[1] | 1 | # |
---|
| 2 | # Test moderation behavior |
---|
| 3 | # |
---|
| 4 | |
---|
| 5 | from Products.PloneTestCase import PloneTestCase |
---|
| 6 | from Products.CMFCore.utils import getToolByName |
---|
| 7 | import re |
---|
| 8 | |
---|
| 9 | from common import * |
---|
| 10 | |
---|
| 11 | PloneTestCase.installProduct(PRODUCT) |
---|
| 12 | PloneTestCase.setupPloneSite() |
---|
| 13 | |
---|
[87] | 14 | |
---|
[1] | 15 | class TestModeration(PloneTestCase.FunctionalTestCase): |
---|
| 16 | |
---|
| 17 | def afterSetUp(self): |
---|
| 18 | self.loginAsPortalOwner() |
---|
[115] | 19 | self.portal.portal_quickinstaller.installProduct(PRODUCT) |
---|
[1] | 20 | |
---|
| 21 | # Add all users |
---|
| 22 | addMembers(self.portal, USERS) |
---|
[87] | 23 | |
---|
[1] | 24 | # Add users to Discussion Manager group |
---|
| 25 | add2Group(self.portal, 'DiscussionManager', DM_USERS_IDS) |
---|
[87] | 26 | |
---|
[1] | 27 | # Allow discussion for Document |
---|
[115] | 28 | portal_types = getToolByName(self.portal, 'portal_types') |
---|
[1] | 29 | doc_fti = portal_types.getTypeInfo('Document') |
---|
| 30 | doc_fti._updateProperty('allow_discussion', 1) |
---|
[87] | 31 | |
---|
[1] | 32 | # Make sure Documents are visible by default |
---|
| 33 | self.portal.portal_workflow.setChainForPortalTypes(('Document',), 'plone_workflow') |
---|
| 34 | |
---|
| 35 | # Add testing documents to portal. Add one document for avery user. |
---|
| 36 | # For testing behaviors, where made some changes to document state it's more usefull. |
---|
| 37 | self.discussion = getToolByName(self.portal, 'portal_discussion', None) |
---|
| 38 | all_users_id = DM_USERS_IDS + COMMON_USERS_IDS |
---|
| 39 | for user_id in all_users_id: |
---|
| 40 | doc_id = 'doc_%s' % user_id |
---|
| 41 | self.portal.invokeFactory('Document', id=doc_id) |
---|
| 42 | doc_obj = getattr(self.portal, doc_id) |
---|
| 43 | doc_obj.edit(text_format='plain', text='hello world from %s' % doc_id) |
---|
| 44 | # Create talkback for document and Add comment to doc_obj |
---|
| 45 | self.discussion.getDiscussionFor(doc_obj) |
---|
| 46 | doc_obj.discussion_reply('A Reply for %s' % doc_id,'text of reply for %s' % doc_id) |
---|
| 47 | |
---|
| 48 | ## TEST VIEWING |
---|
| 49 | |
---|
| 50 | def testViewRepliesNotPublishedDMUsers(self): |
---|
| 51 | # All members of DiscussionManager group MUST VIEW comments |
---|
| 52 | doc = getattr(self.portal, 'doc_%s' % DM_USERS_IDS[0]) |
---|
| 53 | for u in DM_USERS_IDS: |
---|
| 54 | self.login(u) |
---|
| 55 | replies = self.discussion.getDiscussionFor(doc).getReplies() |
---|
| 56 | self.assert_(replies, "Viewing discussion item forbiden for %s - member of DiscussionManager group" % u) |
---|
| 57 | |
---|
| 58 | def testViewRepliesNotPublishedNotDMUsers(self): |
---|
| 59 | # All common users SHOULD NOT VIEW NOT PUBLISHED comments |
---|
| 60 | doc = getattr(self.portal, 'doc_%s' % DM_USERS_IDS[0]) |
---|
| 61 | roles = [r['name'] for r in self.portal.rolesOfPermission('Moderate Discussion') if r['selected'] == 'SELECTED'] |
---|
[87] | 62 | authorized_users = [user for user in COMMON_USERS_IDS if user !='anonym'] |
---|
[1] | 63 | users_without_md_perm = [u for u in authorized_users if filter(lambda x: x not in roles, USERS[u]['roles'])] |
---|
| 64 | for u in users_without_md_perm: |
---|
| 65 | self.logout() |
---|
| 66 | if not u=='anonym': |
---|
| 67 | self.login(u) |
---|
| 68 | replies = self.discussion.getDiscussionFor(doc).getReplies() |
---|
| 69 | self.assert_(not replies, "Viewing of NOT published discussion item allow %s - user without 'Moderate Discussion' permission" % u) |
---|
| 70 | |
---|
| 71 | def testViewRepliesPublishedAllUsers(self): |
---|
| 72 | # All users MUST VIEW PUBLISHED comments |
