1 # -*- coding: utf-8 -*-
2 ##############################################################################
4 # OpenERP, Open Source Business Applications
5 # Copyright (c) 2012-TODAY OpenERP S.A. <http://openerp.com>
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU Affero General Public License as
9 # published by the Free Software Foundation, either version 3 of the
10 # License, or (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU Affero General Public License for more details.
17 # You should have received a copy of the GNU Affero General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 ##############################################################################
22 from openerp.addons.mail.tests import test_mail
23 from osv.orm import except_orm
26 class test_mail_access_rights(test_mail.TestMailMockups):
29 super(test_mail_access_rights, self).setUp()
30 cr, uid = self.cr, self.uid
31 self.mail_group = self.registry('mail.group')
32 self.mail_message = self.registry('mail.message')
33 self.mail_notification = self.registry('mail.notification')
34 self.res_users = self.registry('res.users')
35 self.res_groups = self.registry('res.groups')
36 self.res_partner = self.registry('res.partner')
38 # create a 'pigs' group that will be used through the various tests
39 self.group_pigs_id = self.mail_group.create(self.cr, self.uid,
40 {'name': 'Pigs', 'description': 'Fans of Pigs, unite !'})
43 group_employee_ref = self.registry('ir.model.data').get_object_reference(cr, uid, 'base', 'group_user')
44 self.group_employee_id = group_employee_ref and group_employee_ref[1] or False
46 # Create Bert (without groups) and Raoul( employee)
47 self.user_bert_id = self.res_users.create(cr, uid, {'name': 'Bert Tartopoils', 'login': 'bert', 'groups_id': [(6, 0, [])]})
48 self.user_raoul_id = self.res_users.create(cr, uid, {'name': 'Raoul Grosbedon', 'login': 'raoul', 'groups_id': [(6, 0, [self.group_employee_id])]})
49 self.user_bert = self.res_users.browse(cr, uid, self.user_bert_id)
50 self.partner_bert_id = self.user_bert.partner_id.id
51 self.user_raoul = self.res_users.browse(cr, uid, self.user_raoul_id)
52 self.partner_raoul_id = self.user_raoul.partner_id.id
54 def test_00_mail_message_read_access_rights(self):
55 """ Test basic mail_message read access rights. """
56 cr, uid = self.cr, self.uid
57 partner_bert_id, partner_raoul_id = self.partner_bert_id, self.partner_raoul_id
58 user_bert_id, user_raoul_id = self.user_bert_id, self.user_raoul_id
60 # Prepare groups: Pigs (employee), Jobs (public)
61 self.mail_group.message_post(cr, uid, self.group_pigs_id, body='Message')
62 self.group_jobs_id = self.mail_group.create(cr, uid, {'name': 'Jobs', 'public': 'public'})
64 # ----------------------------------------
65 # CASE1: Bert, basic mail.message read access
66 # ----------------------------------------
68 # Do: create a new mail.message
69 message_id = self.mail_message.create(cr, uid, {'body': 'My Body'})
70 # Test: Bert reads the message, crash because not notification/not in doc followers/not read on doc
71 self.assertRaises(except_orm, self.mail_message.read,
72 cr, user_bert_id, message_id)
73 # Do: message is pushed to Bert
74 notif_id = self.mail_notification.create(cr, uid, {'message_id': message_id, 'partner_id': partner_bert_id})
75 # Test: Bert reads the message, ok because notification pushed
76 self.mail_message.read(cr, user_bert_id, message_id)
77 # Do: remove notification
78 self.mail_notification.unlink(cr, uid, notif_id)
79 # Test: Bert reads the message, crash because not notification/not in doc followers/not read on doc
80 self.assertRaises(except_orm, self.mail_message.read,
81 cr, self.user_bert_id, message_id)
82 # Do: Bert is now the author
83 self.mail_message.write(cr, uid, [message_id], {'author_id': partner_bert_id})
84 # Test: Bert reads the message, ok because Bert is the author
85 self.mail_message.read(cr, user_bert_id, message_id)
86 # Do: Bert is not the author anymore
87 self.mail_message.write(cr, uid, [message_id], {'author_id': partner_raoul_id})
88 # Test: Bert reads the message, crash because not notification/not in doc followers/not read on doc
89 self.assertRaises(except_orm, self.mail_message.read,
90 cr, user_bert_id, message_id)
91 # Do: message is attached to a document Bert can read, Jobs
92 self.mail_message.write(cr, uid, [message_id], {'model': 'mail.group', 'res_id': self.group_jobs_id})
93 # Test: Bert reads the message, ok because linked to a doc he is allowed to read
