From 9a36fd2f79b87858fd23df2dd30fbe13b1f58aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thibault=20Delavall=C3=A9e?= Date: Fri, 12 Apr 2013 17:12:36 +0200 Subject: [PATCH] [TEST] portal_project_issue: added tests for access rights. bzr revid: tde@openerp.com-20130412151236-5jqcd5698soj2b4s --- .../tests/test_access_rights.py | 2 +- addons/portal_project_issue/tests/__init__.py | 28 +++ .../tests/test_access_rights.py | 210 ++++++++++++++++++ 3 files changed, 239 insertions(+), 1 deletion(-) create mode 100644 addons/portal_project_issue/tests/__init__.py create mode 100644 addons/portal_project_issue/tests/test_access_rights.py diff --git a/addons/portal_project/tests/test_access_rights.py b/addons/portal_project/tests/test_access_rights.py index 5e177283faa..a7d56cb3895 100644 --- a/addons/portal_project/tests/test_access_rights.py +++ b/addons/portal_project/tests/test_access_rights.py @@ -90,7 +90,7 @@ class TestPortalProject(common.TransactionCase): # Test 'Pigs' project self.project_pigs_id = self.project_project.create(cr, uid, - {'name': 'Pigs', 'alias_contact': 'everyone', 'privacy_visibility': 'public'}, + {'name': 'Pigs', 'privacy_visibility': 'public'}, {'mail_create_nolog': True}) # Various test tasks self.task_1_id = self.project_task.create(cr, uid, diff --git a/addons/portal_project_issue/tests/__init__.py b/addons/portal_project_issue/tests/__init__.py new file mode 100644 index 00000000000..fa5b47ac535 --- /dev/null +++ b/addons/portal_project_issue/tests/__init__.py @@ -0,0 +1,28 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Business Applications +# Copyright (c) 2013-TODAY OpenERP S.A. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## + +from . import test_access_rights + +checks = [ + test_access_rights, +] + +# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: diff --git a/addons/portal_project_issue/tests/test_access_rights.py b/addons/portal_project_issue/tests/test_access_rights.py new file mode 100644 index 00000000000..288c0423705 --- /dev/null +++ b/addons/portal_project_issue/tests/test_access_rights.py @@ -0,0 +1,210 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# OpenERP, Open Source Business Applications +# Copyright (c) 2013-TODAY OpenERP S.A. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## + +from openerp.addons.portal_project.tests.test_access_rights import TestPortalProject +from openerp.osv.orm import except_orm +from openerp.tools import mute_logger + + +class TestPortalIssueProject(TestPortalProject): + + def setUp(self): + super(TestPortalIssueProject, self).setUp() + cr, uid = self.cr, self.uid + + # Useful models + self.project_issue = self.registry('project.issue') + + # Various test issues + self.issue_1_id = self.project_issue.create(cr, uid, + {'name': 'Test1', 'user_id': False, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + self.issue_2_id = self.project_issue.create(cr, uid, + {'name': 'Test2', 'user_id': False, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + self.issue_3_id = self.project_issue.create(cr, uid, + {'name': 'Test3', 'user_id': False, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + self.issue_4_id = self.project_issue.create(cr, uid, + {'name': 'Test4', 'user_id': self.user_alfred_id, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + self.issue_5_id = self.project_issue.create(cr, uid, + {'name': 'Test5', 'user_id': self.user_chell_id, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + self.issue_6_id = self.project_issue.create(cr, uid, + {'name': 'Test6', 'user_id': self.user_donovan_id, 'project_id': self.project_pigs_id}, + {'mail_create_nolog': True}) + + @mute_logger('openerp.addons.base.ir.ir_model', 'openerp.osv.orm') + def test_00_project_access_rights(self): + """ Test basic project access rights, for project and portal_project """ + cr, uid, pigs_id = self.cr, self.uid, self.project_pigs_id + + # ---------------------------------------- + # CASE1: public project + # ---------------------------------------- + + # Do: Alfred reads project -> ok (employee ok public) + self.project_project.read(cr, self.user_alfred_id, pigs_id, ['name']) + # Test: all project issues visible + issue_ids = self.project_issue.search(cr, self.user_alfred_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_1_id, self.issue_2_id, self.issue_3_id, self.issue_4_id, self.issue_5_id, self.issue_6_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: project user cannot see all issues of a public project') + # Test: all project issues readable + self.project_issue.read(cr, self.user_alfred_id, issue_ids, ['name']) + # Test: all project issues writable + self.project_issue.write(cr, self.user_alfred_id, issue_ids, {'description': 'TestDescription'}) + + # Do: Bert reads project -> crash, no group + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_bert_id, pigs_id, ['name']) + # Test: no project issue visible + self.assertRaises(except_orm, self.project_issue.search, + cr, self.user_bert_id, [('project_id', '=', pigs_id)]) + # Test: no project issue readable + self.assertRaises(except_orm, self.project_issue.read, + cr, self.user_bert_id, issue_ids, ['name']) + # Test: no project issue writable + self.assertRaises(except_orm, self.project_issue.write, + cr, self.user_bert_id, issue_ids, {'description': 'TestDescription'}) + + # Do: Chell reads project -> ok (portal ok public) + self.project_project.read(cr, self.user_chell_id, pigs_id, ['name']) + # Test: all project issues visible + issue_ids = self.project_issue.search(cr, self.user_chell_id, [('project_id', '=', pigs_id)]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: project user cannot see all issues of a public project') + # Test: all project issues readable + self.project_issue.read(cr, self.user_chell_id, issue_ids, ['name']) + # Test: no project issue writable + self.assertRaises(except_orm, self.project_issue.write, + cr, self.user_chell_id, issue_ids, {'description': 'TestDescription'}) + + # Do: Donovan reads project -> ok (anonymous ok public) + self.project_project.read(cr, self.user_donovan_id, pigs_id, ['name']) + # Test: no project issue visible (no read on project.issue) + self.assertRaises(except_orm, self.project_issue.search, + cr, self.user_donovan_id, [('project_id', '=', pigs_id)]) + + # ---------------------------------------- + # CASE2: portal project + # ---------------------------------------- + self.project_project.write(cr, uid, [pigs_id], {'privacy_visibility': 'portal'}) + + # Do: Alfred reads project -> ok (employee ok public) + self.project_project.read(cr, self.user_alfred_id, pigs_id, ['name']) + # Test: all project issues visible + issue_ids = self.project_issue.search(cr, self.user_alfred_id, [('project_id', '=', pigs_id)]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: project user cannot see all issues of a portal project') + + # Do: Bert reads project -> crash, no group + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_bert_id, pigs_id, ['name']) + # Test: no project issue searchable + self.assertRaises(except_orm, self.project_issue.search, + cr, self.user_bert_id, [('project_id', '=', pigs_id)]) + + # Data: issue follower + self.project_issue.message_subscribe_users(cr, self.user_alfred_id, [self.issue_1_id, self.issue_3_id], [self.user_chell_id]) + + # Do: Chell reads project -> ok (portal ok public) + self.project_project.read(cr, self.user_chell_id, pigs_id, ['name']) + # Test: only followed project issues visible + assigned + issue_ids = self.project_issue.search(cr, self.user_chell_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_1_id, self.issue_3_id, self.issue_5_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: portal user should see the followed issues of a portal project') + + # Data: issue follower cleaning + self.project_issue.message_unsubscribe_users(cr, self.user_alfred_id, [self.issue_1_id, self.issue_3_id], [self.user_chell_id]) + + # ---------------------------------------- + # CASE3: employee project + # ---------------------------------------- + self.project_project.write(cr, uid, [pigs_id], {'privacy_visibility': 'employees'}) + + # Do: Alfred reads project -> ok (employee ok employee) + self.project_project.read(cr, self.user_alfred_id, pigs_id, ['name']) + # Test: all project issues visible + issue_ids = self.project_issue.search(cr, self.user_alfred_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_1_id, self.issue_2_id, self.issue_3_id, self.issue_4_id, self.issue_5_id, self.issue_6_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: project user cannot see all issues of an employees project') + + # Do: Bert reads project -> crash, no group + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_bert_id, pigs_id, ['name']) + + # Do: Chell reads project -> ko (portal ko employee) + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_chell_id, pigs_id, ['name']) + # Test: no project issue visible + assigned + issue_ids = self.project_issue.search(cr, self.user_chell_id, [('project_id', '=', pigs_id)]) + self.assertFalse(issue_ids, 'access rights: portal user should not see issues of an employees project, even if assigned') + + # ---------------------------------------- + # CASE4: followers project + # ---------------------------------------- + self.project_project.write(cr, uid, [pigs_id], {'privacy_visibility': 'followers'}) + + # Do: Alfred reads project -> ko (employee ko followers) + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_alfred_id, pigs_id, ['name']) + # Test: no project issue visible + issue_ids = self.project_issue.search(cr, self.user_alfred_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_4_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: employee user should not see issues of a not-followed followers project, only assigned') + + # Do: Bert reads project -> crash, no group + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_bert_id, pigs_id, ['name']) + + # Do: Chell reads project -> ko (portal ko employee) + self.assertRaises(except_orm, self.project_project.read, + cr, self.user_chell_id, pigs_id, ['name']) + # Test: no project issue visible + issue_ids = self.project_issue.search(cr, self.user_chell_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_5_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: portal user should not see issues of a not-followed followers project, only assigned') + + # Data: subscribe Alfred, Chell and Donovan as follower + self.project_project.message_subscribe_users(cr, uid, [pigs_id], [self.user_alfred_id, self.user_chell_id, self.user_donovan_id]) + self.project_issue.message_subscribe_users(cr, self.user_alfred_id, [self.issue_1_id, self.issue_3_id], [self.user_chell_id, self.user_alfred_id]) + + # Do: Alfred reads project -> ok (follower ok followers) + self.project_project.read(cr, self.user_alfred_id, pigs_id, ['name']) + # Test: followed + assigned issues visible + issue_ids = self.project_issue.search(cr, self.user_alfred_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_1_id, self.issue_3_id, self.issue_4_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: employee user should not see followed + assigned issues of a follower project') + + # Do: Chell reads project -> ok (follower ok follower) + self.project_project.read(cr, self.user_chell_id, pigs_id, ['name']) + # Test: followed + assigned issues visible + issue_ids = self.project_issue.search(cr, self.user_chell_id, [('project_id', '=', pigs_id)]) + test_issue_ids = set([self.issue_1_id, self.issue_3_id, self.issue_5_id]) + self.assertEqual(set(issue_ids), test_issue_ids, + 'access rights: employee user should not see followed + assigned issues of a follower project')