book/line: berechtigungen für owner, beobachter, bearbeiter + tests

2022-08-08 17:31:16 +02:00 · 2022-08-08 17:31:16 +02:00 · b9bb433c39
commit b9bb433c39
parent 654e9d2ee7
9 changed files with 584 additions and 3 deletions
--- a/tests/test_book.py
+++ b/tests/test_book.py
@ -173,4 +173,173 @@ class BookTestCase(ModuleTestCase):
                },
            ])

+    @with_transaction()
+    def test_book_permission_owner(self):
+        """ create book + 2x users, add users to group, check access
+        """
+        pool = Pool()
+        ResUser = pool.get('res.user')
+        ResGroup = pool.get('res.group')
+        Book = pool.get('cashbook.book')
+        Types = pool.get('cashbook.type')
+
+        types, = Types.search([('short', '=', 'CAS')])
+        grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
+        usr_lst = ResUser.create([{
+            'login': 'frida',
+            'name': 'Frida',
+            'groups': [('add', [grp_cashbook.id])],
+            }, {
+            'login': 'diego',
+            'name': 'Diego',
+            'groups': [('add', [grp_cashbook.id])],
+            }])
+        self.assertEqual(len(usr_lst), 2)
+        self.assertEqual(usr_lst[0].name, 'Frida')
+        self.assertEqual(usr_lst[1].name, 'Diego')
+
+        book, = Book.create([{
+            'name': 'Fridas book',
+            'owner': usr_lst[0].id,
+            'btype': types.id,
+            }])
+        self.assertEqual(book.rec_name, 'Fridas book'),
+        self.assertEqual(book.owner.rec_name, 'Frida'),
+
+        with Transaction().set_context({
+            '_check_access': True,
+            }):
+            # change to user 'diego' , try access
+            with Transaction().set_user(usr_lst[1].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 0)
+
+            # change to user 'frida' read/write book
+            with Transaction().set_user(usr_lst[0].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 1)
+                self.assertEqual(books[0].rec_name, 'Fridas book')
+
+                self.assertRaisesRegex(UserError,
+                    'You are not allowed to access "Cashbook".',
+                    Book.write,
+                    *[
+                        books,
+                        {
+                            'name': 'Book2',
+                        },
+                    ])
+
+    @with_transaction()
+    def test_book_permission_reviewer(self):
+        """ create book + 2x users + 1x reviewer-group, add users to group, check access
+        """
+        pool = Pool()
+        ResUser = pool.get('res.user')
+        ResGroup = pool.get('res.group')
+        Book = pool.get('cashbook.book')
+        Types = pool.get('cashbook.type')
+
+        types, = Types.search([('short', '=', 'CAS')])
+        grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
+        grp_reviewer, = ResGroup.create([{
+            'name': 'Cashbook Reviewer',
+            }])
+
+        usr_lst = ResUser.create([{
+            'login': 'frida',
+            'name': 'Frida',
+            'groups': [('add', [grp_cashbook.id])],
+            }, {
+            'login': 'diego',
+            'name': 'Diego',
+            'groups': [('add', [grp_cashbook.id, grp_reviewer.id])],
+            }])
+        self.assertEqual(len(usr_lst), 2)
+        self.assertEqual(usr_lst[0].name, 'Frida')
+        self.assertEqual(usr_lst[1].name, 'Diego')
+
+        # create cashbook
+        # add reviewer-group to allow read for users in group
+        book, = Book.create([{
+            'name': 'Fridas book',
+            'owner': usr_lst[0].id,
+            'reviewer': grp_reviewer.id,
+            'btype': types.id,
+            }])
+        self.assertEqual(book.rec_name, 'Fridas book'),
+        self.assertEqual(book.owner.rec_name, 'Frida'),
+
+        with Transaction().set_context({
+            '_check_access': True,
+            }):
+            # change to user 'diego' , try access
+            with Transaction().set_user(usr_lst[1].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 1)
+                self.assertEqual(len(books[0].reviewer.users), 1)
+                self.assertEqual(books[0].reviewer.users[0].rec_name, 'Diego')
+
+            # change to user 'frida' read/write book
+            with Transaction().set_user(usr_lst[0].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 1)
+                self.assertEqual(books[0].rec_name, 'Fridas book')
+
+    @with_transaction()
+    def test_book_permission_observer(self):
+        """ create book + 2x users + 1x observer-group, add users to group, check access
+        """
+        pool = Pool()
+        ResUser = pool.get('res.user')
+        ResGroup = pool.get('res.group')
+        Book = pool.get('cashbook.book')
+        Types = pool.get('cashbook.type')
+
+        types, = Types.search([('short', '=', 'CAS')])
+        grp_cashbook, = ResGroup.search([('name', '=', 'Cashbook')])
+        grp_observer, = ResGroup.create([{
+            'name': 'Cashbook Observer',
+            }])
+
+        usr_lst = ResUser.create([{
+            'login': 'frida',
+            'name': 'Frida',
+            'groups': [('add', [grp_cashbook.id])],
+            }, {
+            'login': 'diego',
+            'name': 'Diego',
+            'groups': [('add', [grp_cashbook.id, grp_observer.id])],
+            }])
+        self.assertEqual(len(usr_lst), 2)
+        self.assertEqual(usr_lst[0].name, 'Frida')
+        self.assertEqual(usr_lst[1].name, 'Diego')
+
+        # create cashbook
+        # add observer-group to allow read for users in group
+        book, = Book.create([{
+            'name': 'Fridas book',
+            'owner': usr_lst[0].id,
+            'observer': grp_observer.id,
+            'btype': types.id,
+            }])
+        self.assertEqual(book.rec_name, 'Fridas book'),
+        self.assertEqual(book.owner.rec_name, 'Frida'),
+
+        with Transaction().set_context({
+            '_check_access': True,
+            }):
+            # change to user 'diego' , try access
+            with Transaction().set_user(usr_lst[1].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 1)
+                self.assertEqual(len(books[0].observer.users), 1)
+                self.assertEqual(books[0].observer.users[0].rec_name, 'Diego')
+
+            # change to user 'frida' read/write book
+            with Transaction().set_user(usr_lst[0].id):
+                books = Book.search([])
+                self.assertEqual(len(books), 1)
+                self.assertEqual(books[0].rec_name, 'Fridas book')
+
 # end BookTestCase