Add a test for permission Acquisition on comments.

We use a different workflow for comments: The View permission is acquired instead of given explicitly, as outlined in https://dev.plone.org/ticket/12531.
2013-05-08 16:16:04 +02:00 · 2013-05-08 16:16:04 +02:00 · 66d355544f
commit 66d355544f
parent e2a43aefb6
8 changed files with 272 additions and 0 deletions
--- a/plone/app/discussion/testing.py
+++ b/plone/app/discussion/testing.py
@ -35,10 +35,14 @@ class PloneAppDiscussion(PloneSandboxLayer):
        xmlconfig.file('configure.zcml',
                       plone.app.discussion,
                       context=configurationContext)
        xmlconfig.file('configure.zcml',
                       plone.app.discussion.tests,
                       context=configurationContext)
    def setUpPloneSite(self, portal):
        # Install into Plone site using portal_setup
        applyProfile(portal, 'plone.app.discussion:default')
        applyProfile(portal, 'plone.app.discussion.tests:testing')
        # Creates some users
        acl_users = getToolByName(portal, 'acl_users')
--- a/plone/app/discussion/tests/configure.zcml
+++ b/plone/app/discussion/tests/configure.zcml
@ -0,0 +1,16 @@
 <configure
  xmlns="http://namespaces.zope.org/zope"
  xmlns:genericsetup="http://namespaces.zope.org/genericsetup"
  i18n_domain="freitag.discussion">
  <include package="plone.app.dexterity" />
  <genericsetup:registerProfile
    name="testing"
    title="plone.app.discussion.testing"
    directory="profile"
    description="Testing profile for plone.app.discussion"
    provides="Products.GenericSetup.interfaces.EXTENSION"
    />
 </configure>
--- a/plone/app/discussion/tests/profile/types.xml
+++ b/plone/app/discussion/tests/profile/types.xml
@ -0,0 +1,4 @@
 <?xml version="1.0"?>
 <object name="portal_types" meta_type="Plone Types Tool">
  <object name="sample_content_type" meta_type="Dexterity FTI" />
 </object>
--- a/plone/app/discussion/tests/profile/types/sample_content_type.xml
+++ b/plone/app/discussion/tests/profile/types/sample_content_type.xml
@ -0,0 +1,47 @@
 <?xml version="1.0"?>
 <object name="sample_content_type"
   meta_type="Dexterity FTI"
   i18n:domain="freitag.discussion" xmlns:i18n="http://xml.zope.org/namespaces/i18n">
  <!-- Basic metadata -->
  <property name="title" i18n:translate="">sample_content_type</property>
  <property name="description"
    i18n:translate="">Sample Content</property>
  <property name="content_icon">document_icon.png</property>
  <property name="global_allow">True</property>
  <property name="filter_content_types">True</property>
  <property name="allowed_content_types">
  </property>
  <property name="allow_discussion">True</property>
  <property name="klass">plone.dexterity.content.Item</property>
  <property name="add_permission">cmf.AddPortalContent</property>
  <property name="behaviors">
    <element value="plone.app.content.interfaces.INameFromTitle" />
  </property>
  <!-- View information -->
  <property name="default_view">view</property>
  <property name="default_view_fallback">False</property>
  <property name="view_methods">
    <element value="view" />
  </property>
  <!-- Method aliases -->
  <alias from="(Default)" to="(selected layout)" />
  <alias from="edit" to="@@edit" />
  <alias from="sharing" to="@@sharing" />
  <alias from="view" to="@@view" />
  <!-- Actions -->
  <action title="View" action_id="view" category="object" condition_expr=""
    url_expr="string:${object_url}/" visible="True">
    <permission value="View" />
  </action>
  <action title="Edit" action_id="edit" category="object" condition_expr=""
    url_expr="string:${object_url}/edit" visible="True">
    <permission value="Modify portal content" />
  </action>
 </object>
--- a/plone/app/discussion/tests/profile/workflows.xml
+++ b/plone/app/discussion/tests/profile/workflows.xml
@ -0,0 +1,9 @@
 <?xml version="1.0"?>
 <object name="portal_workflow" meta_type="CMF Workflow Tool">
 <object name="comment_workflow_acquired_view" meta_type="Workflow"/>
 <bindings>
  <type type_id="Discussion Item">
   <bound-workflow workflow_id="comment_workflow_acquired_view"/>
  </type>
 </bindings>
 </object>
--- a/plone/app/discussion/tests/profile/workflows/comment_workflow_acquired_view/definition.xml
+++ b/plone/app/discussion/tests/profile/workflows/comment_workflow_acquired_view/definition.xml
@ -0,0 +1,75 @@
 <?xml version="1.0"?>
 <dc-workflow
    workflow_id="comment_workflow_acquired_view"
    title="Single State Workflow"
    description="- Essentially a workflow with no transitions, but has a Published state, so portlets and applications that expect that state will continue to work."
