Changeset 11736 for main/waeup.uniben/trunk/src

Timestamp:

5 Jul 2014, 12:21:13 (10 years ago)

Author:

Henrik Bettermann

Message:

Add permission waeup.uploadPassportPictures and role waeup.PassportPictureManager? and allow only officers with this role to upload passport pictures of applicants.

Location:

main/waeup.uniben/trunk/src/waeup/uniben

Files:

• applicants/browser.py (modified) (3 diffs)
• applicants/tests/test_browser.py (modified) (2 diffs)
• permissions.py (modified) (1 diff)

main/waeup.uniben/trunk/src/waeup/uniben/applicants/browser.py

@@ -20 +20 @@
 import grok
 from zope.component import getUtility
+from zope.security import checkPermission
 from waeup.kofa.interfaces import IExtFileStore
 from waeup.kofa.applicants.browser import (
@@ -26 +27 @@
 from kofacustom.nigeria.applicants.browser import (
     NigeriaApplicantDisplayFormPage,
+    NigeriaApplicantManageFormPage,
     NigeriaPDFApplicationSlip)
 
@@ -127 +129 @@
         return ''
 
+
+class ApplicantManageFormPage(NigeriaApplicantManageFormPage):
+
+    @property
+    def custom_upload_requirements(self):
+        if not checkPermission('waeup.uploadPassportPictures', self.context):
+            return _('You are not entitled to upload passport pictures.')

main/waeup.uniben/trunk/src/waeup/uniben/applicants/tests/test_browser.py

@@ -19 +19 @@
 Test the applicant-related UI components.
 """
+from StringIO import StringIO
+from zope.securitypolicy.interfaces import IPrincipalRoleManager
 from waeup.uniben.testing import FunctionalLayer
-from waeup.kofa.applicants.tests.test_browser import ApplicantsFullSetup
+from waeup.kofa.applicants.tests.test_browser import ApplicantsFullSetup, PH_LEN
 
 class CustomApplicantUITests(ApplicantsFullSetup):
@@ -47 +49 @@
         return
        
+    def image_url(self, filename):
+        return self.edit_path.replace('edit', filename)
+
+    def test_upload_passport_wo_permission(self):
+        # Create CRPU officer
+        self.app['users'].addUser('mrcrpu', 'mrcrpusecret')
+        self.app['users']['mrcrpu'].email = 'mrcrpu@foo.ng'
+        self.app['users']['mrcrpu'].title = 'Carlo Pitter'
+        prmglobal = IPrincipalRoleManager(self.app)
+        prmglobal.assignRoleToPrincipal('waeup.CCOfficer', 'mrcrpu')
+        # Login as CRPU officer
+        self.browser.open(self.login_path)
+        self.browser.getControl(name="form.login").value = 'mrcrpu'
+        self.browser.getControl(name="form.password").value = 'mrcrpusecret'
+        self.browser.getControl("Login").click()
+        self.assertMatches('...You logged in...', self.browser.contents)
+        # Let's try to change the passport image
+        self.browser.open(self.manage_path)
+        self.fill_correct_values()
+        # Create a pseudo image file and select it to be uploaded in form
+        pseudo_image = StringIO('I pretend to be a graphics file')
+        ctrl = self.browser.getControl(name='form.passport')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(pseudo_image, filename='myphoto.jpg')
+        self.browser.getControl("Save").click()
+        self.assertMatches('...You are not entitled to upload passport pictures...',
+            self.browser.contents)
+        # The officer still sees the placeholder passport image
+        self.browser.open(self.image_url('passport.jpg'))
+        self.assertEqual(
+            self.browser.headers['content-type'], 'image/jpeg')
+        self.assertEqual(len(self.browser.contents), PH_LEN)
+        # After adding the additional role ...
+        prmglobal.assignRoleToPrincipal('waeup.PassportPictureManager', 'mrcrpu')
+        # ... passport pictures can be uploaded
+        self.browser.open(self.manage_path)
+        self.fill_correct_values()
+        pseudo_image = StringIO('I pretend to be a graphics file')
+        ctrl = self.browser.getControl(name='form.passport')
+        file_ctrl = ctrl.mech_control
+        file_ctrl.add_file(pseudo_image, filename='myphoto.jpg')
+        self.browser.getControl("Save").click()
+        self.assertMatches('...Form has been saved...', self.browser.contents)
+        # There is a correct <img> link included
+        self.assertTrue(
+            '<img src="passport.jpg" height="180px" />' in self.browser.contents)
+        # Browsing the link shows a real image
+        self.browser.open(self.image_url('passport.jpg'))
+        self.assertEqual(
+            self.browser.headers['content-type'], 'image/jpeg')
+        self.assertEqual(len(self.browser.contents), 31)

main/waeup.uniben/trunk/src/waeup/uniben/permissions.py

@@ -19 +19 @@
 from waeup.kofa.permissions import CCOfficer
 
+class UploadPassportPictures(grok.Permission):
+    grok.name('waeup.uploadPassportPictures')
+
+class PassportPictureManager(grok.Role):
+    grok.name('waeup.PassportPictureManager')
+    grok.title(u'Passport Picture Manager')
+    grok.permissions('waeup.uploadPassportPictures')
 
 class CRPUOfficer(CCOfficer):