[ADD] demonstrate broken handling of rules access denial in new API

2014-07-11 12:42:07 +02:00 · 2014-07-11 12:42:07 +02:00 · d5eda984c9
parent 6014d44b2b
commit d5eda984c9
6 changed files with 50 additions and 0 deletions
--- a/openerp/addons/test_access_rights/init.py
+++ b/openerp/addons/test_access_rights/init.py
@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+import models
--- a/openerp/addons/test_access_rights/openerp.py
+++ b/openerp/addons/test_access_rights/openerp.py
@ -0,0 +1,6 @@
+{
+    'name': 'test of access rights and rules',
+    'description': "Testing of access restrictions",
+    'version': '0.0.1',
+    'data': ['ir.model.access.csv'],
+}
--- a/openerp/addons/test_access_rights/ir.model.access.csv
+++ b/openerp/addons/test_access_rights/ir.model.access.csv
@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_test_access_right_some_obj,access_test_access_right_some_obj,model_test_access_right_some_obj,,1,1,1,1
--- a/openerp/addons/test_access_rights/models.py
+++ b/openerp/addons/test_access_rights/models.py
@ -0,0 +1,6 @@
+from openerp import fields, models
+
+class SomeObj(models.Model):
+    _name = 'test_access_right.some_obj'
+
+    val = fields.Integer()
--- a/openerp/addons/test_access_rights/tests/init.py
+++ b/openerp/addons/test_access_rights/tests/init.py
@ -0,0 +1 @@
+import test_ir_rules
--- a/openerp/addons/test_access_rights/tests/test_ir_rules.py
+++ b/openerp/addons/test_access_rights/tests/test_ir_rules.py
@ -0,0 +1,33 @@
+import openerp.exceptions
+from openerp.tests.common import TransactionCase
+
+class TestRules(TransactionCase):
+    def setUp(self):
+        super(TestRules, self).setUp()
+
+        self.id1 = self.env['test_access_right.some_obj']\
+            .create({'val': 1}).id
+        self.id2 = self.env['test_access_right.some_obj']\
+            .create({'val': -1}).id
+        # create a global rule forbidding access to records with a negative
+        # (or zero) val
+        self.env['ir.rule'].create({
+            'name': 'Forbid negatives',
+            'model_id': self.browse_ref('test_access_rights.model_test_access_right_some_obj').id,
+            'domain_force': "[('val', '>', 0)]"
+        })
+
+    def test_basic_access(self):
+        env = self.env(user=self.browse_ref('base.public_user'))
+
+        # put forbidden record in cache
+        browse2 = env['test_access_right.some_obj'].browse(self.id2)
+        # this is the one we want
+        browse1 = env['test_access_right.some_obj'].browse(self.id1)
+
+        # this should not blow up
+        self.assertEqual(browse1.val, 1)
+
+        # but this should
+        with self.assertRaises(openerp.exceptions.AccessError):
+            self.assertEqual(browse2.val, -1)