diff --git a/imio/dms/mail/tests/permissions_base.py b/imio/dms/mail/tests/permissions_base.py new file mode 100644 index 00000000..4a73cb34 --- /dev/null +++ b/imio/dms/mail/tests/permissions_base.py @@ -0,0 +1,1925 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from collective.dms.mailcontent.dmsmail import internalReferenceOutgoingMailDefaultValue +from datetime import datetime +from imio.dms.mail.testing import change_user +from imio.dms.mail.testing import DMSMAIL_INTEGRATION_TESTING +from imio.dms.mail.testing import reset_dms_config +from imio.dms.mail.utils import clean_borg_cache +from imio.dms.mail.utils import DummyView +from imio.dms.mail.utils import sub_create +from plone import api +from z3c.relationfield.relation import RelationValue +from zope.component import getUtility +from zope.intid.interfaces import IIntIds + +import unittest + + +class TestPermissionsBase(unittest.TestCase): + + layer = DMSMAIL_INTEGRATION_TESTING + + def setUp(self): + self.portal = self.layer["portal"] + self.imf = self.portal["incoming-mail"] + self.omf = self.portal["outgoing-mail"] + self.pw = api.portal.get_tool("portal_workflow") + change_user(self.portal) + + def get_perms(self, userid, obj): + perms = ( + "Access contents information", + "Add portal content", + "Delete objects", + "Modify portal content", + "Request review", + "Review portal content", + "View", + "collective.dms.basecontent: Add DmsFile", + "imio.dms.mail: Write mail base fields", + "imio.dms.mail: Write treating group field", + ) + return {perm: api.user.has_permission(perm, userid, obj=obj) for perm in perms} + + def assertHasAllPerms(self, userid, obj): + self.assertTrue(all(self.get_perms(userid, obj).values())) + + def assertHasNoPerms(self, userid, obj): + self.assertFalse(any(self.get_perms(userid, obj).values())) + + def assertOnlyViewPerms(self, userid, obj): + trues = [k for k, v in self.get_perms(userid, obj).items() if v] + self.assertEqual(trues, ["Access contents information", "View"]) + + def tearDown(self): + # the modified dmsconfig is kept globally + reset_dms_config() + + +class TestPermissionsBaseIncomingMail(TestPermissionsBase): + def setUp(self): + super(TestPermissionsBaseIncomingMail, self).setUp() + intids = getUtility(IIntIds) + params = { + "title": "Courrier 10", + "mail_type": "courrier", + "internal_reference_no": "E0010", + "sender": [RelationValue(intids.getId(self.portal["contacts"]["jeancourant"]))], + "treating_groups": self.portal["contacts"]["plonegroup-organization"]["direction-generale"]["grh"].UID(), + } + change_user(self.portal, "encodeur") + self.imail = sub_create(self.imf, "dmsincomingmail", datetime.today(), "my-id", **params) + self.annex = api.content.create(container=self.imail, id="annex", type="dmsappendixfile") + self.file = api.content.create(container=self.imail, id="file", type="dmsmainfile") + self.task = api.content.create(container=self.imail, id="task", type="task", + assigned_group=self.imail.treating_groups) + + def permissions_incoming_mail(self): + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.imail) + self.assertHasNoPerms("dirg", self.imail) + self.assertHasNoPerms("agent", self.imail) + self.assertHasNoPerms("agent1", self.imail) + self.assertHasAllPerms("encodeur", self.imail) + + self.assertHasNoPerms("lecteur", self.file) + self.assertHasNoPerms("dirg", self.file) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertHasAllPerms("encodeur", self.file) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertHasNoPerms("dirg", self.annex) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertHasAllPerms("encodeur", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + # apc not handled in workflow. Permission inherited from im for Contributor. + # encodeur cannot add subtask !! Only owner role. Must be modified: see DMS-1056 + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.pw.doActionFor(self.imail, "propose_to_manager") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.imail) + self.assertEqual( + self.get_perms("dirg", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.imail) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, # raison ? + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + change_user(self.portal, "dirg") + if "proposed_to_n_plus_1" in set(self.pw["incomingmail_workflow"].states): + self.pw.doActionFor(self.imail, "propose_to_n_plus_1") + self.imail.assigned_user = 'agent' + self.pw.doActionFor(self.imail, "propose_to_agent") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.imail) + self.assertEqual( + self.get_perms("dirg", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + change_user(self.portal, "agent") + self.pw.doActionFor(self.imail, "treat") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.imail) + self.assertEqual( + self.get_perms("dirg", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.pw.doActionFor(self.imail, "close") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.imail) + self.assertEqual( + self.get_perms("dirg", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + +class TestPermissionsBaseOutgoingMail(TestPermissionsBase): + def setUp(self): + super(TestPermissionsBaseOutgoingMail, self).setUp() + intids = getUtility(IIntIds) + params = { + "title": u"Courrier sortant test", + "internal_reference_no": internalReferenceOutgoingMailDefaultValue( + DummyView(self.portal, self.portal.REQUEST) + ), + "mail_type": "type1", + "treating_groups": self.portal["contacts"]["plonegroup-organization"]["direction-generale"]["grh"].UID(), + "recipients": [RelationValue(intids.getId(self.portal["contacts"]["jeancourant"]))], + "assigned_user": "agent", + "sender": self.portal["contacts"]["jeancourant"]["agent-electrabel"].UID(), + "send_modes": u"post", + } + change_user(self.portal, "agent") + self.omail = sub_create(self.omf, "dmsoutgoingmail", datetime.today(), "my-id", **params) + self.annex = api.content.create(container=self.omail, id="annex", type="dmsappendixfile") + self.file = api.content.create(container=self.omail, id="file", type="dmsommainfile") + self.task = api.content.create(container=self.omail, id="task", type="task", + assigned_group=self.omail.treating_groups) + + def permissions_outgoing_mail(self): + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.omail) + self.assertHasNoPerms("dirg", self.omail) + self.assertHasAllPerms("agent", self.omail) + self.assertHasNoPerms("agent1", self.omail) + self.assertHasNoPerms("encodeur", self.omail) + + self.assertHasNoPerms("lecteur", self.file) + self.assertHasNoPerms("dirg", self.file) + self.assertHasAllPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertHasNoPerms("encodeur", self.file) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertHasNoPerms("dirg", self.annex) + self.assertHasAllPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertHasNoPerms("encodeur", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) + + self.pw.doActionFor(self.omail, "propose_to_be_signed") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.omail) + self.assertEqual( + self.get_perms("dirg", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertEqual( + self.get_perms("encodeur", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertHasNoPerms("encodeur", self.task) + + self.pw.doActionFor(self.omail, "back_to_creation") + clean_borg_cache(self.portal.REQUEST) + change_user(self.portal, "scanner") + self.pw.doActionFor(self.omail, "set_scanned") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.omail) + self.assertHasNoPerms("dirg", self.omail) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": False, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": False, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertHasAllPerms("encodeur", self.omail) + + self.assertHasNoPerms("lecteur", self.file) + self.assertHasNoPerms("dirg", self.file) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": False, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": False, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertHasAllPerms("encodeur", self.file) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertHasNoPerms("dirg", self.annex) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": False, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": False, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertHasAllPerms("encodeur", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) + + self.pw.doActionFor(self.omail, "mark_as_sent") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.omail) + self.assertEqual( + self.get_perms("dirg", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertEqual( + self.get_perms("encodeur", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) + + +class TestPermissionsBaseIncomingEmail(TestPermissionsBase): + def setUp(self): + super(TestPermissionsBaseIncomingEmail, self).setUp() + intids = getUtility(IIntIds) + params = { + "title": "Courrier 10", + "mail_type": "email", + "internal_reference_no": "E0010", + "sender": [RelationValue(intids.getId(self.portal["contacts"]["jeancourant"]))], + "treating_groups": self.portal["contacts"]["plonegroup-organization"]["direction-generale"]["grh"].UID(), + } + change_user(self.portal, "encodeur") + self.iemail = sub_create(self.imf, "dmsincomingmail", datetime.today(), "my-id", **params) + self.annex = api.content.create(container=self.iemail, id="annex", type="dmsappendixfile") + self.file = api.content.create(container=self.iemail, id="file", type="dmsmainfile") + self.task = api.content.create(container=self.iemail, id="task", type="task", + assigned_group=self.iemail.treating_groups) + + def permissions_incoming_email(self): + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.iemail) + self.assertHasNoPerms("dirg", self.iemail) + self.assertHasNoPerms("agent", self.iemail) + self.assertHasNoPerms("agent1", self.iemail) + self.assertHasAllPerms("encodeur", self.iemail) + + self.assertHasNoPerms("lecteur", self.file) + self.assertHasNoPerms("dirg", self.file) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertHasAllPerms("encodeur", self.file) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertHasNoPerms("dirg", self.annex) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertHasAllPerms("encodeur", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + # apc not handled in workflow. Permission inherited from im for Contributor. + # encodeur cannot add subtask !! Only owner role. Must be modified: see DMS-1056 + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.pw.doActionFor(self.iemail, "propose_to_manager") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.iemail) + self.assertEqual( + self.get_perms("dirg", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.iemail) + self.assertHasNoPerms("agent1", self.iemail) + self.assertEqual( + self.get_perms("encodeur", self.iemail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, # raison ? + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + change_user(self.portal, "dirg") + self.pw.doActionFor(self.iemail, "propose_to_agent") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.iemail) + self.assertEqual( + self.get_perms("dirg", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.iemail) + self.assertEqual( + self.get_perms("encodeur", self.iemail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + change_user(self.portal, "agent") + self.pw.doActionFor(self.iemail, "treat") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.iemail) + self.assertEqual( + self.get_perms("dirg", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.iemail) + self.assertEqual( + self.get_perms("encodeur", self.iemail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.pw.doActionFor(self.iemail, "close") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.iemail) + self.assertEqual( + self.get_perms("dirg", self.iemail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.iemail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.iemail) + self.assertEqual( + self.get_perms("encodeur", self.iemail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) diff --git a/imio/dms/mail/tests/test_permissions_incoming_email.py b/imio/dms/mail/tests/test_permissions_incoming_email.py new file mode 100644 index 00000000..05750c6f --- /dev/null +++ b/imio/dms/mail/tests/test_permissions_incoming_email.py @@ -0,0 +1,8 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from imio.dms.mail.tests.permissions_base import TestPermissionsBaseIncomingEmail + + +class TestPermissionsIncomingEmail(TestPermissionsBaseIncomingEmail): + def test_permissions_incoming_email(self): + self.permissions_incoming_email() \ No newline at end of file diff --git a/imio/dms/mail/tests/test_permissions_incoming_mail.py b/imio/dms/mail/tests/test_permissions_incoming_mail.py new file mode 100644 index 00000000..12453dc2 --- /dev/null +++ b/imio/dms/mail/tests/test_permissions_incoming_mail.py @@ -0,0 +1,8 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from imio.dms.mail.tests.permissions_base import TestPermissionsBaseIncomingMail + + +class TestPermissionsIncomingMail(TestPermissionsBaseIncomingMail): + def test_permissions_incoming_mail(self): + self.permissions_incoming_mail() diff --git a/imio/dms/mail/tests/test_permissions_incoming_mail_wfadapt.py b/imio/dms/mail/tests/test_permissions_incoming_mail_wfadapt.py new file mode 100644 index 00000000..394559ba --- /dev/null +++ b/imio/dms/mail/tests/test_permissions_incoming_mail_wfadapt.py @@ -0,0 +1,563 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from imio.dms.mail.testing import change_user +from imio.dms.mail.tests.permissions_base import TestPermissionsBaseIncomingMail +from imio.dms.mail.utils import clean_borg_cache +from imio.dms.mail.wfadaptations import IMPreManagerValidation +from imio.dms.mail.wfadaptations import IMServiceValidation +from plone import api + + +class TestPermissionsIncomingMailWfAdapt(TestPermissionsBaseIncomingMail): + def