[Checkins] SVN: Products.CMFCore/trunk/Products/CMFCore/ - modified 'setProperties' method
Yvo Schubbe
y.2011 at wcm-solutions.de
Wed Feb 23 10:04:39 EST 2011
Log message for revision 120547:
- modified 'setProperties' method
Changed:
U Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
U Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py
U Products.CMFCore/trunk/Products/CMFCore/tests/base/security.py
U Products.CMFCore/trunk/Products/CMFCore/tests/test_MemberDataTool.py
-=-
Modified: Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt 2011-02-23 14:59:07 UTC (rev 120546)
+++ Products.CMFCore/trunk/Products/CMFCore/CHANGES.txt 2011-02-23 15:04:39 UTC (rev 120547)
@@ -4,6 +4,9 @@
2.3.0-alpha (unreleased)
------------------------
+- MemberDataTool: Modified 'setProperties' method.
+ It now can be used by user managers as well.
+
- MembershipTool: Added 'isMemberAccessAllowed' method.
If you don't have the 'Manage users' permission for the membership tool, you
shouldn't have write access to other members.
Modified: Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py 2011-02-23 14:59:07 UTC (rev 120546)
+++ Products.CMFCore/trunk/Products/CMFCore/MemberDataTool.py 2011-02-23 15:04:39 UTC (rev 120547)
@@ -262,7 +262,8 @@
'''
# XXX: this method violates the rules for tools/utilities:
# it depends on a non-utility tool
- if self._user.getId() != getSecurityManager().getUser().getId():
+ mtool = getToolByName(self._tool, 'portal_membership')
+ if not mtool.isMemberAccessAllowed(self._user.getId()):
raise BadRequest(u'Only own properties can be set.')
if properties is None:
properties = kw
Modified: Products.CMFCore/trunk/Products/CMFCore/tests/base/security.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/tests/base/security.py 2011-02-23 14:59:07 UTC (rev 120546)
+++ Products.CMFCore/trunk/Products/CMFCore/tests/base/security.py 2011-02-23 15:04:39 UTC (rev 120547)
@@ -64,6 +64,9 @@
def getRolesInContext(self, object):
return self._roles
+ def getDomains(self):
+ return self._domains
+
def allowed(self, object, object_roles=None):
if object_roles is None or 'Anonymous' in object_roles:
return True
Modified: Products.CMFCore/trunk/Products/CMFCore/tests/test_MemberDataTool.py
===================================================================
--- Products.CMFCore/trunk/Products/CMFCore/tests/test_MemberDataTool.py 2011-02-23 14:59:07 UTC (rev 120546)
+++ Products.CMFCore/trunk/Products/CMFCore/tests/test_MemberDataTool.py 2011-02-23 15:04:39 UTC (rev 120547)
@@ -17,9 +17,14 @@
import Testing
import Acquisition
+from AccessControl.SecurityManagement import newSecurityManager
+from DateTime.DateTime import DateTime
from zope.interface.verify import verifyClass
+from Products.CMFCore.exceptions import BadRequest
+from Products.CMFCore.tests.base.security import DummyUser as BaseDummyUser
+
class DummyUserFolder(Acquisition.Implicit):
def __init__(self):
@@ -33,39 +38,22 @@
if password is not None:
user.__ = password
# Emulate AccessControl.User's stupid behavior (should test None)
- user.roles = tuple(roles)
- user.domains = tuple(domains)
+ user._roles = tuple(roles)
+ user._domains = tuple(domains)
def getUsers(self):
return self._users.values()
-class DummyUser(Acquisition.Implicit):
+class DummyUser(BaseDummyUser):
def __init__(self, name, password, roles, domains):
- self.name = name
+ self._id = self._name = name
self.__ = password
- self.roles = tuple(roles)
- self.domains = tuple(domains)
+ self._roles = tuple(roles)
+ self._domains = tuple(domains)
- def getId(self):
- return self.name
- def getUserName(self):
- return 'name of %s' % self.getId()
-
- def getRoles(self):
- return self.roles + ('Authenticated',)
-
- def getDomains(self):
- return self.domains
-
-
-class DummyMemberDataTool(Acquisition.Implicit):
-
- _members = {}
-
-
class MemberDataToolTests(unittest.TestCase):
def _getTargetClass(self):
@@ -130,9 +118,15 @@
return self._getTargetClass()(*args, **kw)
def setUp(self):
- self.mdtool = DummyMemberDataTool()
- self.aclu = DummyUserFolder()
+ from OFS.Folder import Folder
+ from Products.CMFCore.MemberDataTool import MemberDataTool
+ from Products.CMFCore.MembershipTool import MembershipTool
+ self.site = Folder('test')
+ self.site._setObject('portal_memberdata', MemberDataTool())
+ self.site._setObject('portal_membership', MembershipTool())
+ self.site._setObject('acl_users', DummyUserFolder())
+
def test_interfaces(self):
from AccessControl.interfaces import IUser
from Products.CMFCore.interfaces import IMember
@@ -142,23 +136,44 @@
verifyClass(IMemberData, self._getTargetClass())
verifyClass(IUser, self._getTargetClass())
+ def test_setProperties(self):
+ user = DummyUser('bob', 'pw', ['Role'], [])
+ user = user.__of__(self.site.acl_users)
+ member = self._makeOne(user, self.site.portal_memberdata)
+ self.assertRaises(BadRequest, member.setProperties)
+
+ newSecurityManager(None, DummyUser('john', 'pw', ['Role'], []))
+ self.assertRaises(BadRequest, member.setProperties)
+
+ newSecurityManager(None, user)
+ member.setProperties()
+ self.assertEqual(member.getProperty('email'), '')
+ # MemberDataTool is initialized with a string date
+ self.assertEqual(member.getProperty('login_time'), '2000/01/01')
+
+ member.setProperties({'email': 'BOB at EXAMPLE.ORG',
+ 'login_time': '2000/02/02'})
+ self.assertEqual(member.getProperty('email'), 'BOB at EXAMPLE.ORG')
+ self.assertEqual(member.getProperty('login_time'),
+ DateTime('2000/02/02 00:00:00'))
+
def test_setSecurityProfile(self):
user = DummyUser('bob', 'pw', ['Role'], ['domain'])
- self.aclu._addUser(user)
- user = user.__of__(self.aclu)
- member = self._makeOne(user, self.mdtool)
+ self.site.acl_users._addUser(user)
+ user = user.__of__(self.site.acl_users)
+ member = self._makeOne(user, self.site.portal_memberdata)
member.setSecurityProfile(password='newpw')
self.assertEqual(user.__, 'newpw')
- self.assertEqual(list(user.roles), ['Role'])
- self.assertEqual(list(user.domains), ['domain'])
+ self.assertEqual(list(user.getRoles()), ['Role'])
+ self.assertEqual(list(user.getDomains()), ['domain'])
member.setSecurityProfile(roles=['NewRole'])
self.assertEqual(user.__, 'newpw')
- self.assertEqual(list(user.roles), ['NewRole'])
- self.assertEqual(list(user.domains), ['domain'])
+ self.assertEqual(list(user.getRoles()), ['NewRole'])
+ self.assertEqual(list(user.getDomains()), ['domain'])
member.setSecurityProfile(domains=['newdomain'])
self.assertEqual(user.__, 'newpw')
- self.assertEqual(list(user.roles), ['NewRole'])
- self.assertEqual(list(user.domains), ['newdomain'])
+ self.assertEqual(list(user.getRoles()), ['NewRole'])
+ self.assertEqual(list(user.getDomains()), ['newdomain'])
def test_suite():
More information about the checkins
mailing list