214 lines
8.5 KiB
Python
214 lines
8.5 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
|
|
|
from datetime import datetime, timedelta
|
|
|
|
from odoo.addons.test_event_full.tests.common import TestEventFullCommon
|
|
from odoo.exceptions import AccessError
|
|
from odoo.tests import tagged
|
|
from odoo.tests.common import users
|
|
from odoo.tools import mute_logger
|
|
|
|
|
|
@tagged('security')
|
|
class TestEventSecurity(TestEventFullCommon):
|
|
|
|
@users('user_employee')
|
|
@mute_logger('odoo.models.unlink', 'odoo.addons.base.models.ir_model')
|
|
def test_event_access_employee(self):
|
|
# Event: read ok
|
|
event = self.test_event.with_user(self.env.user)
|
|
event.read(['name'])
|
|
|
|
# Event: read only
|
|
with self.assertRaises(AccessError):
|
|
self.env['event.event'].create({
|
|
'name': 'TestEvent',
|
|
'date_begin': datetime.now() + timedelta(days=-1),
|
|
'date_end': datetime.now() + timedelta(days=1),
|
|
'seats_limited': True,
|
|
'seats_max': 10,
|
|
})
|
|
with self.assertRaises(AccessError):
|
|
event.write({
|
|
'name': 'TestEvent Modified',
|
|
})
|
|
|
|
# Event Type
|
|
with self.assertRaises(AccessError):
|
|
self.test_event_type.with_user(self.env.user).read(['name'])
|
|
with self.assertRaises(AccessError):
|
|
self.test_event_type.with_user(self.env.user).write({'name': 'Test Write'})
|
|
|
|
# Event Stage
|
|
with self.assertRaises(AccessError):
|
|
self.env['event.stage'].create({
|
|
'name': 'TestStage',
|
|
})
|
|
|
|
# Event Registration
|
|
with self.assertRaises(AccessError):
|
|
self.env['event.registration'].search([])
|
|
|
|
@users('user_eventregistrationdesk')
|
|
@mute_logger('odoo.models.unlink', 'odoo.addons.base.models.ir_model')
|
|
def test_event_access_event_registration(self):
|
|
# Event: read ok
|
|
event = self.test_event.with_user(self.env.user)
|
|
event.read(['name', 'user_id', 'kanban_state_label'])
|
|
|
|
# Event: read only
|
|
with self.assertRaises(AccessError):
|
|
event.name = 'Test'
|
|
with self.assertRaises(AccessError):
|
|
event.unlink()
|
|
|
|
# Event Registration
|
|
registration = self.env['event.registration'].create({
|
|
'event_id': event.id,
|
|
})
|
|
self.assertEqual(registration.event_id.name, event.name, 'Registration users should be able to read')
|
|
registration.name = 'Test write'
|
|
with self.assertRaises(AccessError):
|
|
registration.unlink()
|
|
|
|
@users('user_eventuser')
|
|
@mute_logger('odoo.models.unlink', 'odoo.addons.base.models.ir_model')
|
|
def test_event_access_event_user(self):
|
|
# Event
|
|
event = self.test_event.with_user(self.env.user)
|
|
event.read(['name', 'user_id', 'kanban_state_label'])
|
|
event.write({'name': 'New name'})
|
|
self.env['event.event'].create({
|
|
'name': 'Event',
|
|
'date_begin': datetime.now() + timedelta(days=-1),
|
|
'date_end': datetime.now() + timedelta(days=1),
|
|
})
|
|
|
|
# Event: cannot unlink
|
|
with self.assertRaises(AccessError):
|
|
event.unlink()
|
|
|
|
# Event Type
|
|
with self.assertRaises(AccessError):
|
|
self.env['event.type'].create({
|
|
'name': 'ManagerEventType',
|
|
'event_type_mail_ids': [(5, 0), (0, 0, {
|
|
'interval_nbr': 1, 'interval_unit': 'days', 'interval_type': 'before_event',
|
|
'template_ref': 'mail.template,%i' % self.env['ir.model.data']._xmlid_to_res_id('event.event_reminder')})]
|
|
})
|
|
|
|
@users('user_eventmanager')
|
|
@mute_logger('odoo.models.unlink', 'odoo.addons.base.models.ir_model')
|
|
def test_event_access_event_manager(self):
|
|
# Event Type
|
|
event_type = self.env['event.type'].create({
|
|
'name': 'ManagerEventType',
|
|
'event_type_mail_ids': [(5, 0), (0, 0, {
|
|
'interval_nbr': 1, 'interval_unit': 'days', 'interval_type': 'before_event',
|
|
'template_ref': 'mail.template,%i' % self.env['ir.model.data']._xmlid_to_res_id('event.event_reminder')})]
|
|
})
|
|
event_type.write({'name': 'New Name'})
|
|
|
|
# Event
|
|
event = self.env['event.event'].create({
|
|
'name': 'ManagerEvent',
|
|
'date_begin': datetime.now() + timedelta(days=-1),
|
|
'date_end': datetime.now() + timedelta(days=1),
|
|
})
|
|
event.write({'name': 'New Event Name'})
|
|
|
|
# Event Stage
|
|
stage = self.env['event.stage'].create({'name': 'test'})
|
|
stage.write({'name': 'ManagerTest'})
|
|
event.write({'stage_id': stage.id})
|
|
|
|
# Event Registration
|
|
registration = self.env['event.registration'].create({'event_id': event.id, 'name': 'Myself'})
|
|
registration.write({'name': 'Myself2'})
|
|
registration.unlink()
|
|
|
|
event.unlink()
|
|
stage.unlink()
|
|
event_type.unlink()
|
|
|
|
# Settings access rights required to enable some features
|
|
self.user_eventmanager.write({'groups_id': [
|
|
(3, self.env.ref('base.group_system').id),
|
|
(4, self.env.ref('base.group_erp_manager').id)
|
|
]})
|
|
with self.assertRaises(AccessError):
|
|
event_config = self.env['res.config.settings'].with_user(self.user_eventmanager).create({
|
|
})
|
|
event_config.execute()
|
|
|
|
def test_implied_groups(self):
|
|
"""Test that the implied groups are correctly set.
|
|
|
|
- Event Manager imply Event User
|
|
- Event User imply Registration user
|
|
"""
|
|
# Event Manager
|
|
self.assertTrue(
|
|
self.user_eventmanager.has_group('event.group_event_user'),
|
|
'The event manager group must imply the event user group')
|
|
self.assertTrue(
|
|
self.user_eventmanager.has_group('event.group_event_registration_desk'),
|
|
'The event manager group must imply the registration user group')
|
|
|
|
# Event User
|
|
self.assertTrue(
|
|
self.user_eventuser.has_group('event.group_event_registration_desk'),
|
|
'The event user group must imply the event user group')
|
|
self.assertFalse(
|
|
self.user_eventuser.has_group('event.group_event_manager'),
|
|
'The event user group must not imply the event user group')
|
|
|
|
# Registration User
|
|
self.assertFalse(
|
|
self.user_eventregistrationdesk.has_group('event.group_event_manager'),
|
|
'The event registration group must not imply the event user manager')
|
|
self.assertFalse(
|
|
self.user_eventregistrationdesk.has_group('event.group_event_user'),
|
|
'The event registration group must not imply the event user group')
|
|
|
|
def test_multi_companies(self):
|
|
"""Test ACLs with multi company. """
|
|
company_1 = self.env.ref("base.main_company")
|
|
company_2 = self.env['res.company'].create({'name': 'Company 2'})
|
|
user_company_1 = self.user_eventuser
|
|
|
|
event_company_1, event_company_2 = self.env['event.event'].create([
|
|
{
|
|
'name': 'Event Company 1',
|
|
'date_begin': datetime.now() + timedelta(days=-1),
|
|
'date_end': datetime.now() + timedelta(days=1),
|
|
'company_id': company_1.id,
|
|
}, {
|
|
'name': 'Event Company 2',
|
|
'date_begin': datetime.now() + timedelta(days=-1),
|
|
'date_end': datetime.now() + timedelta(days=1),
|
|
'company_id': company_2.id,
|
|
}
|
|
])
|
|
|
|
registration_company_1, registration_company_2 = self.env['event.registration'].create([
|
|
{
|
|
'name': 'Registration Company 1',
|
|
'event_id': event_company_1.id,
|
|
'company_id': company_1.id,
|
|
}, {
|
|
'name': 'Registration Company 2',
|
|
'event_id': event_company_2.id,
|
|
'company_id': company_2.id,
|
|
}
|
|
])
|
|
|
|
result = self.env['event.event'].with_user(user_company_1).search([])
|
|
self.assertIn(event_company_1, result, 'You must be able to read the events in your company')
|
|
self.assertNotIn(event_company_2, result, 'You must not be able to read events outside of your company')
|
|
|
|
result = self.env['event.registration'].with_user(user_company_1).search([])
|
|
self.assertIn(registration_company_1, result, 'You must be able to read the registrations in your company')
|
|
self.assertNotIn(registration_company_2, result, 'You must not be able to read registrations outside of your company')
|