Back to index

plone3  3.1.7
testCutPasteSecurity.py
Go to the documentation of this file.
00001 #
00002 # Tests security of cut/paste operations
00003 #
00004 
00005 from Products.CMFPlone.tests import PloneTestCase
00006 
00007 from AccessControl import Unauthorized
00008 from OFS.CopySupport import CopyError
00009 from Acquisition import aq_base
00010 import transaction
00011 
00012 
00013 class TestCutPasteSecurity(PloneTestCase.PloneTestCase):
00014 
00015     def afterSetUp(self):
00016         self.portal.acl_users._doAddUser('user1', 'secret', ['Member'], [])
00017         self.portal.acl_users._doAddUser('user2', 'secret', ['Member'], [])
00018         self.membership = self.portal.portal_membership
00019         self.createMemberarea('user1')
00020         self.createMemberarea('user2')
00021 
00022     def testRenameMemberContent(self):
00023         self.login('user1')
00024         folder = self.membership.getHomeFolder('user1')
00025         folder.invokeFactory('Document', id='testrename')
00026 
00027         # We need to commit here so that _p_jar isn't None and move
00028         # will work
00029         transaction.savepoint(optimistic=True)
00030         folder.manage_renameObject('testrename', 'new')
00031         self.failIf(hasattr(aq_base(folder), 'testrename'))
00032         self.failUnless(hasattr(aq_base(folder), 'new'))
00033 
00034     def testRenameOtherMemberContentFails(self):
00035         self.login('user1')
00036         src = self.membership.getHomeFolder('user1')
00037         src.invokeFactory('Document', id='testrename')
00038 
00039         self.login('user2')
00040         folder = self.membership.getHomeFolder('user1')
00041         self.assertRaises(CopyError, folder.manage_renameObject, 'testrename', 'bad')
00042 
00043     def testCopyMemberContent(self):
00044         self.login('user1')
00045         src = self.membership.getHomeFolder('user1')
00046         src.invokeFactory('Document', id='testcopy')
00047         src.invokeFactory('Folder', id='dest')
00048         dest = src.dest
00049         dest.manage_pasteObjects(src.manage_copyObjects('testcopy'))
00050 
00051         # After a copy/paste, they should *both* have a copy
00052         self.failUnless(hasattr(aq_base(src), 'testcopy'))
00053         self.failUnless(hasattr(aq_base(dest), 'testcopy'))
00054 
00055     def testCopyOtherMemberContent(self):
00056         self.login('user1')
00057         src = self.membership.getHomeFolder('user1')
00058         src.invokeFactory('Document', id='testcopy')
00059 
00060         self.login('user2')
00061         dest = self.membership.getHomeFolder('user2')
00062         dest.manage_pasteObjects(src.manage_copyObjects('testcopy'))
00063         # After a copy/paste, they should *both* have a copy
00064         self.failUnless(hasattr(aq_base(src), 'testcopy'))
00065         self.failUnless(hasattr(aq_base(dest), 'testcopy'))
00066 
00067     def testCutMemberContent(self):
00068         self.login('user1')
00069         src = self.membership.getHomeFolder('user1')
00070         src.invokeFactory('Document', id='testcut')
00071 
00072         # We need to commit here so that _p_jar isn't None and move
00073         # will work
00074         transaction.savepoint(optimistic=True)
00075 
00076         src.invokeFactory('Folder', id='dest')
00077         dest = src.dest
00078         dest.manage_pasteObjects(src.manage_cutObjects('testcut'))
00079 
00080         # After a cut/paste, only destination has a copy
00081         self.failIf(hasattr(aq_base(src), 'testcut'))
00082         self.failUnless(hasattr(aq_base(dest), 'testcut'))
00083 
00084     def testCutOtherMemberContent(self):
00085         self.login('user1')
00086         src = self.membership.getHomeFolder('user1')
00087         src.invokeFactory('Document', id='testcut')
00088 
00089         # We need to commit here so that _p_jar isn't None and move
00090         # will work
00091         transaction.savepoint(optimistic=True)
00092 
00093         self.login('user2')
00094         self.assertRaises(Unauthorized, src.restrictedTraverse, 'manage_cutObjects')
00095 
00096     def test_Bug2183_PastingIntoFolderFailsForNotAllowedContentTypes(self):
00097         # Test fix for http://dev.plone.org/plone/ticket/2183
00098         # The fix itself is in CMFCore.PortalFolder, not Plone
00099 
00100         # add the document to be copy and pasted later
00101         self.folder.invokeFactory('Document', 'doc')
00102 
00103         # add the folder where we try to paste the document later
00104         self.folder.invokeFactory('Folder', 'subfolder')
00105         subfolder = self.folder.subfolder
00106 
00107         # now disallow adding Document globaly
00108         types = self.portal.portal_types
00109         types.Document.manage_changeProperties(global_allow=0)
00110 
00111         # copy and pasting the object into the subfolder should raise
00112         # a ValueError.
00113         self.assertRaises(
00114             ValueError,
00115             subfolder.manage_pasteObjects,
00116             self.folder.manage_copyObjects(ids=['doc'])
00117         )
00118 
00119     def test_Bug2183_PastingIntoPortalFailsForNotAllowedContentTypes(self):
00120         # Test fix for http://dev.plone.org/plone/ticket/2183
00121         # The fix itself is in CMFCore.PortalFolder, not Plone
00122 
00123         # add the document to be copy and pasted later
00124         self.folder.invokeFactory('Document', 'doc')
00125 
00126         # now disallow adding Document globaly
00127         types = self.portal.portal_types
00128         types.Document.manage_changeProperties(global_allow=0)
00129 
00130         # need to be manager to paste into portal
00131         self.setRoles(['Manager'])
00132 
00133         # copy and pasting the object into the portal should raise
00134         # a ValueError.
00135         self.assertRaises(
00136             ValueError,
00137             self.portal.manage_pasteObjects,
00138             self.folder.manage_copyObjects(ids=['doc'])
00139         )
00140 
00141 
00142 def test_suite():
00143     from unittest import TestSuite, makeSuite
00144     suite = TestSuite()
00145     suite.addTest(makeSuite(TestCutPasteSecurity))
00146     return suite