project/tests/test_project_sharing.py

435 lines
24 KiB
Python
Raw Normal View History

2024-04-12 12:07:51 +03:00
# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from odoo import Command
from odoo.osv import expression
from odoo.exceptions import AccessError
from odoo.tools import mute_logger
from odoo.tests import tagged
from odoo.tests.common import Form
from .test_project_base import TestProjectCommon
class TestProjectSharingCommon(TestProjectCommon):
@classmethod
def setUpClass(cls):
super().setUpClass()
project_sharing_stages_vals_list = [
(0, 0, {'name': 'To Do', 'sequence': 1}),
(0, 0, {'name': 'Done', 'sequence': 10, 'fold': True, 'rating_template_id': cls.env.ref('project.rating_project_request_email_template').id}),
]
cls.partner_portal = cls.env['res.partner'].create({
'name': 'Chell Gladys',
'email': 'chell@gladys.portal',
'company_id': False,
'user_ids': [Command.link(cls.user_portal.id)]})
cls.project_cows = cls.env['project.project'].with_context({'mail_create_nolog': True}).create({
'name': 'Cows',
'privacy_visibility': 'portal',
'alias_name': 'project+cows',
'type_ids': project_sharing_stages_vals_list,
})
cls.project_portal = cls.env['project.project'].with_context({'mail_create_nolog': True}).create({
'name': 'Portal',
'privacy_visibility': 'portal',
'alias_name': 'project+portal',
'partner_id': cls.user_portal.partner_id.id,
'type_ids': project_sharing_stages_vals_list,
})
cls.project_portal.message_subscribe(partner_ids=[cls.partner_portal.id])
cls.project_no_collabo = cls.env['project.project'].with_context({'mail_create_nolog': True}).create({
'name': 'No Collabo',
'privacy_visibility': 'followers',
'alias_name': 'project+nocollabo',
})
cls.task_cow = cls.env['project.task'].with_context({'mail_create_nolog': True}).create({
'name': 'Cow UserTask',
'user_ids': cls.user_projectuser,
'project_id': cls.project_cows.id,
})
cls.task_portal = cls.env['project.task'].with_context({'mail_create_nolog': True}).create({
'name': 'Portal UserTask',
'user_ids': cls.user_projectuser,
'project_id': cls.project_portal.id,
})
cls.task_no_collabo = cls.env['project.task'].with_context({'mail_create_nolog': True}).create({
'name': 'No Collabo Task',
'project_id': cls.project_no_collabo.id,
})
cls.task_tag = cls.env['project.tags'].create({'name': 'Foo'})
cls.project_sharing_form_view_xml_id = 'project.project_sharing_project_task_view_form'
def get_project_sharing_form_view(self, record, with_user=None):
return Form(
record.with_user(with_user or self.env.user),
view=self.project_sharing_form_view_xml_id
)
@tagged('project_sharing')
class TestProjectSharing(TestProjectSharingCommon):
def test_project_share_wizard(self):
""" Test Project Share Wizard
Test Cases:
==========
1) Create the wizard record
2) Check if no access rights are given to a portal user
3) Add access rights to a portal user
"""
project_share_wizard = self.env['project.share.wizard'].create({
'res_model': 'project.project',
'res_id': self.project_portal.id,
'access_mode': 'edit',
})
self.assertFalse(project_share_wizard.partner_ids, 'No collaborator should be in the wizard.')
self.assertFalse(self.project_portal.with_user(self.user_portal)._check_project_sharing_access(), 'The portal user should not have accessed in project sharing views.')
project_share_wizard.write({'partner_ids': [Command.link(self.user_portal.partner_id.id)]})
project_share_wizard.action_send_mail()
self.assertEqual(len(self.project_portal.collaborator_ids), 1, 'The access right added in project share wizard should be added in the project when the user confirm the access in the wizard.')
self.assertDictEqual({
'partner_id': self.project_portal.collaborator_ids.partner_id,
'project_id': self.project_portal.collaborator_ids.project_id,
}, {
'partner_id': self.user_portal.partner_id,
'project_id': self.project_portal,
}, 'The access rights added should be the read access for the portal project for Chell Gladys.')
