Add a test for permission Acquisition on comments.
We use a different workflow for comments: The View permission is acquired instead of given explicitly, as outlined in https://dev.plone.org/ticket/12531.
This commit is contained in:
parent
e2a43aefb6
commit
66d355544f
@ -35,10 +35,14 @@ class PloneAppDiscussion(PloneSandboxLayer):
|
|||||||
xmlconfig.file('configure.zcml',
|
xmlconfig.file('configure.zcml',
|
||||||
plone.app.discussion,
|
plone.app.discussion,
|
||||||
context=configurationContext)
|
context=configurationContext)
|
||||||
|
xmlconfig.file('configure.zcml',
|
||||||
|
plone.app.discussion.tests,
|
||||||
|
context=configurationContext)
|
||||||
|
|
||||||
def setUpPloneSite(self, portal):
|
def setUpPloneSite(self, portal):
|
||||||
# Install into Plone site using portal_setup
|
# Install into Plone site using portal_setup
|
||||||
applyProfile(portal, 'plone.app.discussion:default')
|
applyProfile(portal, 'plone.app.discussion:default')
|
||||||
|
applyProfile(portal, 'plone.app.discussion.tests:testing')
|
||||||
|
|
||||||
# Creates some users
|
# Creates some users
|
||||||
acl_users = getToolByName(portal, 'acl_users')
|
acl_users = getToolByName(portal, 'acl_users')
|
||||||
|
16
plone/app/discussion/tests/configure.zcml
Normal file
16
plone/app/discussion/tests/configure.zcml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
<configure
|
||||||
|
xmlns="http://namespaces.zope.org/zope"
|
||||||
|
xmlns:genericsetup="http://namespaces.zope.org/genericsetup"
|
||||||
|
i18n_domain="freitag.discussion">
|
||||||
|
|
||||||
|
<include package="plone.app.dexterity" />
|
||||||
|
|
||||||
|
<genericsetup:registerProfile
|
||||||
|
name="testing"
|
||||||
|
title="plone.app.discussion.testing"
|
||||||
|
directory="profile"
|
||||||
|
description="Testing profile for plone.app.discussion"
|
||||||
|
provides="Products.GenericSetup.interfaces.EXTENSION"
|
||||||
|
/>
|
||||||
|
|
||||||
|
</configure>
|
4
plone/app/discussion/tests/profile/types.xml
Normal file
4
plone/app/discussion/tests/profile/types.xml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<object name="portal_types" meta_type="Plone Types Tool">
|
||||||
|
<object name="sample_content_type" meta_type="Dexterity FTI" />
|
||||||
|
</object>
|
@ -0,0 +1,47 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<object name="sample_content_type"
|
||||||
|
meta_type="Dexterity FTI"
|
||||||
|
i18n:domain="freitag.discussion" xmlns:i18n="http://xml.zope.org/namespaces/i18n">
|
||||||
|
|
||||||
|
<!-- Basic metadata -->
|
||||||
|
<property name="title" i18n:translate="">sample_content_type</property>
|
||||||
|
<property name="description"
|
||||||
|
i18n:translate="">Sample Content</property>
|
||||||
|
<property name="content_icon">document_icon.png</property>
|
||||||
|
<property name="global_allow">True</property>
|
||||||
|
<property name="filter_content_types">True</property>
|
||||||
|
<property name="allowed_content_types">
|
||||||
|
</property>
|
||||||
|
<property name="allow_discussion">True</property>
|
||||||
|
|
||||||
|
<property name="klass">plone.dexterity.content.Item</property>
|
||||||
|
|
||||||
|
<property name="add_permission">cmf.AddPortalContent</property>
|
||||||
|
<property name="behaviors">
|
||||||
|
<element value="plone.app.content.interfaces.INameFromTitle" />
|
||||||
|
</property>
|
||||||
|
|
||||||
|
<!-- View information -->