94 self.mail_message.read(cr, user_bert_id, message_id)
95 # Do: message is attached to a document Bert cannot read, Pigs
96 self.mail_message.write(cr, uid, [message_id], {'model': 'mail.group', 'res_id': self.group_pigs_id})
97 # Test: Bert reads the message, crash because not notification/not in doc followers/not read on doc
98 self.assertRaises(except_orm, self.mail_message.read,
99 cr, user_bert_id, message_id)
101 def test_05_mail_message_search_access_rights(self):
102 """ Test mail_message search override about access rights. """
103 self.assertTrue(1 == 1, 'Test not implemented, do not replace by return True')
105 def test_10_mail_flow_access_rights(self):
106 """ Test a Chatter-looks alike flow. """
107 cr, uid = self.cr, self.uid
108 mail_compose = self.registry('mail.compose.message')
109 partner_bert_id, partner_raoul_id = self.partner_bert_id, self.partner_raoul_id
110 user_bert_id, user_raoul_id = self.user_bert_id, self.user_raoul_id
112 # Prepare groups: Pigs (employee), Jobs (public)
113 self.mail_group.message_post(cr, uid, self.group_pigs_id, body='Message')
114 self.group_jobs_id = self.mail_group.create(cr, uid, {'name': 'Jobs', 'public': 'public'})
116 # ----------------------------------------
117 # CASE1: Bert, without groups
118 # ----------------------------------------
119 # Do: Bert creates a group, should crash because perm_create only for employees
120 self.assertRaises(except_orm,
121 self.mail_group.create,
122 cr, user_bert_id, {'name': 'Bert\'s Group'})
124 # Do: Bert reads Jobs basic fields, ok because public = read access on the group
125 self.mail_group.read(cr, user_bert_id, self.group_jobs_id, ['name', 'description'])
126 # Do: Bert browse Pigs, ok (no direct browse of partners)
127 self.mail_group.browse(cr, user_bert_id, self.group_jobs_id)
128 # Do: Bert reads Jobs messages, ok because read access on the group => read access on its messages
129 jobs_message_ids = self.mail_group.read(cr, user_bert_id, self.group_jobs_id, ['message_ids'])['message_ids']
130 self.mail_message.read(cr, user_bert_id, jobs_message_ids)
131 # Do: Bert reads Jobs followers, ko because partner are accessible to employees or partner manager
132 jobs_followers_ids = self.mail_group.read(cr, user_bert_id, self.group_jobs_id, ['message_follower_ids'])['message_follower_ids']
133 self.assertRaises(except_orm,
134 self.res_partner.read,
135 cr, user_bert_id, jobs_followers_ids)
136 # Do: Bert comments Jobs, ko because no write access on the group and not in the followers
137 self.assertRaises(except_orm,
138 self.mail_group.message_post,
139 cr, user_bert_id, self.group_jobs_id, body='I love Pigs')
140 # Do: add Bert to jobs followers
141 self.mail_group.message_subscribe(cr, uid, [self.group_jobs_id], [partner_bert_id])
142 # Do: Bert comments Jobs, ok because he is now in the followers
143 self.mail_group.message_post(cr, user_bert_id, self.group_jobs_id, body='I love Pigs')
145 # Do: Bert reads Pigs, should crash because mail.group security=groups only for employee group
146 self.assertRaises(except_orm,
147 self.mail_group.read,
148 cr, user_bert_id, self.group_pigs_id)
150 # Do: Bert create a mail.compose.message record, because he uses the wizard
151 compose_id = mail_compose.create(cr, user_bert_id,
152 {'subject': 'Subject', 'body_text': 'Body text', 'partner_ids': []},
153 # {'subject': 'Subject', 'body_text': 'Body text', 'partner_ids': [(4, p_c_id), (4, p_d_id)]},
154 {'default_composition_mode': 'comment', 'default_model': 'mail.group', 'default_res_id': self.group_jobs_id})
155 mail_compose.send_mail(cr, user_bert_id, [compose_id])
157 self.user_demo_id = self.registry('ir.model.data').get_object_reference(self.cr, self.uid, 'base', 'user_demo')[1]
158 compose_id = mail_compose.create(cr, self.user_demo_id,
159 {'subject': 'Subject', 'body_text': 'Body text', 'partner_ids': []},
160 # {'subject': 'Subject', 'body_text': 'Body text', 'partner_ids': [(4, p_c_id), (4, p_d_id)]},
161 {'default_composition_mode': 'comment', 'default_model': 'mail.group', 'default_res_id': self.group_jobs_id})
162 mail_compose.send_mail(cr, self.user_demo_id, [compose_id])
164 # ----------------------------------------
165 # CASE2: Raoul, employee
166 # ----------------------------------------
167 # Do: Bert read Pigs, ok because public
168 self.mail_group.read(cr, user_raoul_id, self.group_pigs_id)
169 # Do: Bert read Jobs, ok because group_public_id = employee
170 self.mail_group.read(cr, user_raoul_id, self.group_jobs_id)