self.assertTrue(self.project_portal.with_user(self.user_portal)._check_project_sharing_access(), 'The portal user should have read access to the portal project with project sharing feature.')
def test_project_sharing_access(self):
""" Check if the different user types can access to project sharing feature as expected. """
with self.assertRaises(AccessError, msg='The public user should not have any access to project sharing feature of the portal project.'):
self.project_portal.with_user(self.user_public)._check_project_sharing_access()
self.assertTrue(self.project_portal.with_user(self.user_projectuser)._check_project_sharing_access(), 'The internal user should have all accesses to project sharing feature of the portal project.')
self.assertFalse(self.project_portal.with_user(self.user_portal)._check_project_sharing_access(), 'The portal user should not have any access to project sharing feature of the portal project.')
self.project_portal.write({'collaborator_ids': [Command.create({'partner_id': self.user_portal.partner_id.id})]})
self.assertTrue(self.project_portal.with_user(self.user_portal)._check_project_sharing_access(), 'The portal user can access to project sharing feature of the portal project.')
@mute_logger('odoo.addons.base.models.ir_model', 'odoo.addons.base.models.ir_rule')
def test_create_task_in_project_sharing(self):
""" Test when portal user creates a task in project sharing views.
Test Cases:
==========
1) Give the 'read' access mode to a portal user in a project and try to create task with this user.
2) Give the 'comment' access mode to a portal user in a project and try to create task with this user.
3) Give the 'edit' access mode to a portal user in a project and try to create task with this user.
3.1) Try to change the project of the new task with this user.
"""
Task = self.env['project.task'].with_context({'tracking_disable': True, 'default_project_id': self.project_portal.id, 'default_user_ids': [(4, self.user_portal.id)]})
# 1) Give the 'read' access mode to a portal user in a project and try to create task with this user.
with self.assertRaises(AccessError, msg="Should not accept the portal user create a task in the project when he has not the edit access right."):
with self.get_project_sharing_form_view(Task, self.user_portal) as form:
form.name = 'Test'
task = form.save()
self.project_portal.write({
'collaborator_ids': [
Command.create({'partner_id': self.user_portal.partner_id.id}),
],
})
with self.get_project_sharing_form_view(Task, self.user_portal) as form:
form.name = 'Test'
with form.child_ids.new() as subtask_form:
subtask_form.name = 'Test Subtask'
task = form.save()
self.assertEqual(task.name, 'Test')
self.assertEqual(task.project_id, self.project_portal)
self.assertFalse(task.portal_user_names)
# Check creating a sub-task while creating the parent task works as expected.
self.assertEqual(task.child_ids.name, 'Test Subtask')
self.assertEqual(task.child_ids.project_id, self.project_portal)
self.assertFalse(task.child_ids.portal_user_names, 'by default no user should be assigned to a subtask created by the portal user.')
self.assertFalse(task.child_ids.user_ids, 'No user should be assigned to the new subtask.')