---|
| 73 | # Get any document and publish it's comment |
---|
| 74 | doc = getattr(self.portal, 'doc_%s' % 'dm_admin') |
---|
| 75 | self.login('dm_admin') |
---|
| 76 | di = self.discussion.getDiscussionFor(doc).getReplies()[0] |
---|
| 77 | di.discussion_publish_comment() |
---|
| 78 | |
---|
| 79 | all_users_id = USERS.keys() + ['anonym'] |
---|
| 80 | for u in all_users_id: |
---|
| 81 | self.logout() |
---|
| 82 | if not u=='anonym': |
---|
| 83 | self.login(u) |
---|
| 84 | replies = self.discussion.getDiscussionFor(doc).getReplies() |
---|
| 85 | self.assert_(replies, "Viewing PUBLISHED discussion item forbiden for %s user" % u) |
---|
| 86 | |
---|
| 87 | ## TEST PUBLISHING |
---|
| 88 | |
---|
| 89 | def testViewPublishButtonNonDMUsers(self): |
---|
[87] | 90 | # Publish button MUST BE ABSENT in document view form |
---|
[1] | 91 | # Pattern for publish button presence checking |
---|
[115] | 92 | pattern = re.compile('.*<input.+?value="Publish"', re.S|re.M) |
---|
[87] | 93 | roles = [r['name'] for r in self.portal.rolesOfPermission('Moderate Discussion') if r['selected'] == 'SELECTED'] |
---|
| 94 | authorized_users = [user for user in COMMON_USERS_IDS if user !='anonym'] |
---|
| 95 | users_without_md_perm = [u for u in authorized_users if filter(lambda x: x not in roles, USERS[u]['roles'])] |
---|
[1] | 96 | for u in users_without_md_perm: |
---|
| 97 | self.logout() |
---|
| 98 | auth = "%s:" % u |
---|
| 99 | if not u=='anonym': |
---|
| 100 | self.login(u) |
---|
| 101 | auth = '%s:%s' % (u,USERS[u]['passw']) |
---|
| 102 | doc_id = "doc_%s" % u |
---|
| 103 | html = str(self.publish(self.portal.id+'/%s' % doc_id, auth)) |
---|
| 104 | m = pattern.match(html) |
---|
| 105 | self.assert_(not m, "Publish button present for %s - user without Moderate Discussion permission" % u) |
---|
| 106 | |
---|
| 107 | def testViewPublishButtonDMUsers(self): |
---|
| 108 | # Publish button MUST PRESENT in document view form |
---|
| 109 | # Pattern for publish button presence checking |
---|
[115] | 110 | pattern = re.compile('.*<input.+?value="Publish"',re.S|re.M) |
---|
| 111 | # pattern = re.compile('.*<input\\s*class="standalone"\\s*type="submit"\\s*value="Publish"\\s*/>', re.S|re.M) |
---|
[1] | 112 | for u in DM_USERS_IDS: |
---|
| 113 | self.login(u) |
---|
| 114 | auth = '%s:%s' % (u,USERS[u]['passw']) |
---|
| 115 | doc_id = "doc_%s" % u |
---|
| 116 | html = str(self.publish(self.portal.id+'/%s' % doc_id, auth)) |
---|
| 117 | m = pattern.match(html) |
---|
| 118 | self.assert_(m, "Publish button NOT PRESENT for %s - member of DiscussionManager group" % u) |
---|
| 119 | |
---|
| 120 | |
---|
| 121 | def testPublishing(self): |
---|
| 122 | # Check whether perform real publishing |
---|
| 123 | # Pattern for publish button presence checking |
---|
[115] | 124 | pattern = re.compile('.*<input.+?value="Publish"',re.S|re.M) |
---|
[1] | 125 | for u in DM_USERS_IDS: |
---|
| 126 | doc_id = "doc_%s" % u |
---|
| 127 | doc_obj = getattr(self.portal, doc_id) |
---|
| 128 | getReplies = self.discussion.getDiscussionFor(doc_obj).getReplies |
---|
| 129 | # Check whether anonymous get no reply |
---|
| 130 | self.logout() |
---|
| 131 | self.assert_(not getReplies(), "View not published reply ALLOW for Anonymous") |
---|
| 132 | # Login with actual (tested) user with DiscussionManager role and publish discussion |
---|
| 133 | self.login(u) |
---|
| 134 | self.assert_(getReplies(), "%s - member of DiscussionManager group NOT VIEW not published reply" % u) |
---|
| 135 | getReplies()[0].discussion_publish_comment() |
---|
| 136 | # Check if Publish button still present in document view page |
---|
| 137 | auth = "%s:" % u |
---|
| 138 | if not u=='anonym': |
---|
| 139 | auth = '%s:%s' % (u,USERS[u]['passw']) |
