projects / odoo / odoo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[FIX] desperate attempt to solve long polling process freezing
[odoo/odoo.git] / openerp / tests / test_acl.py
1 import unittest2
2 from lxml import etree
3
4 import openerp
5 from openerp.tools.misc import mute_logger
6
7 import common
8
9 # test group that demo user should not have
10 GROUP_TECHNICAL_FEATURES = 'base.group_no_one'
11
12 class TestACL(common.TransactionCase):
13
14     def setUp(self):
15         super(TestACL, self).setUp()
16         self.res_currency = self.registry('res.currency')
17         self.res_partner = self.registry('res.partner')
18         self.res_users = self.registry('res.users')
19         self.demo_uid = 3
20         self.tech_group = self.registry('ir.model.data').get_object(self.cr, self.uid,
21                                                                     *(GROUP_TECHNICAL_FEATURES.split('.')))
22
23     def test_field_visibility_restriction(self):
24         """Check that model-level ``groups`` parameter effectively restricts access to that
25            field for users who do not belong to one of the explicitly allowed groups""" 
26         # Verify the test environment first
27         original_fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
28         form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
29         view_arch = etree.fromstring(form_view.get('arch'))
30         has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
31         self.assertFalse(has_tech_feat, "`demo` user should not belong to the restricted group before the test")
32         self.assertTrue('rate' in original_fields, "'rate' field must be properly visible before the test")
33         self.assertNotEquals(view_arch.xpath("//field[@name='rate']"), [],
34                              "Field 'rate' must be found in view definition before the test")
35
36         # Restrict access to the field and check it's gone
37         self.res_currency._columns['rate'].groups = GROUP_TECHNICAL_FEATURES
38         fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
39         form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
40         view_arch = etree.fromstring(form_view.get('arch'))
41         self.assertFalse('rate' in fields, "'rate' field should be gone")
42         self.assertEquals(view_arch.xpath("//field[@name='rate']"), [],
43                              "Field 'rate' must not be found in view definition")
44
45         # Make demo user a member of the restricted group and check that the field is back
46         self.tech_group.write({'users': [(4, self.demo_uid)]})
47         has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
48         fields = self.res_currency.fields_get(self.cr, self.demo_uid, [])
49         form_view = self.res_currency.fields_view_get(self.cr, self.demo_uid, False, 'form')
50         view_arch = etree.fromstring(form_view.get('arch'))
51         #import pprint; pprint.pprint(fields); pprint.pprint(form_view)
52         self.assertTrue(has_tech_feat, "`demo` user should now belong to the restricted group")
53         self.assertTrue('rate' in fields, "'rate' field must be properly visible again")
54         self.assertNotEquals(view_arch.xpath("//field[@name='rate']"), [],
55                              "Field 'rate' must be found in view definition again")
56
57         #cleanup
58         self.tech_group.write({'users': [(3, self.demo_uid)]})
59         self.res_currency._columns['rate'].groups = False
60
61     @mute_logger('openerp.osv.orm')
62     def test_field_crud_restriction(self):
63         "Read/Write RPC access to restricted field should be forbidden"
64         # Verify the test environment first
65         has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
66         self.assertFalse(has_tech_feat, "`demo` user should not belong to the restricted group")
67         self.assert_(self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids']))
68         self.assert_(self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []})) 
69
70         # Now restrict access to the field and check it's forbidden
71         self.res_partner._columns['bank_ids'].groups = GROUP_TECHNICAL_FEATURES
72         with self.assertRaises(openerp.osv.orm.except_orm):
73             self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids'])
74         with self.assertRaises(openerp.osv.orm.except_orm):
75             self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []})
76
77         # Add the restricted group, and check that it works again
78         self.tech_group.write({'users': [(4, self.demo_uid)]})
79         has_tech_feat = self.res_users.has_group(self.cr, self.demo_uid, GROUP_TECHNICAL_FEATURES)
80         self.assertTrue(has_tech_feat, "`demo` user should now belong to the restricted group")
81         self.assert_(self.res_partner.read(self.cr, self.demo_uid, [1], ['bank_ids']))
82         self.assert_(self.res_partner.write(self.cr, self.demo_uid, [1], {'bank_ids': []})) 
83         
84         #cleanup
85         self.tech_group.write({'users': [(3, self.demo_uid)]})
86         self.res_partner._columns['bank_ids'].groups = False
87
88 if __name__ == '__main__':
89     unittest2.main()
90
91 # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
Unnamed repository; edit this file 'description' to name the repository.