    state_variable="review_state"
    initial_state="published"
    manager_bypass="False">
 <permission>Access contents information</permission>
 <permission>Change portal events</permission>
 <permission>Modify portal content</permission>
 <permission>View</permission>
 <state state_id="published" title="Published">
  <description>Visible to everyone, editable by the owner.</description>
  <permission-map name="Access contents information" acquired="False">
   <permission-role>Anonymous</permission-role>
  </permission-map>
  <permission-map name="Change portal events" acquired="False">
   <permission-role>Editor</permission-role>
   <permission-role>Manager</permission-role>
   <permission-role>Owner</permission-role>
   <permission-role>Site Administrator</permission-role>
  </permission-map>
  <permission-map name="Modify portal content" acquired="False">
   <permission-role>Editor</permission-role>
   <permission-role>Manager</permission-role>
   <permission-role>Owner</permission-role>
   <permission-role>Site Administrator</permission-role>
  </permission-map>
  <permission-map name="View" acquired="True">
  </permission-map>
 </state>
 <variable variable_id="action" for_catalog="False" for_status="True" update_always="True">
  <description>Previous transition</description>
  <default>
   <expression>transition/getId|nothing</expression>
  </default>
  <guard>
  </guard>
 </variable>
 <variable variable_id="actor" for_catalog="False" for_status="True" update_always="True">
  <description>The ID of the user who performed the previous transition</description>
  <default>
   <expression>user/getId</expression>
  </default>
  <guard>
  </guard>
 </variable>
 <variable variable_id="comments" for_catalog="False" for_status="True" update_always="True">
  <description>Comment about the last transition</description>
  <default>
   <expression>python:state_change.kwargs.get('comment', '')</expression>
  </default>
  <guard>
  </guard>
 </variable>
 <variable variable_id="review_history" for_catalog="False" for_status="False" update_always="False">
  <description>Provides access to workflow history</description>
  <default>
   <expression>state_change/getHistory</expression>
  </default>
  <guard>
   <guard-permission>Request review</guard-permission>
   <guard-permission>Review portal content</guard-permission>
  </guard>
 </variable>
 <variable variable_id="time" for_catalog="False" for_status="True" update_always="True">
  <description>When the previous transition was performed</description>
  <default>
   <expression>state_change/getDateTime</expression>
  </default>
  <guard>
  </guard>
 </variable>
 </dc-workflow>
--- a/plone/app/discussion/tests/test_acquisition.py
+++ b/plone/app/discussion/tests/test_acquisition.py
@ -0,0 +1,116 @@
 # -*- coding: utf-8 -*-
 from plone.app.discussion.testing import \
    PLONE_APP_DISCUSSION_INTEGRATION_TESTING
 from plone.app.discussion.interfaces import IConversation
 from plone.app.testing import TEST_USER_ID, setRoles
 from Products.CMFCore.utils import getToolByName
 from zope.component import createObject
 import unittest2 as unittest
 dexterity_type_name = 'sample_content_type'
 dexterity_object_id = 'instance-of-dexterity-type'
 archetypes_object_id = 'instance-of-archetypes-type'
 one_state_workflow = 'one_state_workflow'
 comment_workflow_acquired_view = 'comment_workflow_acquired_view'
 def _anonymousCanView(obj):
    """Use rolesOfPermission() to sees if Anonymous has View permission on an
    object"""
    roles_of_view_permission = obj.rolesOfPermission("View")
