Assigning the 'Reply to item' permission to the 'Authenticated' role. The old commenting system allowed 'Authenticated' users to post comments. Also, OpenID users do not possess the 'Authenticated' role. Refs #9288

svn path=/plone.app.discussion/trunk/; revision=46230
This commit is contained in:
Timo Stollenwerk 2010-12-10 08:57:35 +00:00
parent 585460b95f
commit 54af7d3fa1
2 changed files with 36 additions and 1 deletions

View File

@ -5,5 +5,8 @@
<role name="Manager"/>
<role name="Reviewer"/>
</permission>
<permission name="Reply to item" acquire="False">
<role name="Authenticated"/>
</permission>
</permissions>
</rolemap>

View File

@ -1,4 +1,6 @@
# -*- coding: utf-8 -*-
"""Test plone.app.discussion workflow and permissions.
"""
import unittest
from zope.component import createObject
@ -17,7 +19,7 @@ from plone.app.discussion.interfaces import IConversation, IDiscussionLayer
class WorkflowSetupTest(PloneTestCase):
"""Make sure workflow and permissions are set up properly.
"""Make sure the workflows are set up properly.
"""
layer = DiscussionLayer
@ -58,6 +60,36 @@ class WorkflowSetupTest(PloneTestCase):
def test_reply_to_item_permission(self):
pass
class PermissionsSetupTest(PloneTestCase):
"""Make sure the permissions are set up properly.
"""
layer = DiscussionLayer
def afterSetUp(self):
portal = self.portal
mtool = self.portal.portal_membership
self.checkPermission = mtool.checkPermission
def test_reply_to_item_permission_assigned(self):
"""Make sure the 'Reply to item' permission is properly assigned.
By default this permission is assigned to 'Member' and 'Manager'.
plone.app.discussion assigns this permission to 'Authenticated' as
well to emulate the behavior of the old commenting system.
"""
ReplyToItemPerm = "Reply to item"
# should be allowed as Member
self.failUnless(self.checkPermission(ReplyToItemPerm, self.portal))
# should be allowed as Authenticated
self.setRoles(['Authenticated'])
self.failUnless(self.checkPermission(ReplyToItemPerm, self.portal))
# should be allowed as Manager
self.setRoles(['Manager'])
self.failUnless(self.checkPermission(ReplyToItemPerm, self.portal))
# should not be allowed as anonymous
self.logout()
self.failIf(self.checkPermission(ReplyToItemPerm, self.portal))
class CommentOneStateWorkflowTest(PloneTestCase):
"""Test the one_state_workflow that ships with plone.app.discussion.