---|
| 140 | html = str(self.publish(self.portal.id+'/%s' % doc_id, auth)) |
---|
| 141 | m = pattern.match(html) |
---|
| 142 | self.assert_(not m, "Publish button present for %s - DiscussionManager role user after publishing" % u) |
---|
| 143 | # Check whether Anonym view published reply |
---|
| 144 | self.logout() |
---|
| 145 | self.assert_(getReplies(), "%s - member of DiscussionManager group NOT PUBLISH reply" % u) |
---|
| 146 | |
---|
| 147 | ## TEST DELETING |
---|
| 148 | |
---|
| 149 | def testViewDeleteButtonNonDMUsers(self): |
---|
| 150 | # Check Delete reply button presense ONLY for PUBLISHED reply. |
---|
| 151 | # Because of NOT PUBLUISHED replies is not visible at all for common users. |
---|
| 152 | # Delete reply button in document view form MUST BE ABSENT for all EXCEPT manager. |
---|
| 153 | # Publish replies |
---|
| 154 | self.logout() |
---|
| 155 | self.login('dm_admin') |
---|
| 156 | for u in COMMON_USERS_IDS: |
---|
| 157 | doc_id = "doc_%s" % u |
---|
| 158 | doc_obj = getattr(self.portal, doc_id) |
---|
| 159 | reply = self.discussion.getDiscussionFor(doc_obj).getReplies()[0] |
---|
| 160 | reply.discussion_publish_comment() |
---|
| 161 | # Prepare pattern for delete reply button presence checking |
---|
[115] | 162 | pattern = re.compile('.*<input\\s*class="destructive"\\s*type="submit"\\s*value="Remove"\\s*/>', re.S|re.M) |
---|
[1] | 163 | for u in COMMON_USERS_IDS: |
---|
| 164 | self.logout() |
---|
| 165 | auth = "%s:" % u |
---|
| 166 | if not u=='anonym': |
---|
| 167 | self.login(u) |
---|
| 168 | auth = '%s:%s' % (u,USERS[u]['passw']) |
---|
| 169 | doc_id = "doc_%s" % u |
---|
| 170 | html = str(self.publish(self.portal.id+'/%s' % doc_id, auth)) |
---|
| 171 | m = pattern.match(html) |
---|
| 172 | if not u=='anonym' and 'Manager' in USERS[u]['roles']: |
---|
| 173 | self.assert_(m, "%s - user with Manager role NOT VIEW Delete reply button for published reply on document view form" % u) |
---|
| 174 | else: |
---|
| 175 | self.assert_(not m, "%s - user without Manager role CAN VIEW Delete reply button for published reply on document view form" % u) |
---|
| 176 | |
---|
| 177 | def testDeleting(self): |
---|
| 178 | # Manager with DiscussionManager role CAN delete ANY REPLY. |
---|
| 179 | # Manager without DiscussionManager role [common manager] CAN delete ONLY PUBLISHED REPLY. |
---|
| 180 | # Get Managers |
---|
| 181 | managers = [u for u in USERS.keys() if 'Manager' in USERS[u]['roles']] |
---|
| 182 | dm_man = [u for u in managers if u.startswith('dm_')][0] |
---|
| 183 | common_man = [u for u in managers if not u.startswith('dm_')][0] |
---|
| 184 | # Publish document for common manager |
---|
| 185 | self.login(dm_man) |
---|
| 186 | doc_obj = getattr(self.portal, "doc_%s" % common_man) |
---|
| 187 | reply = self.discussion.getDiscussionFor(doc_obj).getReplies()[0] |
---|
| 188 | reply.discussion_publish_comment() |
---|
| 189 | # Check for really deleting |
---|
| 190 | for u in managers: |
---|
| 191 | self.login(u) |
---|
| 192 | auth = '%s:%s' % (u,USERS[u]['passw']) |
---|
| 193 | doc_id = "doc_%s" % u |
---|
| 194 | doc_obj = getattr(self.portal, doc_id) |
---|
| 195 | getReplies = self.discussion.getDiscussionFor(doc_obj).getReplies |
---|
| 196 | self.assert_(getReplies(), "%s - user with Manager role not view discussion reply" % u) |
---|
| 197 | getReplies()[0].deleteDiscussion() |
---|
| 198 | self.assert_(not getReplies(), "%s - user with Manager role not really delete discussion" % u) |
---|
| 199 | |
---|
| 200 | |
---|
| 201 | def test_suite(): |
---|
| 202 | from unittest import TestSuite, makeSuite |
---|
| 203 | suite = TestSuite() |
---|
| 204 | suite.addTest(makeSuite(TestModeration)) |
---|
| 205 | return suite |
---|