|
||||||
|
<property name="default_view">view</property>
|
||||||
|
<property name="default_view_fallback">False</property>
|
||||||
|
<property name="view_methods">
|
||||||
|
<element value="view" />
|
||||||
|
</property>
|
||||||
|
|
||||||
|
<!-- Method aliases -->
|
||||||
|
<alias from="(Default)" to="(selected layout)" />
|
||||||
|
<alias from="edit" to="@@edit" />
|
||||||
|
<alias from="sharing" to="@@sharing" />
|
||||||
|
<alias from="view" to="@@view" />
|
||||||
|
|
||||||
|
<!-- Actions -->
|
||||||
|
<action title="View" action_id="view" category="object" condition_expr=""
|
||||||
|
url_expr="string:${object_url}/" visible="True">
|
||||||
|
<permission value="View" />
|
||||||
|
</action>
|
||||||
|
|
||||||
|
<action title="Edit" action_id="edit" category="object" condition_expr=""
|
||||||
|
url_expr="string:${object_url}/edit" visible="True">
|
||||||
|
<permission value="Modify portal content" />
|
||||||
|
</action>
|
||||||
|
</object>
|
9
plone/app/discussion/tests/profile/workflows.xml
Normal file
9
plone/app/discussion/tests/profile/workflows.xml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<object name="portal_workflow" meta_type="CMF Workflow Tool">
|
||||||
|
<object name="comment_workflow_acquired_view" meta_type="Workflow"/>
|
||||||
|
<bindings>
|
||||||
|
<type type_id="Discussion Item">
|
||||||
|
<bound-workflow workflow_id="comment_workflow_acquired_view"/>
|
||||||
|
</type>
|
||||||
|
</bindings>
|
||||||
|
</object>
|
@ -0,0 +1,75 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<dc-workflow
|
||||||
|
workflow_id="comment_workflow_acquired_view"
|
||||||
|
title="Single State Workflow"
|
||||||
|
description="- Essentially a workflow with no transitions, but has a Published state, so portlets and applications that expect that state will continue to work."
|
||||||
|
state_variable="review_state"
|
||||||
|
initial_state="published"
|
||||||
|
manager_bypass="False">
|
||||||
|
<permission>Access contents information</permission>
|
||||||
|
<permission>Change portal events</permission>
|
||||||
|
<permission>Modify portal content</permission>
|
||||||
|
<permission>View</permission>
|
||||||
|
<state state_id="published" title="Published">
|
||||||
|
<description>Visible to everyone, editable by the owner.</description>
|
||||||
|
<permission-map name="Access contents information" acquired="False">
|
||||||
|
<permission-role>Anonymous</permission-role>
|
||||||
|
</permission-map>
|
||||||
|
<permission-map name="Change portal events" acquired="False">
|
||||||
|
<permission-role>Editor</permission-role>
|
||||||
|
<permission-role>Manager</permission-role>
|
||||||
|
<permission-role>Owner</permission-role>
|
||||||
|
<permission-role>Site Administrator</permission-role>
|
||||||
|
</permission-map>
|
||||||
|
<permission-map name="Modify portal content" acquired="False">
|
||||||
|
<permission-role>Editor</permission-role>
|
||||||
|
<permission-role>Manager</permission-role>
|
||||||
|
<permission-role>Owner</permission-role>
|
||||||
|
<permission-role>Site Administrator</permission-role>
|
||||||
|
</permission-map>
|
||||||
|
<permission-map name="View" acquired="True">
|
||||||
|
</permission-map>
|
||||||
|
</state>
|
||||||
|
<variable variable_id="action" for_catalog="False" for_status="True" update_always="True">
|
||||||
|
<description>Previous transition</description>
|
||||||
|
