Merge pull request #11 from ploneintranet/workflow-tests

Workflow tests
ploneintranet · Jun 12, 2014 · 12b921b · 12b921b
2 parents 98efe1f + 1240432
commit 12b921b
Show file tree

Hide file tree

Showing 6 changed files with 187 additions and 12 deletions.
diff --git a/src/ploneintranet/workspace/adapters.py b/src/ploneintranet/workspace/adapters.py
@@ -19,12 +19,13 @@ class PloneIntranetWorkspace(Workspace):
     # A list of groups to which team members can be assigned.
     # Maps group name -> roles
     available_groups = {
-        u'Members': ('Reader', 'TeamMember'),
         u'Admins': ('Contributor', 'Editor', 'Reviewer',
                     'Reader', 'TeamManager',),
-        u'Consumers': ('Reader',),
-        u'Producers': ('Reader', 'Contributor',),
-        u'Publishers': ('Reader', 'Contributor', 'SelfPublisher',),
+        u'Members': ('TeamMember', ),
+        # These are the 'participation policy' groups
+        u'Consumers': (),
+        u'Producers': ('Contributor',),
+        u'Publishers': ('Contributor', 'SelfPublisher',),
         u'Moderators': ('Reader', 'Contributor', 'Reviewer', 'Editor',),
     }
 

diff --git a/src/ploneintranet/workspace/profiles/default/workflows/ploneintranet_workflow/definition.xml b/src/ploneintranet/workspace/profiles/default/workflows/ploneintranet_workflow/definition.xml
@@ -21,27 +21,31 @@
       <permission-role>Owner</permission-role>
       <permission-role>Site Administrator</permission-role>
       <permission-role>TeamManager</permission-role>
+      <permission-role>Reader</permission-role>
     </permission-map>
     <permission-map name="List folder contents"
                     acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Owner</permission-role>
       <permission-role>Site Administrator</permission-role>
       <permission-role>TeamManager</permission-role>
+      <permission-role>Editor</permission-role>
     </permission-map>
     <permission-map name="Modify portal content"
                     acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Owner</permission-role>
       <permission-role>Site Administrator</permission-role>
       <permission-role>TeamManager</permission-role>
+      <permission-role>Editor</permission-role>
     </permission-map>
     <permission-map name="View"
                     acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Owner</permission-role>
       <permission-role>Site Administrator</permission-role>
       <permission-role>TeamManager</permission-role>
+      <permission-role>Reader</permission-role>
     </permission-map>
   </state>
 
@@ -66,6 +70,14 @@
       <permission-role>TeamManager</permission-role>
       <permission-role>Reviewer</permission-role>
     </permission-map>
+    <permission-map name="Modify portal content"
+                    acquired="False">
+      <permission-role>Manager</permission-role>
+      <permission-role>Owner</permission-role>
+      <permission-role>Site Administrator</permission-role>
+      <permission-role>TeamManager</permission-role>
+      <permission-role>Editor</permission-role>
+    </permission-map>
     <permission-map name="View"
                     acquired="False">
       <permission-role>Manager</permission-role>
@@ -99,6 +111,14 @@
       <permission-role>TeamMember</permission-role>
       <permission-role>Reader</permission-role>
     </permission-map>
+    <permission-map name="Modify portal content"
+                    acquired="False">
+      <permission-role>Manager</permission-role>
+      <permission-role>Owner</permission-role>
+      <permission-role>Site Administrator</permission-role>
+      <permission-role>TeamManager</permission-role>
+      <permission-role>Editor</permission-role>
+    </permission-map>
     <permission-map name="View"
                     acquired="False">
       <permission-role>Manager</permission-role>
@@ -133,6 +153,14 @@
       <permission-role>TeamMember</permission-role>
       <permission-role>Reader</permission-role>
     </permission-map>
+    <permission-map name="Modify portal content"
+                    acquired="False">
+      <permission-role>Manager</permission-role>
+      <permission-role>Owner</permission-role>
+      <permission-role>Site Administrator</permission-role>
+      <permission-role>TeamManager</permission-role>
+      <permission-role>Editor</permission-role>
+    </permission-map>
     <permission-map name="View"
                     acquired="False">
       <permission-role>Manager</permission-role>

