocking a acquisition in a folder does not interfere
00079         # with assigning a role in subfolders
00080         self.login('user1')
00081         self.setupAuthenticator()
00082         folder = self.membership.getHomeFolder('user1')
00083         folder.manage_addLocalRoles('user2', ('Owner',))
00084         folder.invokeFactory('Folder', id='subfolder')
00085         subfolder = folder.subfolder
00086         #Turn off local role acquisition
00087         self.setRequestMethod('POST')
00088         subfolder.folder_localrole_set(use_acquisition=0)
00089         self.setRequestMethod('GET')
00090         subfolder.invokeFactory('Folder', id='subsubfolder')
00091         subfolder.subsubfolder.manage_addLocalRoles('user2', ('Owner',))
00092         self.login('user2')
00093         # This should not raise Unauthorized
00094         subfolder.subsubfolder.invokeFactory('Document', id='new')
00095 
00096     def testViewAllowedOnContentInAcquisitionBlockedFolder(self):
00097         # Test for http://dev.plone.org/plone/ticket/4055 which seems to be
00098         # invalid
00099         self.login('user1')
00100         self.setupAuthenticator()
00101         folder = self.membership.getHomeFolder('user1')
00102         self.setRequestMethod('POST')
00103         folder.manage_addLocalRoles('user2', ('Owner',))
00104         self.setRequestMethod('GET')
00105         folder.invokeFactory('Folder', id='subfolder')
00106         subfolder = folder.subfolder
00107         self.setRequestMethod('POST')
00108         subfolder.folder_localrole_set(use_acquisition=0)
00109         self.setRequestMethod('GET')
00110         #Turn off local role acquisition
00111         subfolder.invokeFactory('Document', id='new')
00112         subfolder.new.content_status_modify(workflow_action='publish')
00113         subfolder.new.manage_addLocalRoles('user2', ('Member',))
00114         self.login('user2')
00115         # This should not raise Unauthorized
00116         subfolder.new.base_view()
00117 
00118     def testViewAllowedOnContentInPrivateFolder(self):
00119         self.login('user1')
00120         folder = self.membership.getHomeFolder('user1')
00121         folder.content_status_modify(workflow_action='private')
00122         folder.invokeFactory('Document', id='doc1')
00123         doc = folder.doc1
00124         doc.content_status_modify(workflow_action='publish')
00125         doc.manage_addLocalRoles('user2', ('Owner',))
00126         self.login('user2')
00127         # This should not raise Unauthorized
00128         doc.base_view()
00129         # Neither should anonymous
00130         self.logout()
00131         doc.base_view()
00132 
00133     def testViewAllowedOnContentInAcquisitionBlockedFolderWithCustomWorkflow(self):
00134         # Another test for http://dev.plone.org/plone/ticket/4055
00135         # using a paired down version of the custom workflow described therein
00136         # 'Access contents information' must be enabled for Authenticated/
00137         # Anonymous on folders for even simple actions to evaluate properly.
00138 
00139         # Create more private workflow starting with folder_workflow
00140         wf = self.portal.portal_workflow.folder_workflow
00141         visible = wf.states.visible
00142         visible.setPermission('View',0,('Manager','Owner'))
00143         visible.setPermission('Modify portal content',0,('Manager','Owner'))
00144         # Then plone workflow
00145         p_wf = self.portal.portal_workflow.plone_workflow
00146         published = p_wf.states.published
00147         published.setPermission('View',0,('Manager','Member','Owner'))
00148         published.setPermission('Access contents information',0,('Manager','Member','Owner'))
00149         published.setPermission('Modify portal content',0,('Manager','Member','Owner'))
00150         self.portal.portal_workflow.updateRoleMappings()
00151 
00152         self.login('user1')
00153         self.setupAuthenticator()
00154         self.setRequestMethod('POST')
00155         folder = self.membership.getHomeFolder('user1')
00156         self.setRequestMethod('GET')
00157         folder.manage_addLocalRoles('user2', ('Member',))
00158         folder.invokeFactory('Folder', id='subfolder')
00159         subfolder = folder.subfolder
00160         self.setRequestMethod('POST')
00161         subfolder.folder_localrole_set(use_acquisition=0)
00162         self.setRequestMethod('GET')
00163         subfolder.invokeFactory('Document', id='new')
00164         subfolder.new.content_status_modify(workflow_action='publish')
00165         subfolder.new.manage_addLocalRoles('user3', ('Member',))
00166         self.login('user3')
00167         # This shouldn't either, but strangely it never does even if the script
00168         # below, which is called in here, does.  What is wrong here?
00169         try:
00170             subfolder.new.base_view()
00171         except Unauthorized:
00172             self.fail("Could not access base_view on 'new'")
00173         # This should not raise Unauthorized
00174 
00175 
00176 def test_suite():
00177     from unittest import TestSuite, makeSuite
00178     suite = TestSuite()
00179     suite.addTest(makeSuite(TestContentSecurity))
00180     return suite