    # rolesOfPermission returns a list of dictionaries that have the key
    # 'name' for role.
    anon_views = [r for r in roles_of_view_permission
                  if r['name'] == 'Anonymous']
    # only one entry per role should be present
    anon_view = anon_views[0]
    # if this role has the permission, 'selected' is set to 'SELECTED'
    return anon_view['selected'] == 'SELECTED'
 class DexterityAcquisitionTest(unittest.TestCase):
    """See test_view_permission."""
    layer = PLONE_APP_DISCUSSION_INTEGRATION_TESTING
    def setUp(self):
        self.portal = self.layer['portal']
        self.request = self.layer['request']
        setRoles(self.portal, TEST_USER_ID, ['Manager'])
        self.wftool = getToolByName(self.portal, 'portal_workflow')
        # Use one_state_workflow for Document and sample_content_type,
        # so they're always published.
        self.wftool.setChainForPortalTypes(
            ['Document', dexterity_type_name],
            (one_state_workflow,),
        )
        # Create a dexterity item and add a comment.
        self.portal.invokeFactory(
            id=dexterity_object_id,
            title='Instance Of Dexterity Type',
            type_name=dexterity_type_name,
        )
        self.dexterity_object = self.portal.get(dexterity_object_id)
        conversation = IConversation(self.dexterity_object)
        comment1 = createObject('plone.Comment')
        conversation.addComment(comment1)
        self.dexterity_comment = comment1
        # Create an Archetypes item and add a comment.
        self.portal.invokeFactory(
            id=archetypes_object_id,
            title='Instance Of Archetypes Type',
            type_name='Document',
        )
        self.archetypes_object = self.portal.get(archetypes_object_id)
        conversation = IConversation(self.archetypes_object)
        comment2 = createObject('plone.Comment')
        conversation.addComment(comment2)
        self.archetypes_comment = comment2
    def test_workflows_installed(self):
        """Check that the new comment workflow has been installed properly.
        (Just a test to check our test setup.)
        """
        workflows = self.wftool.objectIds()
        self.assertTrue('comment_workflow_acquired_view' in workflows)
    def test_workflows_applied(self):
        """Check that all objects have the workflow that we expect.
        (Just a test to check our test setup.)"""
        self.assertEqual(
            self.wftool.getChainFor(self.archetypes_object),
            (one_state_workflow,)
        )
        self.assertEqual(
            self.wftool.getChainFor(self.dexterity_object),
            (one_state_workflow,)
        )
        self.assertEqual(
            self.wftool.getChainFor(self.archetypes_comment),
            (comment_workflow_acquired_view,)
        )
        self.assertEqual(
            self.wftool.getChainFor(self.dexterity_comment),
            (comment_workflow_acquired_view,)
        )
    def test_view_permission(self):
        """Test that if the View permission on Discussion Items is acquired,
        Anonymous can view comments on published items."""
        # Anonymous has View permission on commented objects.
        self.assertTrue(_anonymousCanView(self.archetypes_object))
        self.assertTrue(_anonymousCanView(self.dexterity_object))
        # Anonymous should therefore have View permission on the comments.
        self.assertTrue(_anonymousCanView(self.archetypes_comment))
        self.assertTrue(_anonymousCanView(self.dexterity_comment))
 def test_suite():
    return unittest.defaultTestLoader.loadTestsFromName(__name__)
--- a/setup.py
+++ b/setup.py
@ -52,6 +52,7 @@ setup(name='plone.app.discussion',
          'test': [
              'plone.app.testing',
              'interlude',
              'plone.app.dexterity',
          ]
      },
      entry_points="""