diff --git a/...anet/workspace/profiles/default/workflows/ploneintranet_workspace_workflow/definition.xml b/...anet/workspace/profiles/default/workflows/ploneintranet_workspace_workflow/definition.xml
@@ -15,12 +15,12 @@
     <permission-map name="Access contents information" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
     </permission-map>
     <permission-map name="View" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
       <permission-role>TeamManager</permission-role>
     </permission-map>
     <permission-map name="Modify portal content" acquired="False">
@@ -39,13 +39,13 @@
     <permission-map name="Access contents information" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
       <permission-role>Authenticated</permission-role>
     </permission-map>
     <permission-map name="View" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
       <permission-role>Authenticated</permission-role>
     </permission-map>
     <permission-map name="Modify portal content" acquired="False">
@@ -62,13 +62,13 @@
     <permission-map name="Access contents information" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
       <permission-role>Authenticated</permission-role>
     </permission-map>
     <permission-map name="View" acquired="False">
       <permission-role>Manager</permission-role>
       <permission-role>Site Administrator</permission-role>
-      <permission-role>Reader</permission-role>
+      <permission-role>TeamMember</permission-role>
       <permission-role>Authenticated</permission-role>
     </permission-map>
     <permission-map name="Modify portal content" acquired="False">

diff --git a/src/ploneintranet/workspace/tests/base.py b/src/ploneintranet/workspace/tests/base.py
@@ -5,6 +5,7 @@
 from plone.app.testing.interfaces import SITE_OWNER_NAME
 from plone.app.testing.interfaces import SITE_OWNER_PASSWORD
 from plone.app.testing import login
+from plone.app.testing import logout
 from Products.CMFCore.utils import getToolByName
 from ploneintranet.workspace.testing import \
     PLONEINTRANET_WORKSPACE_INTEGRATION_TESTING
@@ -34,7 +35,16 @@ def login(self, username):
         """
         login(self.portal, username)
 
+    def logout(self):
+        """
+        helper method to avoid importing the p.a.testing logout method
+        """
+        logout()
+
     def login_as_portal_owner(self):
+        """
+        helper method to login as site admin
+        """
         z2.login(self.app['acl_users'], SITE_OWNER_NAME)
 
     def add_user_to_workspace(self, username, workspace, groups=None):