<default>
|
||||||
|
<expression>transition/getId|nothing</expression>
|
||||||
|
</default>
|
||||||
|
<guard>
|
||||||
|
</guard>
|
||||||
|
</variable>
|
||||||
|
<variable variable_id="actor" for_catalog="False" for_status="True" update_always="True">
|
||||||
|
<description>The ID of the user who performed the previous transition</description>
|
||||||
|
<default>
|
||||||
|
<expression>user/getId</expression>
|
||||||
|
</default>
|
||||||
|
<guard>
|
||||||
|
</guard>
|
||||||
|
</variable>
|
||||||
|
<variable variable_id="comments" for_catalog="False" for_status="True" update_always="True">
|
||||||
|
<description>Comment about the last transition</description>
|
||||||
|
<default>
|
||||||
|
<expression>python:state_change.kwargs.get('comment', '')</expression>
|
||||||
|
</default>
|
||||||
|
<guard>
|
||||||
|
</guard>
|
||||||
|
</variable>
|
||||||
|
<variable variable_id="review_history" for_catalog="False" for_status="False" update_always="False">
|
||||||
|
<description>Provides access to workflow history</description>
|
||||||
|
<default>
|
||||||
|
<expression>state_change/getHistory</expression>
|
||||||
|
</default>
|
||||||
|
<guard>
|
||||||
|
<guard-permission>Request review</guard-permission>
|
||||||
|
<guard-permission>Review portal content</guard-permission>
|
||||||
|
</guard>
|
||||||
|
</variable>
|
||||||
|
<variable variable_id="time" for_catalog="False" for_status="True" update_always="True">
|
||||||
|
<description>When the previous transition was performed</description>
|
||||||
|
<default>
|
||||||
|
<expression>state_change/getDateTime</expression>
|
||||||
|
</default>
|
||||||
|
<guard>
|
||||||
|
</guard>
|
||||||
|
</variable>
|
||||||
|
</dc-workflow>
|
116
plone/app/discussion/tests/test_acquisition.py
Normal file
116
plone/app/discussion/tests/test_acquisition.py
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from plone.app.discussion.testing import \
|
||||||
|
PLONE_APP_DISCUSSION_INTEGRATION_TESTING
|
||||||
|
from plone.app.discussion.interfaces import IConversation
|
||||||
|
from plone.app.testing import TEST_USER_ID, setRoles
|
||||||
|
from Products.CMFCore.utils import getToolByName
|
||||||
|
from zope.component import createObject
|
||||||
|
|
||||||
|
import unittest2 as unittest
|
||||||
|
|
||||||
|
|
||||||
|
dexterity_type_name = 'sample_content_type'
|
||||||
|
dexterity_object_id = 'instance-of-dexterity-type'
|
||||||
|
archetypes_object_id = 'instance-of-archetypes-type'
|
||||||
|
one_state_workflow = 'one_state_workflow'
|
||||||
|
comment_workflow_acquired_view = 'comment_workflow_acquired_view'
|
||||||
|
|
||||||
|
|
||||||
|
def _anonymousCanView(obj):
|
||||||
|
"""Use rolesOfPermission() to sees if Anonymous has View permission on an
|
||||||
|
object"""
|
||||||
|
roles_of_view_permission = obj.rolesOfPermission("View")
|
||||||
|
# rolesOfPermission returns a list of dictionaries that have the key
|
||||||
|
# 'name' for role.
|
||||||
|
anon_views = [r for r in roles_of_view_permission
|
||||||
|
if r['name'] == 'Anonymous']
|
||||||
|
# only one entry per role should be present
|
||||||
|
anon_view = anon_views[0]
|
||||||
|
# if this role has the permission, 'selected' is set to 'SELECTED'
|
||||||
|
return anon_view['selected'] == 'SELECTED'
|
||||||
|
|
||||||
|
|
||||||
|
class DexterityAcquisitionTest(unittest.TestCase):
|
||||||
|
"""See test_view_permission."""
|
||||||
|
|
||||||
|
layer = PLONE_APP_DISCUSSION_INTEGRATION_TESTING
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self.portal = self.layer['portal']
|
||||||
|
self.request = self.layer['request']
|
||||||
|
setRoles(self.portal, TEST_USER_ID, ['Manager'])
|
||||||
|
self.wftool = getToolByName(self.portal, 'portal_workflow')
|
||||||
|
|
||||||
|
# Use one_state_workflow for Document and sample_content_type,
|
||||||
|
# so they're always published.
|
||||||
|
self.wftool.setChainForPortalTypes(
|
||||||
|
['Document', dexterity_type_name],
|
||||||
|
(one_state_workflow,),
|
||||||
|
)
|
||||||
|
|
||||||
|
# Create a dexterity item and add a comment.
|
||||||
|
self.portal.invokeFactory(
|
||||||
|
id=dexterity_object_id,
|
||||||
|
title='Instance Of Dexterity Type',
|
||||||
|
type_name=dexterity_type_name,
|
||||||
|
)
|
||||||
|
self.dexterity_object = self.portal.get(dexterity_object_id)
|
||||||
|
conversation = IConversation(self.dexterity_object)
|
||||||
|
comment1 = createObject('plone.Comment')
|
||||||
|
conversation.addComment(comment1)
|
||||||
|
self.dexterity_comment = comment1
|
||||||
|
|
||||||
|
# Create an Archetypes item and add a comment.
|
||||||
|
self.portal.invokeFactory(
|
||||||
|
id=archetypes_object_id,
|
||||||
|
title='Instance Of Archetypes Type',
|
||||||
|
type_name='Document',
|
||||||
|
)
|
||||||
|
self.archetypes_object = self.portal.get(archetypes_object_id)
|
||||||
|
conversation = IConversation(self.archetypes_object)
|
||||||
|
comment2 = createObject('plone.Comment')
|
||||||
|
conversation.addComment(comment2)
|
||||||
|
self.archetypes_comment = comment2
|
||||||
|
|
||||||
|
def test_workflows_installed(self):
|
||||||
|
"""Check that the new comment workflow has been installed properly.
|
||||||
|
(Just a test to check our test setup.)
|
||||||
|
"""
|
||||||
|
workflows = self.wftool.objectIds()
|
||||||
|
self.assertTrue('comment_workflow_acquired_view' in workflows)
|
||||||
|
|
||||||
|
def test_workflows_applied(self):
|
||||||
|
"""Check that all objects have the workflow that we expect.
|
||||||
|
(Just a test to check our test setup.)"""
|
||||||
|
self.assertEqual(
|
||||||
|
self.wftool.getChainFor(self.archetypes_object),
|
||||||
|
(one_state_workflow,)
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.wftool.getChainFor(self.dexterity_object),
|
||||||
|
(one_state_workflow,)
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.wftool.getChainFor(self.archetypes_comment),
|
||||||
|
(comment_workflow_acquired_view,)
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
self.wftool.getChainFor(self.dexterity_comment),
|
||||||
|
(comment_workflow_acquired_view,)
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_view_permission(self):
|
||||||
|
"""Test that if the View permission on Discussion Items is acquired,
|
||||||
|
Anonymous can view comments on published items."""
|
||||||
|
|
||||||
|
# Anonymous has View permission on commented objects.
|
||||||
|
self.assertTrue(_anonymousCanView(self.archetypes_object))
|
||||||
|
self.assertTrue(_anonymousCanView(self.dexterity_object))
|
||||||
|
|
||||||
|
# Anonymous should therefore have View permission on the comments.
|
||||||
|
self.assertTrue(_anonymousCanView(self.archetypes_comment))
|
||||||
|
self.assertTrue(_anonymousCanView(self.dexterity_comment))
|
||||||
|
|
||||||
|
|
||||||
|
def test_suite():
|
||||||
|
return unittest.defaultTestLoader.loadTestsFromName(__name__)
|
Loading…
Reference in New Issue
Block a user