Ignore:
Timestamp:
5 Jul 2014, 12:21:13 (10 years ago)
Author:
Henrik Bettermann
Message:

Add permission waeup.uploadPassportPictures and role waeup.PassportPictureManager? and allow only officers with this role to upload passport pictures of applicants.

Location:
main/waeup.uniben/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.uniben/trunk/CHANGES.txt

    r11728 r11736  
    441.2dev (unreleased)
    55===================
     6
     7* Add permission waeup.uploadPassportPictures and role
     8  waeup.PassportPictureManager and allow only officers with this role
     9  to upload passport pictures of applicants.
    610
    711* Requirements for adding application payment tickets customized.
  • main/waeup.uniben/trunk/src/waeup/uniben/applicants/browser.py

    r11728 r11736  
    2020import grok
    2121from zope.component import getUtility
     22from zope.security import checkPermission
    2223from waeup.kofa.interfaces import IExtFileStore
    2324from waeup.kofa.applicants.browser import (
     
    2627from kofacustom.nigeria.applicants.browser import (
    2728    NigeriaApplicantDisplayFormPage,
     29    NigeriaApplicantManageFormPage,
    2830    NigeriaPDFApplicationSlip)
    2931
     
    127129        return ''
    128130
     131
     132class ApplicantManageFormPage(NigeriaApplicantManageFormPage):
     133
     134    @property
     135    def custom_upload_requirements(self):
     136        if not checkPermission('waeup.uploadPassportPictures', self.context):
     137            return _('You are not entitled to upload passport pictures.')
  • main/waeup.uniben/trunk/src/waeup/uniben/applicants/tests/test_browser.py

    r10589 r11736  
    1919Test the applicant-related UI components.
    2020"""
     21from StringIO import StringIO
     22from zope.securitypolicy.interfaces import IPrincipalRoleManager
    2123from waeup.uniben.testing import FunctionalLayer
    22 from waeup.kofa.applicants.tests.test_browser import ApplicantsFullSetup
     24from waeup.kofa.applicants.tests.test_browser import ApplicantsFullSetup, PH_LEN
    2325
    2426class CustomApplicantUITests(ApplicantsFullSetup):
     
    4749        return
    4850       
     51    def image_url(self, filename):
     52        return self.edit_path.replace('edit', filename)
     53
     54    def test_upload_passport_wo_permission(self):
     55        # Create CRPU officer
     56        self.app['users'].addUser('mrcrpu', 'mrcrpusecret')
     57        self.app['users']['mrcrpu'].email = 'mrcrpu@foo.ng'
     58        self.app['users']['mrcrpu'].title = 'Carlo Pitter'
     59        prmglobal = IPrincipalRoleManager(self.app)
     60        prmglobal.assignRoleToPrincipal('waeup.CCOfficer', 'mrcrpu')
     61        # Login as CRPU officer
     62        self.browser.open(self.login_path)
     63        self.browser.getControl(name="form.login").value = 'mrcrpu'
     64        self.browser.getControl(name="form.password").value = 'mrcrpusecret'
     65        self.browser.getControl("Login").click()
     66        self.assertMatches('...You logged in...', self.browser.contents)
     67        # Let's try to change the passport image
     68        self.browser.open(self.manage_path)
     69        self.fill_correct_values()
     70        # Create a pseudo image file and select it to be uploaded in form
     71        pseudo_image = StringIO('I pretend to be a graphics file')
     72        ctrl = self.browser.getControl(name='form.passport')
     73        file_ctrl = ctrl.mech_control
     74        file_ctrl.add_file(pseudo_image, filename='myphoto.jpg')
     75        self.browser.getControl("Save").click()
     76        self.assertMatches('...You are not entitled to upload passport pictures...',
     77            self.browser.contents)
     78        # The officer still sees the placeholder passport image
     79        self.browser.open(self.image_url('passport.jpg'))
     80        self.assertEqual(
     81            self.browser.headers['content-type'], 'image/jpeg')
     82        self.assertEqual(len(self.browser.contents), PH_LEN)
     83        # After adding the additional role ...
     84        prmglobal.assignRoleToPrincipal('waeup.PassportPictureManager', 'mrcrpu')
     85        # ... passport pictures can be uploaded
     86        self.browser.open(self.manage_path)
     87        self.fill_correct_values()
     88        pseudo_image = StringIO('I pretend to be a graphics file')
     89        ctrl = self.browser.getControl(name='form.passport')
     90        file_ctrl = ctrl.mech_control
     91        file_ctrl.add_file(pseudo_image, filename='myphoto.jpg')
     92        self.browser.getControl("Save").click()
     93        self.assertMatches('...Form has been saved...', self.browser.contents)
     94        # There is a correct <img> link included
     95        self.assertTrue(
     96            '<img src="passport.jpg" height="180px" />' in self.browser.contents)
     97        # Browsing the link shows a real image
     98        self.browser.open(self.image_url('passport.jpg'))
     99        self.assertEqual(
     100            self.browser.headers['content-type'], 'image/jpeg')
     101        self.assertEqual(len(self.browser.contents), 31)
  • main/waeup.uniben/trunk/src/waeup/uniben/permissions.py

    r9488 r11736  
    1919from waeup.kofa.permissions import CCOfficer
    2020
     21class UploadPassportPictures(grok.Permission):
     22    grok.name('waeup.uploadPassportPictures')
     23
     24class PassportPictureManager(grok.Role):
     25    grok.name('waeup.PassportPictureManager')
     26    grok.title(u'Passport Picture Manager')
     27    grok.permissions('waeup.uploadPassportPictures')
    2128
    2229class CRPUOfficer(CCOfficer):
Note: See TracChangeset for help on using the changeset viewer.