[ADD] demonstrate broken handling of rules access denial in new API
This commit is contained in:
parent
6014d44b2b
commit
d5eda984c9
|
@ -0,0 +1,2 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
import models
|
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
'name': 'test of access rights and rules',
|
||||||
|
'description': "Testing of access restrictions",
|
||||||
|
'version': '0.0.1',
|
||||||
|
'data': ['ir.model.access.csv'],
|
||||||
|
}
|
|
@ -0,0 +1,2 @@
|
||||||
|
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
|
||||||
|
access_test_access_right_some_obj,access_test_access_right_some_obj,model_test_access_right_some_obj,,1,1,1,1
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
from openerp import fields, models
|
||||||
|
|
||||||
|
class SomeObj(models.Model):
|
||||||
|
_name = 'test_access_right.some_obj'
|
||||||
|
|
||||||
|
val = fields.Integer()
|
|
@ -0,0 +1 @@
|
||||||
|
import test_ir_rules
|
|
@ -0,0 +1,33 @@
|
||||||
|
import openerp.exceptions
|
||||||
|
from openerp.tests.common import TransactionCase
|
||||||
|
|
||||||
|
class TestRules(TransactionCase):
|
||||||
|
def setUp(self):
|
||||||
|
super(TestRules, self).setUp()
|
||||||
|
|
||||||
|
self.id1 = self.env['test_access_right.some_obj']\
|
||||||
|
.create({'val': 1}).id
|
||||||
|
self.id2 = self.env['test_access_right.some_obj']\
|
||||||
|
.create({'val': -1}).id
|
||||||
|
# create a global rule forbidding access to records with a negative
|
||||||
|
# (or zero) val
|
||||||
|
self.env['ir.rule'].create({
|
||||||
|
'name': 'Forbid negatives',
|
||||||
|
'model_id': self.browse_ref('test_access_rights.model_test_access_right_some_obj').id,
|
||||||
|
'domain_force': "[('val', '>', 0)]"
|
||||||
|
})
|
||||||
|
|
||||||
|
def test_basic_access(self):
|
||||||
|
env = self.env(user=self.browse_ref('base.public_user'))
|
||||||
|
|
||||||
|
# put forbidden record in cache
|
||||||
|
browse2 = env['test_access_right.some_obj'].browse(self.id2)
|
||||||
|
# this is the one we want
|
||||||
|
browse1 = env['test_access_right.some_obj'].browse(self.id1)
|
||||||
|
|
||||||
|
# this should not blow up
|
||||||
|
self.assertEqual(browse1.val, 1)
|
||||||
|
|
||||||
|
# but this should
|
||||||
|
with self.assertRaises(openerp.exceptions.AccessError):
|
||||||
|
self.assertEqual(browse2.val, -1)
|
Loading…
Reference in New Issue