mdsfred/cashbook
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages 1 Wiki Activity Actions

book/line: berechtigungen für owner, beobachter, bearbeiter + tests

Browse source
This commit is contained in:
Frederik Jaeckel 2022-08-08 17:31:16 +02:00
parent 654e9d2ee7
commit b9bb433c39
9 changed files with 584 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

169
tests/test_book.py
View file

@ -173,4 +173,173 @@ class BookTestCase(ModuleTestCase):
},
])
@with_transaction()
def test_book_permission_owner(self):
""" create book + 2x users, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'btype': types.id,
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
books = Book.search([])
self.assertEqual(len(books), 0)
# change to user 'frida' read/write book
with Transaction().set_user(usr_lst[0].id):
books = Book.search([])
self.assertEqual(len(books), 1)
self.assertEqual(books[0].rec_name, 'Fridas book')
self.assertRaisesRegex(UserError,
'You are not allowed to access "Cashbook".',
Book.write,
*[
books,
{
'name': 'Book2',
},
])
@with_transaction()
def test_book_permission_reviewer(self):
""" create book + 2x users + 1x reviewer-group, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
grp_reviewer, = ResGroup.create([{
'name': 'Cashbook Reviewer',
}])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id, grp_reviewer.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
# create cashbook
# add reviewer-group to allow read for users in group
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'reviewer': grp_reviewer.id,
'btype': types.id,
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
books = Book.search([])
self.assertEqual(len(books), 1)
self.assertEqual(len(books[0].reviewer.users), 1)
self.assertEqual(books[0].reviewer.users[0].rec_name, 'Diego')
# change to user 'frida' read/write book
with Transaction().set_user(usr_lst[0].id):
books = Book.search([])
self.assertEqual(len(books), 1)
self.assertEqual(books[0].rec_name, 'Fridas book')
@with_transaction()
def test_book_permission_observer(self):
""" create book + 2x users + 1x observer-group, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
grp_observer, = ResGroup.create([{
'name': 'Cashbook Observer',
}])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id, grp_observer.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
# create cashbook
# add observer-group to allow read for users in group
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'observer': grp_observer.id,
'btype': types.id,
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
books = Book.search([])
self.assertEqual(len(books), 1)
self.assertEqual(len(books[0].observer.users), 1)
self.assertEqual(books[0].observer.users[0].rec_name, 'Diego')
# change to user 'frida' read/write book
with Transaction().set_user(usr_lst[0].id):
books = Book.search([])
self.assertEqual(len(books), 1)
self.assertEqual(books[0].rec_name, 'Fridas book')
# end BookTestCase

214
tests/test_line.py
View file

@ -150,4 +150,216 @@ class LineTestCase(ModuleTestCase):
Lines.delete,
[book.lines[0]])
# end BookTestCase
@with_transaction()
def test_line_permission_owner(self):
""" create book+line + 2x users, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Line = pool.get('cashbook.line')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'btype': types.id,
'lines': [('create', [{
'date': date(2022, 5, 1),
'description': 'Test 1',
}])],
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
lines = Line.search([])
self.assertEqual(len(lines), 0)
# change to user 'frida' read/write book
with Transaction().set_user(usr_lst[0].id):
lines = Line.search([])
self.assertEqual(len(lines), 1)
self.assertEqual(lines[0].cashbook.rec_name, 'Fridas book')
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 1')
Line.write(*[
lines,
{
'description': 'Test 2',
}])
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 2')
@with_transaction()
def test_line_permission_reviewer(self):
""" create book+line + 2x users + 1x reviewer-group, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Line = pool.get('cashbook.line')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
grp_reviewer, = ResGroup.create([{
'name': 'Cashbook Reviewer',
}])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id, grp_reviewer.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
# create cashbook
# add reviewer-group to allow write for users in group
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'reviewer': grp_reviewer.id,
'btype': types.id,
'lines': [('create', [{
'date': date(2022, 5, 1),
'description': 'Test 1',
}])],
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
lines = Line.search([])
self.assertEqual(len(lines), 1)
self.assertEqual(len(lines[0].cashbook.reviewer.users), 1)
self.assertEqual(lines[0].cashbook.reviewer.users[0].rec_name, 'Diego')
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 1')
Line.write(*[
lines,
{
'description': 'Test 2',
}])
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 2')
# change to user 'frida' read/write line
with Transaction().set_user(usr_lst[0].id):
lines = Line.search([])
self.assertEqual(len(lines), 1)
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 2')
Line.write(*[
lines,
{
'description': 'Test 3',
}])
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 3')
@with_transaction()
def test_line_permission_observer(self):
""" create book+line + 2x users + 1x observer-group, add users to group, check access
"""
pool = Pool()
ResUser = pool.get('res.user')
ResGroup = pool.get('res.group')
Book = pool.get('cashbook.book')
Line = pool.get('cashbook.line')
Types = pool.get('cashbook.type')
types, = Types.search([('short', '=', 'CAS')])
grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
grp_observer, = ResGroup.create([{
'name': 'Cashbook Observer',
}])
usr_lst = ResUser.create([{
'login': 'frida',
'name': 'Frida',
'groups': [('add', [grp_cashbook.id])],
}, {
'login': 'diego',
'name': 'Diego',
'groups': [('add', [grp_cashbook.id, grp_observer.id])],
}])
self.assertEqual(len(usr_lst), 2)
self.assertEqual(usr_lst[0].name, 'Frida')
self.assertEqual(usr_lst[1].name, 'Diego')
# create cashbook
# add reviewer-group to allow write for users in group
book, = Book.create([{
'name': 'Fridas book',
'owner': usr_lst[0].id,
'observer': grp_observer.id,
'btype': types.id,
'lines': [('create', [{
'date': date(2022, 5, 1),
'description': 'Test 1',
}])],
}])
self.assertEqual(book.rec_name, 'Fridas book'),
self.assertEqual(book.owner.rec_name, 'Frida'),
with Transaction().set_context({
'_check_access': True,
}):
# change to user 'diego' , try access
with Transaction().set_user(usr_lst[1].id):
lines = Line.search([])
self.assertEqual(len(lines), 1)
self.assertEqual(len(lines[0].cashbook.observer.users), 1)
self.assertEqual(lines[0].cashbook.observer.users[0].rec_name, 'Diego')
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 1')
self.assertRaisesRegex(UserError,
'You are not allowed to write to records "[0-9]{1,}" of "Cashbook Line" because of at least one of these rules:\nOwners and reviewers: Cashbook line write - ',
Line.write,
*[
lines,
{
'description': 'Test 2',
},
])
# change to user 'frida' read/write line
with Transaction().set_user(usr_lst[0].id):
lines = Line.search([])
self.assertEqual(len(lines), 1)
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 1')
Line.write(*[
lines,
{
'description': 'Test 2',
}])
self.assertEqual(lines[0].rec_name, '05/01/2022 Test 2')
# end LineTestCase