Merge pull request #21 from ploneintranet/team-managed

Admin managed
ploneintranet · Jun 26, 2014 · 8f44034 · 8f44034
2 parents ec4eb67 + 62fba19
commit 8f44034
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 10 deletions.
diff --git a/src/ploneintranet/workspace/browser/roster.py b/src/ploneintranet/workspace/browser/roster.py
@@ -1,13 +1,14 @@
-from plone import api
-from plone.memoize.instance import memoize, clearafter
-from zope.component import getMultiAdapter
-from Products.CMFPlone.utils import safe_unicode
+from AccessControl import Unauthorized
 from Products.CMFCore.utils import _checkPermission as checkPermission
+from Products.CMFPlone.utils import safe_unicode
+from Products.Five import BrowserView
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
+from collective.workspace.interfaces import IWorkspace
+from plone import api
+from plone.memoize.instance import memoize, clearafter
 from plone.protect import CheckAuthenticator, PostOnly
-from Products.Five import BrowserView
 from ploneintranet.workspace import MessageFactory as _
-from collective.workspace.interfaces import IWorkspace
+from zope.component import getMultiAdapter
 
 
 class EditRoster(BrowserView):
@@ -43,6 +44,14 @@ def update_users(self, entries):
         ws = IWorkspace(self.context)
         members = ws.members
 
+        # check user permissions against join policy
+        join_policy = self.context.join_policy
+        if (join_policy == "admin"
+            and not checkPermission(
+                "collective.workspace: Manage roster",
+                self.context)):
+            raise Unauthorized("You are not allowed to add users here")
+
         for entry in entries:
             id = entry['id']
             is_member = bool(entry.get('member'))
@@ -66,12 +75,12 @@ def update_users(self, entries):
                 ws.add_to_team(user=id, groups=groups)
 
     def users(self):
-        """Get current users.
-
-        Returns a list of dicts with keys:
+        """Get current users and add in any search results.
 
+        :returns: a list of dicts with keys
          - id
          - title
+        :rtype: list
         """
         existing_users = self.existing_users()
         existing_user_ids = [x['id'] for x in existing_users]

diff --git a/src/ploneintranet/workspace/tests/test_policy.py b/src/ploneintranet/workspace/tests/test_policy.py
@@ -1,5 +1,8 @@
+from AccessControl import Unauthorized
+from Products.CMFCore.utils import _checkPermission as checkPermission
 from plone import api
 from ploneintranet.workspace.tests.base import BaseTestCase
+from ploneintranet.workspace.browser.roster import EditRoster
 from plone.app.testing import login
 from zope.annotation.interfaces import IAnnotations
 
@@ -172,7 +175,7 @@ def test_members_are_correctly_added_to_group_by_policy(self):
 
     def test_role_adapter(self):
         """
-        test that the self publishers are also given reviewers if they
+        test that the self publishers are also given the reviewer role if they
         are an owner
         """
         self.login_as_portal_owner()
@@ -218,3 +221,78 @@ def test_role_adapter(self):
         self.assertIn('Contributor', local_roles)
         self.assertIn('SelfPublisher', local_roles)
         self.assertIn('Reviewer', local_roles)
+
+    def test_join_policy_admin(self):
+        """
+        in an admin managed workspace, a user needs the
+        manage roster permission to update users
+        """
+        self.login_as_portal_owner()
+        workspace = api.content.create(
+            self.portal,
+            'ploneintranet.workspace.workspacefolder',
+            'workspace')
+        workspace.join_policy = 'admin'
+
+        username = "regular_member"
+        api.user.create(username=username, email="test@test.com")
+        self.add_user_to_workspace(username, workspace)
+
+        self.login(username)
+        self.assertFalse(
+            checkPermission("collective.workspace: Manage roster",
+                            workspace),
+        )
+        self.request['REQUEST_METHOD'] = 'POST'
+        edit_form = EditRoster(workspace, self.request)
+        settings = [
+            {
+                'id': 'wsadmin',
+                'member': True,
+                'admin': False,
+            },
+            {
+                'id': 'wsmember',
+                'member': True,
+            },
+        ]
+        self.assertRaises(
+            Unauthorized,
+            edit_form.update_users,
+            settings,
+        )
+
+    def test_join_policy_team(self):
+        """
+        in a team managed workspace a user only needs the view roster
+        permission to update users
+        """
+        self.login_as_portal_owner()
+        workspace = api.content.create(
+            self.portal,
+            'ploneintranet.workspace.workspacefolder',
+            'workspace')
+        workspace.join_policy = 'team'
+
+        username = "regular_member"
+        api.user.create(username=username, email="test@test.com")
+        self.add_user_to_workspace(username, workspace)
+
+        self.login(username)
+        self.assertTrue(
+            checkPermission("collective.workspace: View roster",
+                            workspace),
+        )
+        self.request['REQUEST_METHOD'] = 'POST'
+        edit_form = EditRoster(workspace, self.request)
+        settings = [
+            {
+                'id': 'member2',
+                'member': True,
+            },
+            {
+                'id': 'regular_member',
+                'member': True,
+            },
+        ]
+        edit_form.update_users(settings)