diff --git a/src/ploneintranet/workspace/tests/test_permissions.py b/src/ploneintranet/workspace/tests/test_permissions.py
@@ -0,0 +1,136 @@
+from plone import api
+from ploneintranet.workspace.tests.base import BaseTestCase
+from plone.api.exc import InvalidParameterError
+from AccessControl import Unauthorized
+
+
+class TestPermissions(BaseTestCase):
+    """
+    Test the abilities of users within a workspace
+    """
+    def setUp(self):
+        super(TestPermissions, self).setUp()
+        self.login_as_portal_owner()
+        # set up some users
+        api.user.create(username='wsadmin', email="admin@test.com")
+        api.user.create(username='user1', email="test@test.com")
+        api.user.create(username='user2', email="test2@test.com")
+        self.workspace = api.content.create(
+            self.portal,
+            'ploneintranet.workspace.workspacefolder',
+            'example-workspace')
+        self.add_user_to_workspace(
+            'wsadmin',
+            self.workspace,
+            {'Admins'},
+        )
+        self.add_user_to_workspace(
+            'user1',
+            self.workspace,
+        )
+        self.logout()
+
+    def traverse_to_item(self, item):
+        """ helper method to travers to an item by path """
+        return api.content.get(path='/'.join(item.getPhysicalPath()))
+
+    def test_consumers_can_view(self):
+        """ Consumers can only view published content in the workspace """
+        self.login_as_portal_owner()
+        self.workspace.participant_policy = "Consumers"
+        doc_private = api.content.create(
+            self.workspace,
+            'Document',
+            'test-page',
+        )
+        doc_published = api.content.create(
+            self.workspace,
+            'Document',
+            'test-page-2',
+        )
+        api.content.transition(doc_published, to_state='published')
+
+        # Should not be able to view this doc
+        self.login('user1')
+        with self.assertRaises(Unauthorized):
+            self.traverse_to_item(doc_private)
+        # Published doc is OK
+        self.traverse_to_item(doc_published)
+
+    def test_producers_can_add(self):
+        """
+        Producers can add content to the workspace, and
+        submit it for review
+        """
+        self.login_as_portal_owner()
+        self.workspace.participant_policy = "Producers"
+
+        self.login('user1')
+        doc = api.content.create(
+            self.workspace,
+            'Document',
+            'my-test-page',
+        )
+        api.content.transition(doc, transition='submit')
+        # We cannot publish our own content
+        with self.assertRaises(InvalidParameterError):
+            api.content.transition(doc, transition='publish')
+
+        # But an admin can
+        self.login('wsadmin')
+        api.content.transition(doc, transition='publish')
+
+    def test_publishers_can_publish(self):
+        """
+        Publishers can add and publish their own content
+        """
+        self.login_as_portal_owner()
+        admin_doc = api.content.create(
+            self.workspace,
+            'Document',
+            'my-admin-page',
+        )
+        self.workspace.participant_policy = "Publishers"
+
+        self.login('user1')
+        doc = api.content.create(
+            self.workspace,
+            'Document',
+            'my-test-page',
+        )
+        # Can publish my own content
+        api.content.transition(doc, transition='submit')
+        api.content.transition(doc, transition='publish')
+
+        # We cannot view or publish someone else's content
+        with self.assertRaises(Unauthorized):
+            self.traverse_to_item(admin_doc)
+        with self.assertRaises(InvalidParameterError):
+            api.content.transition(admin_doc, transition='submit')
+
+    def test_moderators_can_publish_all(self):
+        """
+        Moderators can add and publish any content
+        """
+        self.login_as_portal_owner()
+        admin_doc = api.content.create(
+            self.workspace,
+            'Document',
+            'my-admin-page',
+        )
+        self.workspace.participant_policy = "Moderators"
+
+        self.login('user1')
+        doc = api.content.create(
+            self.workspace,
+            'Document',
+            'my-test-page',
+        )
+        # Can publish my own content
+        api.content.transition(doc, transition='submit')
+        api.content.transition(doc, transition='publish')
+
+        # We can also view and publish someone else's document
+        self.traverse_to_item(admin_doc)
+        api.content.transition(admin_doc, transition='submit')
+        api.content.transition(admin_doc, transition='publish')
diff --git a/src/ploneintranet/workspace/tests/test_policy.py b/src/ploneintranet/workspace/tests/test_policy.py
@@ -145,7 +145,7 @@ def test_members_are_correctly_added_to_group_by_policy(self):
                       group.getAllGroupMembers())
 
         self.login(username)
-        self.assertIn("Reader",
+        self.assertIn("TeamMember",
                       api.user.get_roles(username=username, obj=workspace))
 
         self.login_as_portal_owner()
@@ -165,7 +165,7 @@ def test_members_are_correctly_added_to_group_by_policy(self):
         self.login(username)
         self.assertIn("Contributor",
                       api.user.get_roles(username=username, obj=workspace))
-        self.assertIn("Reader",
+        self.assertIn("TeamMember",
                       api.user.get_roles(username=username, obj=workspace))
         self.assertNotIn("Reviewer",
                          api.user.get_roles(username=username, obj=workspace))