Changeset 12900 for main/waeup.kofa/trunk/src/waeup/kofa/browser

Timestamp:

3 May 2015, 06:49:12 (10 years ago)

Author:

Henrik Bettermann

Message:

Add ReportsOfficer? role. The RO is allowed to view and remove only his/her reports.

Location:

main/waeup.kofa/trunk/src/waeup/kofa/browser

Files:

• reports.py (modified) (4 diffs)
• tests/test_permissions.py (modified) (5 diffs)
• viewlets.py (modified) (1 diff)

main/waeup.kofa/trunk/src/waeup/kofa/browser/reports.py

@@ -21 +21 @@
 from zope.component import getUtility, queryUtility
 from zope.location.location import located
+from zope.security import checkPermission
 from waeup.kofa.interfaces import IJobManager, IKofaUtils
 from waeup.kofa.interfaces import MessageFactory as _
 from waeup.kofa.browser.layout import KofaPage
-from waeup.kofa.reports import IReportsContainer, IReportGenerator
-from waeup.kofa.reports import get_generators
+from waeup.kofa.utils.helpers import get_current_principal
+from waeup.kofa.reports import (
+    IReportsContainer, IReportGenerator, get_generators)
 
 
@@ -36 +38 @@
     grok.name('index')
     grok.context(IReportsContainer)
-    grok.require('waeup.manageReports')
+    grok.require('waeup.handleReports')
     label = _('Reports')
 
@@ -54 +56 @@
             grok.getSite().logger.info(
                 '%s - report %s discarded' % (ob_class, job_id))
-        self.entries = self._generate_entries(user_id=None)
+        if not checkPermission('waeup.manageReports', self.context):
+            user = get_current_principal()
+            self.entries = self._generate_entries(user_id=user.id)
+        else:
+            self.entries = self._generate_entries(user_id=None)
         if job_id and DOWNLOAD:
             self.redirect(self._report_url(job_id))
@@ -114 +120 @@
     grok.name('create')
     grok.context(IReportsContainer)
-    grok.require('waeup.manageReports')
+    grok.require('waeup.handleReports')
     label = _('Create report')
 

main/waeup.kofa/trunk/src/waeup/kofa/browser/tests/test_permissions.py

@@ -26 +26 @@
 import shutil
 import tempfile
+from zc.async.testing import wait_for_result
 from zope.app.testing.functional import HTTPCaller as http
-from zope.component import createObject
+from zope.securitypolicy.interfaces import IPrincipalRoleManager
+from zope.component import createObject, getUtility
 from zope.component.hooks import setSite, clearSite
 from zope.security.interfaces import Unauthorized
 from zope.testbrowser.testing import Browser
+from waeup.kofa.interfaces import IJobManager
 from waeup.kofa.app import University
 from waeup.kofa.testing import (
     FunctionalLayer, FunctionalTestCase, get_all_loggers, remove_new_loggers,
     remove_logger)
+from waeup.kofa.tests.test_async import FunctionalAsyncTestCase
+
+
 
 manager_pages = [
@@ -63 +69 @@
     ]
 
-class PermissionTest(FunctionalTestCase):
+class PermissionTest(FunctionalAsyncTestCase, FunctionalTestCase):
     """Here we try to request all pages and check, whether they are
     accessible.
@@ -92 +98 @@
         dept.certificates.addCertificate(cert)
         cert.addCertCourse(course)
+        self.app = app
 
         self.browser = Browser()
@@ -110 +117 @@
         except Unauthorized:
             return False
+        return
+
+    def wait_for_report_job_completed(self, number):
+        # helper function waiting until the current export job is completed
+        manager = getUtility(IJobManager)
+        job_id = self.app['reports'].running_report_jobs[number][0]
+        job = manager.get(job_id)
+        wait_for_result(job)
+        return job_id
+
+    def stored_in_reports(self, job_id):
+        # tell whether job_id is stored in reports's running jobs list
+        for entry in list(self.app['reports'].running_report_jobs):
+            if entry[0] == job_id:
+                return True
+        return False
+
+    def trigger_report_creation(self, session):
+        self.browser.open('http://localhost/app/reports')
+        self.assertEqual(self.browser.headers['Status'], '200 Ok')
+        self.browser.getLink("Create new report").click()
+        self.browser.getControl(name="generator").value = ['student_stats']
+        self.browser.getControl("Configure").click()
+        self.browser.getControl(name="breakdown").value = ['depcode']
+        self.browser.getControl(name="mode").value = ['All']
+        self.browser.getControl(name="session").value = [session]
+        self.browser.getControl("Create").click()
         return
 
@@ -122 +156 @@
             self.fail('Path %s cannot be accessed by anonymous.' % path)
         return
+
+    def testReportsPermissions(self):
+        # Create reports officer
+        self.app['users'].addUser('mrofficer', 'mrofficer')
+        self.app['users']['mrofficer'].email = 'mrofficer@foo.ng'
+        self.app['users']['mrofficer'].title = 'Otto Report'
+        prmglobal = IPrincipalRoleManager(self.app)
+        prmglobal.assignRoleToPrincipal('waeup.ReportsOfficer', 'mrofficer')
+        # Create reports manager
+        self.app['users'].addUser('mrmanager', 'mrmanager')
+        self.app['users']['mrmanager'].email = 'mrmanager@foo.ng'
+        self.app['users']['mrmanager'].title = 'Manfred Report'
+        prmglobal.assignRoleToPrincipal('waeup.ReportsManager', 'mrmanager')
+        # The reports officer creates a report which the reports manager
+        # can see.
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'mrofficer'
+        self.browser.getControl(name="form.password").value = 'mrofficer'
+        self.browser.getControl("Login").click()
+        self.trigger_report_creation('2004')
+        job_id = self.wait_for_report_job_completed(0)
+        self.browser.open('http://localhost/app/reports')
+        self.assertTrue(
+            'Student Statistics (depcode, 2004, All, 0)'
+            in self.browser.contents)
+        self.browser.open('http://localhost/app/logout')
+        # The reports manager creates a report which the reports officer
+        # can't see.
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'mrmanager'
+        self.browser.getControl(name="form.password").value = 'mrmanager'
+        self.browser.getControl("Login").click()
+        self.trigger_report_creation('2005')
+        job_id = self.wait_for_report_job_completed(1)
+        self.browser.open('http://localhost/app/reports')
+        # Manager can see both reports.
+        self.assertTrue(
+            'Student Statistics (depcode, 2004, All, 0)'
+            in self.browser.contents)
+        self.assertTrue(
+            'Student Statistics (depcode, 2005, All, 0)'
+            in self.browser.contents)
+        self.browser.open('http://localhost/app/logout')
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'mrofficer'
+        self.browser.getControl(name="form.password").value = 'mrofficer'
+        self.browser.getControl("Login").click()
+        self.browser.open('http://localhost/app/reports')
+        # Officer can only see his report.
+        self.assertTrue(
+            'Student Statistics (depcode, 2004, All, 0)'
+            in self.browser.contents)
+        self.assertFalse(
+            'Student Statistics (depcode, 2005, All, 0)'
+            in self.browser.contents)
+        return

main/waeup.kofa/trunk/src/waeup/kofa/browser/viewlets.py

@@ -344 +344 @@
     """
     grok.order(4)
-    grok.require('waeup.manageReports')
+    grok.require('waeup.handleReports')
 
     link = u'reports'