test_permissions_incoming_mail_wfadapt_pre_manager(self): + change_user(self.portal) + params = { + "state_title": u"À valider avant le DG", + "forward_transition_title": u"Proposer pour prévalidation DG", + "backward_transition_title": u"Renvoyer pour prévalidation DG", + } + pmva = IMPreManagerValidation() + pmva.patch_workflow("incomingmail_workflow", **params) + clean_borg_cache(self.portal.REQUEST) + + api.user.create(email="test@test.be", username="premanager", password="Password#1") + api.group.add_user(groupname="pre_manager", username="premanager") + + self.permissions_incoming_mail() + + self.pw.doActionFor(self.imail, "back_to_agent") + self.pw.doActionFor(self.imail, "back_to_creation") + change_user(self.portal, "encodeur") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("premanager", self.imail) + self.assertHasNoPerms("premanager", self.file) + self.assertHasNoPerms("premanager", self.annex) + self.assertHasNoPerms("premanager", self.task) + + self.pw.doActionFor(self.imail, "propose_to_pre_manager") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.imail) + self.assertOnlyViewPerms("dirg", self.imail) + self.assertHasNoPerms("agent", self.imail) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("premanager", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.file) + self.assertOnlyViewPerms("dirg", self.file) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("premanager", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertOnlyViewPerms("dirg", self.annex) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("premanager", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + # Potential problem + self.assertHasNoPerms("premanager", self.task) + + change_user(self.portal, "premanager") + self.pw.doActionFor(self.imail, "propose_to_manager") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("premanager", self.imail) + self.assertOnlyViewPerms("premanager", self.file) + self.assertOnlyViewPerms("premanager", self.annex) + self.assertHasNoPerms("premanager", self.task) + + change_user(self.portal, "dirg") + self.pw.doActionFor(self.imail, "propose_to_agent") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("premanager", self.imail) + self.assertOnlyViewPerms("premanager", self.file) + self.assertOnlyViewPerms("premanager", self.annex) + self.assertHasNoPerms("premanager", self.task) + + change_user(self.portal, "agent") + self.pw.doActionFor(self.imail, "treat") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("premanager", self.imail) + self.assertOnlyViewPerms("premanager", self.file) + self.assertOnlyViewPerms("premanager", self.annex) + self.assertHasNoPerms("premanager", self.task) + + self.pw.doActionFor(self.imail, "close") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("premanager", self.imail) + self.assertOnlyViewPerms("premanager", self.file) + self.assertOnlyViewPerms("premanager", self.annex) + self.assertHasNoPerms("premanager", self.task) + + def test_permissions_incoming_mail_wfadapt_service_validation(self): + change_user(self.portal) + params = { + "validation_level": 1, + "state_title": u"À valider par le chef de service", + "forward_transition_title": u"Proposer au chef de service", + "backward_transition_title": u"Renvoyer au chef de service", + "function_title": u"N+1", + } + sva = IMServiceValidation() + sva.patch_workflow("incomingmail_workflow", **params) + clean_borg_cache(self.portal.REQUEST) + + org_uid = self.portal.contacts["plonegroup-organization"]["direction-generale"]["grh"].UID() + api.group.add_user(groupname="%s_n_plus_1" % org_uid, username="chef") + + self.permissions_incoming_mail() + + change_user(self.portal) + self.pw.doActionFor(self.imail, "back_to_n_plus_1") + self.pw.doActionFor(self.imail, "back_to_creation") + change_user(self.portal, "encodeur") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("chef", self.imail) + self.assertHasNoPerms("chef", self.file) + self.assertHasNoPerms("chef", self.annex) + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.imail, "propose_to_manager") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("chef", self.imail) + self.assertHasNoPerms("chef", self.file) + self.assertHasNoPerms("chef", self.annex) + self.assertHasNoPerms("chef", self.task) + + change_user(self.portal, "dirg") + self.pw.doActionFor(self.imail, "propose_to_n_plus_1") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.imail) + self.assertEqual( + self.get_perms("dirg", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.imail) + self.assertHasNoPerms("agent1", self.imail) + self.assertEqual( + self.get_perms("encodeur", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertHasNoPerms("lecteur", self.file) + self.assertEqual( + self.get_perms("dirg", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.file) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertHasNoPerms("lecteur", self.annex) + self.assertEqual( + self.get_perms("dirg", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertHasNoPerms("agent", self.task) + self.assertHasNoPerms("agent1", self.task) + self.assertEqual( + self.get_perms("encodeur", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) + + change_user(self.portal, "chef") + self.imail.assigned_user = 'agent' + self.pw.doActionFor(self.imail, "propose_to_agent") + clean_borg_cache(self.portal.REQUEST) + + self.assertEqual( + self.get_perms("chef", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) + + change_user(self.portal, "agent") + self.pw.doActionFor(self.imail, "treat") + clean_borg_cache(self.portal.REQUEST) + + self.assertEqual( + self.get_perms("chef", self.imail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.imail, "close") + clean_borg_cache(self.portal.REQUEST) + + self.assertEqual( + self.get_perms("chef", self.imail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) diff --git a/imio/dms/mail/tests/test_permissions_outgoing_mail.py b/imio/dms/mail/tests/test_permissions_outgoing_mail.py new file mode 100644 index 00000000..0e6dc1d8 --- /dev/null +++ b/imio/dms/mail/tests/test_permissions_outgoing_mail.py @@ -0,0 +1,8 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from imio.dms.mail.tests.permissions_base import TestPermissionsBaseOutgoingMail + + +class TestPermissionsOutgoingMail(TestPermissionsBaseOutgoingMail): + def test_permissions_outgoing_mail(self): + self.permissions_outgoing_mail() \ No newline at end of file diff --git a/imio/dms/mail/tests/test_permissions_outgoing_mail_wfadapt.py b/imio/dms/mail/tests/test_permissions_outgoing_mail_wfadapt.py new file mode 100644 index 00000000..6ab6985c --- /dev/null +++ b/imio/dms/mail/tests/test_permissions_outgoing_mail_wfadapt.py @@ -0,0 +1,548 @@ +# -*- coding: utf-8 -*- +""" user permissions tests for this package.""" +from imio.dms.mail.testing import change_user +from imio.dms.mail.tests.permissions_base import TestPermissionsBaseOutgoingMail +from imio.dms.mail.utils import clean_borg_cache +from imio.dms.mail.wfadaptations import OMServiceValidation +from imio.dms.mail.wfadaptations import OMToPrintAdaptation +from plone import api + + +class TestPermissionsOutgoingMailWfAdapt(TestPermissionsBaseOutgoingMail): + def test_permissions_outgoing_mail_wfadapt_service_validation(self): + change_user(self.portal) + params = { + "validation_level": 1, + "state_title": u"À valider par le chef de service", + "forward_transition_title": u"Proposer au chef de service", + "backward_transition_title": u"Renvoyer au chef de service", + "function_title": u"N+1", + "validated_from_created": True, + } + sva = OMServiceValidation() + sva.patch_workflow("outgoingmail_workflow", **params) + clean_borg_cache(self.portal.REQUEST) + + org_uid = self.portal.contacts["plonegroup-organization"]["direction-generale"]["grh"].UID() + api.group.add_user(groupname="%s_n_plus_1" % org_uid, username="chef") + + self.permissions_outgoing_mail() + + self.pw.doActionFor(self.omail, "back_to_creation") + change_user(self.portal, "agent") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasAllPerms("chef", self.omail) + self.assertHasAllPerms("chef", self.file) + self.assertHasAllPerms("chef", self.annex) + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.omail, "propose_to_n_plus_1") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("lecteur", self.omail) + # Potential problem + self.assertHasNoPerms("dirg", self.omail) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertHasNoPerms("encodeur", self.omail) + self.assertEqual( + self.get_perms("chef", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertHasNoPerms("lecteur", self.file) + # Potential problem + self.assertHasNoPerms("dirg", self.file) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertHasNoPerms("encodeur", self.file) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertHasNoPerms("lecteur", self.annex) + # Potential problem + self.assertHasNoPerms("dirg", self.annex) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertHasNoPerms("encodeur", self.annex) + self.assertHasAllPerms("chef", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + # Potential problem + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) + # Potential problem + self.assertHasNoPerms("chef", self.task) + + change_user(self.portal, "chef") + self.pw.doActionFor(self.omail, "set_validated") + clean_borg_cache(self.portal.REQUEST) + + self.assertOnlyViewPerms("lecteur", self.omail) + self.assertOnlyViewPerms("dirg", self.omail) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertEqual( + self.get_perms("encodeur", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertOnlyViewPerms("dirg", self.file) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": True, + "imio.dms.mail: Write mail base fields": True, + "imio.dms.mail: Write treating group field": True, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertOnlyViewPerms("dirg", self.annex) + self.assertHasAllPerms("agent", self.annex) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasAllPerms("chef", self.annex) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) + # Potential problem + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.omail, "propose_to_be_signed") + clean_borg_cache(self.portal.REQUEST) + + self.assertEqual( + self.get_perms("chef", self.omail), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": True, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.omail, "mark_as_sent") + clean_borg_cache(self.portal.REQUEST) + + self.assertEqual( + self.get_perms("chef", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertEqual( + self.get_perms("chef", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": False, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("chef", self.task) + + self.pw.doActionFor(self.omail, "back_to_creation") + clean_borg_cache(self.portal.REQUEST) + change_user(self.portal, "scanner") + self.pw.doActionFor(self.omail, "set_scanned") + clean_borg_cache(self.portal.REQUEST) + + self.assertHasNoPerms("chef", self.omail) + self.assertHasNoPerms("chef", self.file) + self.assertHasNoPerms("chef", self.annex) + self.assertHasNoPerms("chef", self.task) + + def test_permissions_outgoing_mail_wfadapt_to_print(self): + change_user(self.portal) + tpa = OMToPrintAdaptation() + tpa.patch_workflow("outgoingmail_workflow") + clean_borg_cache(self.portal.REQUEST) + + self.permissions_outgoing_mail() + + self.pw.doActionFor(self.omail, "back_to_print") + clean_borg_cache(self.portal.REQUEST) + change_user(self.portal, "encodeur") + + self.assertOnlyViewPerms("lecteur", self.omail) + self.assertOnlyViewPerms("dirg", self.omail) + self.assertEqual( + self.get_perms("agent", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.omail) + self.assertEqual( + self.get_perms("encodeur", self.omail), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.file) + self.assertOnlyViewPerms("dirg", self.file) + self.assertEqual( + self.get_perms("agent", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.file) + self.assertEqual( + self.get_perms("encodeur", self.file), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertOnlyViewPerms("lecteur", self.annex) + self.assertOnlyViewPerms("dirg", self.annex) + self.assertEqual( + self.get_perms("agent", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": False, + "Modify portal content": False, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.annex) + self.assertEqual( + self.get_perms("encodeur", self.annex), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": True, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + + self.assertHasNoPerms("lecteur", self.task) + self.assertHasNoPerms("dirg", self.task) + self.assertEqual( + self.get_perms("agent", self.task), + { + "Access contents information": True, + "Add portal content": False, + "Delete objects": True, + "Modify portal content": True, + "Request review": True, + "Review portal content": False, + "View": True, + "collective.dms.basecontent: Add DmsFile": False, + "imio.dms.mail: Write mail base fields": False, + "imio.dms.mail: Write treating group field": False, + }, + ) + self.assertHasNoPerms("agent1", self.task) + self.assertHasNoPerms("encodeur", self.task) diff --git a/imio/dms/mail/utils.py b/imio/dms/mail/utils.py index 38b6f1b6..2252c208 100644 --- a/imio/dms/mail/utils.py +++ b/imio/dms/mail/utils.py @@ -1553,3 +1553,15 @@ def vocabularyname_to_terms(vocabulary_name, context=None, sort_on=None): if sort_on: return sorted([term for term in vocab], key=attrgetter(sort_on)) return [term for term in vocab] + + +def clean_borg_cache(req): + """Remove borg localroles cache values from request (needed in tests).""" + annotations = IAnnotations(req) + annotations_to_delete = [] + for annotation in annotations.keys(): + if annotation.startswith("borg.localrole.workspace.checkLocalRolesAllowed"): + annotations_to_delete.append(annotation) + # directly deleting in BTree doesn't work, we must do it in a second time + for annotation_to_delete in annotations_to_delete: + del annotations[annotation_to_delete]