projects / odoo / odoo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of https://github.com/odoo/odoo
[odoo/odoo.git] / addons / portal_project / tests / test_access_rights.py
diff --git a/addons/portal_project/tests/test_access_rights.py b/addons/portal_project/tests/test_access_rights.py
index e36df90..a4f2973 100644 (file)
--- a/addons/portal_project/tests/test_access_rights.py
+++ b/addons/portal_project/tests/test_access_rights.py
@@ -149,15 +149,11 @@ class TestPortalProject(TestPortalProjectBase):
         self.assertRaises(AccessError, self.project_task.search, cr, self.user_none_id, [('project_id', '=', pigs_id)])
 
         # Data: task follower
+        self.project_project.message_subscribe_users(cr, self.user_manager_id, [pigs_id], [self.user_portal_id])
         self.project_task.message_subscribe_users(cr, self.user_projectuser_id, [self.task_1_id, self.task_3_id], [self.user_portal_id])
 
-        # Do: Chell reads project -> ok (portal ok public)
+        # Do: Chell reads project -> ok (portal ok portal)
         self.project_project.read(cr, self.user_portal_id, [pigs_id], ['state'])
-        # Test: only followed project tasks visible + assigned
-        task_ids = self.project_task.search(cr, self.user_portal_id, [('project_id', '=', pigs_id)])
-        test_task_ids = set([self.task_1_id, self.task_3_id, self.task_5_id])
-        self.assertEqual(set(task_ids), test_task_ids,
-                         'access rights: portal user should see the followed tasks of a portal project')
 
         # Do: Donovan reads project -> ko (public ko portal)
         self.assertRaises(except_orm, self.project_project.read, cr, self.user_public_id, [pigs_id], ['state'])
@@ -197,6 +193,12 @@ class TestPortalProject(TestPortalProjectBase):
         task_ids = self.project_task.search(cr, self.user_public_id, [('project_id', '=', pigs_id)])
         self.assertFalse(task_ids, 'access rights: public user should not see tasks of an employees project')
 
+        # Do: project user is employee and can create a task
+        tmp_task_id = self.project_task.create(cr, self.user_projectuser_id, {
+            'name': 'Pigs task', 'project_id': pigs_id
+        }, {'mail_create_nolog': True})
+        self.project_task.unlink(cr, self.user_projectuser_id, [tmp_task_id])
+
         # ----------------------------------------
         # CASE4: followers project
         # ----------------------------------------
@@ -214,7 +216,8 @@ class TestPortalProject(TestPortalProjectBase):
         # Do: Bert reads project -> crash, no group
         self.assertRaises(AccessError, self.project_project.read, cr, self.user_none_id, [pigs_id], ['state'])
 
-        # Do: Chell reads project -> ko (portal ko employee)
+        # Do: Chell reads project -> ko (portal ko followers)
+        self.project_project.message_unsubscribe_users(cr, self.user_portal_id, [pigs_id], [self.user_portal_id])
         self.assertRaises(except_orm, self.project_project.read, cr, self.user_portal_id, [pigs_id], ['state'])
         # Test: no project task visible
         task_ids = self.project_task.search(cr, self.user_portal_id, [('project_id', '=', pigs_id)])
@@ -234,19 +237,25 @@ class TestPortalProject(TestPortalProjectBase):
 
         # Do: Alfred reads project -> ok (follower ok followers)
         self.project_project.read(cr, self.user_projectuser_id, [pigs_id], ['state'])
-        # Test: followed + assigned tasks visible
-        task_ids = self.project_task.search(cr, self.user_projectuser_id, [('project_id', '=', pigs_id)])
-        test_task_ids = set([self.task_1_id, self.task_3_id, self.task_4_id])
-        self.assertEqual(set(task_ids), test_task_ids,
-                         'access rights: employee user should not see followed + assigned tasks of a follower project')
 
         # Do: Chell reads project -> ok (follower ok follower)
         self.project_project.read(cr, self.user_portal_id, [pigs_id], ['state'])
-        # Test: followed + assigned tasks visible
-        task_ids = self.project_task.search(cr, self.user_portal_id, [('project_id', '=', pigs_id)])
-        test_task_ids = set([self.task_1_id, self.task_3_id, self.task_5_id])
-        self.assertEqual(set(task_ids), test_task_ids,
-                         'access rights: employee user should not see followed + assigned tasks of a follower project')
 
         # Do: Donovan reads project -> ko (public ko follower even if follower)
         self.assertRaises(except_orm, self.project_project.read, cr, self.user_public_id, [pigs_id], ['state'])
+
+        # Do: project user is follower of the project and can create a task
+        self.project_task.create(cr, self.user_projectuser_id, {
+            'name': 'Pigs task', 'project_id': pigs_id
+        }, {'mail_create_nolog': True})
+
+        # not follower user should not be able to create a task
+        self.project_project.message_unsubscribe_users(cr, self.user_projectuser_id, [pigs_id], [self.user_projectuser_id])
+        self.assertRaises(except_orm,
+            self.project_task.create, cr, self.user_projectuser_id, {'name': 'Pigs task', 'project_id': pigs_id}, {'mail_create_nolog': True}
+        )
+
+        # Do: project user can create a task without project
+        self.project_task.create(cr, self.user_projectuser_id, {
+            'name': 'Pigs task', 'project_id': False
+        }, {'mail_create_nolog': True})
Unnamed repository; edit this file 'description' to name the repository.