Add tests to confirm that some methods of a conversation incorrectly use an unwrapped comment to determine whether anonymous users can view.

2013-11-25 12:52:31 +00:00 · 2013-11-25 12:52:31 +00:00 · e6ec6ebe16
commit e6ec6ebe16
parent 4804868ab2
1 changed files with 66 additions and 1 deletions
--- a/plone/app/discussion/tests/test_acquisition.py
+++ b/plone/app/discussion/tests/test_acquisition.py
@ -2,7 +2,7 @@
 from AccessControl.User import User  # before SpecialUsers
 from AccessControl.SpecialUsers import nobody as user_nobody
 from AccessControl.PermissionRole import rolesForPermissionOn
-from Acquisition import aq_chain
+from Acquisition import aq_chain, aq_base
 from plone.app.discussion.testing import \
    PLONE_APP_DISCUSSION_INTEGRATION_TESTING
 from plone.app.discussion.interfaces import IConversation
@ -173,6 +173,71 @@ class AcquisitionTest(unittest.TestCase):
             user_nobody.has_permission(permission,
                                        self.wrapped_dexterity_comment))

+class AcquiredPermissionTest(unittest.TestCase):
+    """ Test methods of a conversation which rely on acquired permissions """
+
+    layer = PLONE_APP_DISCUSSION_INTEGRATION_TESTING
+
+    def setUp(self):
+        self.portal = self.layer['portal']
+        self.request = self.layer['request']
+        setRoles(self.portal, TEST_USER_ID, ['Manager'])
+        self.wftool = getToolByName(self.portal, 'portal_workflow')
+
+        # Disable workflow for comments and content.
+        self.wftool.setChainForPortalTypes(["Discussion Item"],[])
+        self.wftool.setChainForPortalTypes([dexterity_type_name],[])
+
+        # Create a dexterity item.
+        self.portal.invokeFactory(
+            id=dexterity_object_id,
+            title='Instance Of Dexterity Type',
+            type_name=dexterity_type_name,
+        )
+        
+        self.content = self.portal.get(dexterity_object_id)
+
+        # Absolutely make sure that we're replicating the case of an 
+        # incomplete chain correctly.
+        aq_base(self.content).__parent__ = None
+        
+        self.conversation = IConversation(self.content)
+        
+        # Add a comment
+        comment = createObject('plone.Comment')
+        self.conversation.addComment(comment)
+        self.comment = comment
+    
+    def test_view_permission_is_only_available_on_portal(self):
+        """ Check that the test setup is correct """
+        
+        content_roles = rolesForPermissionOn("View",aq_base(self.content))
+        self.assertNotIn("Anonymous",content_roles)
+        
+        comment_roles = rolesForPermissionOn("View",aq_base(self.comment))
+        self.assertNotIn("Anonymous",comment_roles)
+        
+        # This actually acquires view from the app root, but we don't really
+        # care, we just need to confirm that something above our content
+        # object will give us View.
+        portal_roles = rolesForPermissionOn("View",self.portal)
+        self.assertIn("Anonymous",portal_roles)
+
+    # The following tests fail when the conversation uses unwrapped comment
+    # objects to determine whether an anonymous user has the view permission.
+        
+    def test_total_comments(self):
+        self.assertEqual(self.conversation.total_comments,1)
+    
+    def test_last_comment_date(self):
+        self.assertEqual(self.conversation.last_comment_date,
+                         self.comment.creation_date)
+    
+    def test_public_commentators(self):
+        self.assertEqual(self.conversation.public_commentators,
+                         (self.comment.author_username,))
+
+

 def test_suite():
    return unittest.defaultTestLoader.loadTestsFromName(__name__)