5 from openerp.tools.misc import mute_logger
9 # test group that demo user should not have
10 GROUP_TECHNICAL_FEATURES = 'base.group_no_one'
12 class TestACL(common.TransactionCase):
15 super(TestACL, self).setUp()
16 self.res_currency = self.registry('res.currency')
17 self.res_partner = self.registry('res.partner')
18 self.res_users = self.registry('res.users')
20 self.tech_group = self.registry('ir.model.data').get_object(self.cr, self.uid,
21 *(GROUP_TECHNICAL_FEATURES.split('.')))
23 def test_field_visibility_restriction(self):
24 """Check that model-level ``groups`` parameter effectively restricts access to that
25 field for users who do not belong to one of the explicitly allowed groups"""
26 # Verify the test environment first
27 original_fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
28 form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
29 view_arch = etree.fromstring(form_view.get('arch'))
30 has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
31 self.assertFalse(has_tech_feat, "`demo` user should not belong to the restricted group before the test")
32 self.assertTrue('rate' in original_fields, "'rate' field must be properly visible before the test")
33 self.assertNotEquals(view_arch.xpath("//field[@name='rate']"), [],
34 "Field 'rate' must be found in view definition before the test")
36 # Restrict access to the field and check it's gone
37 self.res_currency._columns['rate'].groups = GROUP_TECHNICAL_FEATURES
38 fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
39 form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
40 view_arch = etree.fromstring(form_view.get('arch'))
41 self.assertFalse('rate' in fields, "'rate' field should be gone")
42 self.assertEquals(view_arch.xpath("//field[@name='rate']"), [],
43 "Field 'rate' must not be found in view definition")
45 # Make demo user a member of the restricted group and check that the field is back
46 self.tech_group.write({'users': [(4, self.demo_uid)]})
47 has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
48 fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
49 form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
50 view_arch = etree.fromstring(form_view.get('arch'))
51 #import pprint; pprint.pprint(fields); pprint.pprint(form_view)
52 self.assertTrue(has_tech_feat, "`demo` user should now belong to the restricted group")
53 self.assertTrue('rate' in fields, "'rate' field must be properly visible again")
54 self.assertNotEquals(view_arch.xpath("//field[@name='rate']"), [],
55 "Field 'rate' must be found in view definition again")
58 self.tech_group.write({'users': [(3, self.demo_uid)]})
59 self.res_currency._columns['rate'].groups = False
61 @mute_logger('openerp.osv.orm')
62 def test_field_crud_restriction(self):
63 "Read/Write RPC access to restricted field should be forbidden"
64 # Verify the test environment first
65 has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
66 self.assertFalse(has_tech_feat, "`demo` user should not belong to the restricted group")
67 self.assert_(self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids']))
68 self.assert_(self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []}))
70 # Now restrict access to the field and check it's forbidden
71 self.res_partner._columns['bank_ids'].groups = GROUP_TECHNICAL_FEATURES
72 with self.assertRaises(openerp.osv.orm.except_orm):
73 self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids'])
74 with self.assertRaises(openerp.osv.orm.except_orm):
75 self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []})
77 # Add the restricted group, and check that it works again
78 self.tech_group.write({'users': [(4, self.demo_uid)]})
79 has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
80 self.assertTrue(has_tech_feat, "`demo` user should now belong to the restricted group")
81 self.assert_(self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids']))
82 self.assert_(self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []}))
85 self.tech_group.write({'users': [(3, self.demo_uid)]})
86 self.res_partner._columns['bank_ids'].groups = False
88 if __name__ == '__main__':
91 # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: