92 lines
3.9 KiB
Python
Executable File
92 lines
3.9 KiB
Python
Executable File
# Copyright 2021-2022 Tecnativa - Víctor Martínez
|
|
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl)
|
|
|
|
import odoo.tests
|
|
from odoo.exceptions import AccessError
|
|
from odoo.tests.common import users
|
|
|
|
from .common import StorageAttachmentBaseCase
|
|
|
|
|
|
@odoo.tests.tagged("post_install", "-at_install")
|
|
class TestDmsPortal(odoo.tests.HttpCase, StorageAttachmentBaseCase):
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super().setUpClass()
|
|
cls.partner = cls.env.ref("base.partner_demo_portal")
|
|
cls.portal_user = cls.partner.user_ids
|
|
cls.other_portal_user = cls.other_partner.user_ids
|
|
cls.portal_user.login = "portal"
|
|
cls.other_portal_user.login = "other_portal"
|
|
cls._create_attachment("test.txt")
|
|
cls._create_attachment("test2.txt", cls.other_partner)
|
|
cls.directory_partner = cls._get_partner_directory()
|
|
cls.other_directory_partner = cls._get_partner_directory(cls.other_partner)
|
|
cls.file_partner = cls.directory_partner.file_ids[0]
|
|
cls.other_file_partner = cls.other_directory_partner.file_ids[0]
|
|
|
|
def test_access_portal(self):
|
|
self.authenticate("portal", "portal")
|
|
# 404: Incorrect access_token
|
|
file_text = self.create_file(directory=self.directory_partner)
|
|
url = "%s&access_token=abc-def" % (file_text.access_url)
|
|
response = self.url_open(url, timeout=20)
|
|
self.assertEqual(
|
|
response.status_code, 404, "Can't access file with incorrect access_token"
|
|
)
|
|
# 200
|
|
response = self.url_open(self.file_partner._get_share_url(), timeout=20)
|
|
self.assertEqual(
|
|
response.status_code, 200, "Can access file with correct access_token"
|
|
)
|
|
# 200
|
|
response = self.url_open(self.directory_partner._get_share_url(), timeout=20)
|
|
self.assertEqual(
|
|
response.status_code, 200, "Can access directory with correct access_token"
|
|
)
|
|
|
|
def test_tour(self):
|
|
for tour in ("dms_portal_mail_tour", "dms_portal_partners_tour"):
|
|
with self.subTest(tour=tour):
|
|
self.start_tour("/my", tour, login="portal")
|
|
|
|
@users("portal")
|
|
def test_permission_portal_user_access_own_attachment(self):
|
|
"""
|
|
The user can access its own attachments, even if its access group are not set
|
|
"""
|
|
# Has to manually su=False because the portal user is not a superuser,
|
|
# but odoo uses somewhere sudo() internally
|
|
file = self.file_partner.with_user(self.portal_user).with_env(
|
|
self.env(su=False)
|
|
)
|
|
directory = self.directory_partner.with_user(self.portal_user).with_env(
|
|
self.env(su=False)
|
|
)
|
|
# Portal user can only read
|
|
file.check_access_rule("read")
|
|
|
|
# Portal user can't do anything else
|
|
with self.assertRaises(AccessError, msg="Portal user should not have access"):
|
|
file.check_access_rule("write")
|
|
file.check_access_rule("unlink")
|
|
directory.check_access_rule("create")
|
|
|
|
@users("portal")
|
|
def test_permission_portal_user_access_other_attachment(self):
|
|
"""
|
|
The user can't access other attachments if its access group are not set
|
|
"""
|
|
# Has to manually su=False because the portal user is not a superuser,
|
|
# but odoo uses somewhere sudo() internally
|
|
file = self.other_file_partner.with_user(self.portal_user).with_env(
|
|
self.env(su=False)
|
|
)
|
|
# Portal user can't do anything
|
|
with self.assertRaises(AccessError, msg="Portal user should not have access"):
|
|
file.check_access_rule("read")
|
|
with self.assertRaises(AccessError, msg="Portal user should not have access"):
|
|
file.check_access_rule("write")
|
|
with self.assertRaises(AccessError, msg="Portal user should not have access"):
|
|
file.check_access_rule("unlink")
|