# 3.1) Try to change the project of the new task with this user.
with self.assertRaises(AssertionError, msg="Should not accept the portal user changes the project of the task."):
form.project_id = self.project_cows
task = form.save()
Task = Task.with_user(self.user_portal)
# Create/Update a forbidden task through child_ids
with self.assertRaisesRegex(AccessError, "You cannot write on color"):
Task.create({'name': 'foo', 'child_ids': [Command.create({'name': 'Foo', 'color': 1})]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.create({'name': 'foo', 'child_ids': [Command.update(self.task_no_collabo.id, {'name': 'Foo'})]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.create({'name': 'foo', 'child_ids': [Command.delete(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.create({'name': 'foo', 'child_ids': [Command.unlink(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.create({'name': 'foo', 'child_ids': [Command.link(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.create({'name': 'foo', 'child_ids': [Command.set([self.task_no_collabo.id])]})
# Same thing but using context defaults
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.with_context(default_child_ids=[Command.update(self.task_no_collabo.id, {'name': 'Foo'})]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.with_context(default_child_ids=[Command.delete(self.task_no_collabo.id)]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.with_context(default_child_ids=[Command.unlink(self.task_no_collabo.id)]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.with_context(default_child_ids=[Command.link(self.task_no_collabo.id)]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "top-secret records"):
Task.with_context(default_child_ids=[Command.set([self.task_no_collabo.id])]).create({'name': 'foo'})
# Create/update a tag through tag_ids
with self.assertRaisesRegex(AccessError, "not allowed to create 'Project Tags'"):
Task.create({'name': 'foo', 'tag_ids': [Command.create({'name': 'Bar'})]})
with self.assertRaisesRegex(AccessError, "not allowed to modify 'Project Tags'"):
Task.create({'name': 'foo', 'tag_ids': [Command.update(self.task_tag.id, {'name': 'Bar'})]})
with self.assertRaisesRegex(AccessError, "not allowed to delete 'Project Tags'"):
Task.create({'name': 'foo', 'tag_ids': [Command.delete(self.task_tag.id)]})
# Same thing but using context defaults
with self.assertRaisesRegex(AccessError, "not allowed to create 'Project Tags'"):
Task.with_context(default_tag_ids=[Command.create({'name': 'Bar'})]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "not allowed to modify 'Project Tags'"):
Task.with_context(default_tag_ids=[Command.update(self.task_tag.id, {'name': 'Bar'})]).create({'name': 'foo'})
with self.assertRaisesRegex(AccessError, "not allowed to delete 'Project Tags'"):
Task.with_context(default_tag_ids=[Command.delete(self.task_tag.id)]).create({'name': 'foo'})
task = Task.create({'name': 'foo', 'tag_ids': [Command.link(self.task_tag.id)]})
self.assertEqual(task.tag_ids, self.task_tag)
Task.create({'name': 'foo', 'tag_ids': [Command.set([self.task_tag.id])]})
self.assertEqual(task.tag_ids, self.task_tag)
@mute_logger('odoo.addons.base.models.ir_model', 'odoo.addons.base.models.ir_rule')
def test_edit_task_in_project_sharing(self):
""" Test when portal user creates a task in project sharing views.
Test Cases:
==========
1) Give the 'read' access mode to a portal user in a project and try to edit task with this user.
2) Give the 'comment' access mode to a portal user in a project and try to edit task with this user.
3) Give the 'edit' access mode to a portal user in a project and try to create task with this user.
3.1) Try to change the project of the new task with this user.
3.2) Create a sub-task
3.3) Create a second sub-task
"""
# 1) Give the 'read' access mode to a portal user in a project and try to create task with this user.
with self.assertRaises(AccessError, msg="Should not accept the portal user create a task in the project when he has not the edit access right."):
with self.get_project_sharing_form_view(self.task_cow.with_context({'tracking_disable': True, 'default_project_id': self.project_cows.id}), self.user_portal) as form:
form.name = 'Test'
task = form.save()
project_share_wizard = self.env['project.share.wizard'].create({
'access_mode': 'edit',
'res_model': 'project.project',
'res_id': self.project_cows.id,
'partner_ids': [
Command.link(self.user_portal.partner_id.id),
],
})
project_share_wizard.action_send_mail()
with self.get_project_sharing_form_view(self.task_cow.with_context({'tracking_disable': True, 'default_project_id': self.project_cows.id, 'uid': self.user_portal.id}), self.user_portal) as form:
form.name = 'Test'
task = form.save()
self.assertEqual(task.name, 'Test')
self.assertEqual(task.project_id, self.project_cows)
# 3.1) Try to change the project of the new task with this user.
with self.assertRaises(AssertionError, msg="Should not accept the portal user changes the project of the task."):
with self.get_project_sharing_form_view(task, self.user_portal) as form:
form.project_id = self.project_portal
# 3.2) Create a sub-task
with self.get_project_sharing_form_view(task, self.user_portal) as form:
with form.child_ids.new() as subtask_form:
subtask_form.name = 'Test Subtask'
with self.assertRaises(AssertionError, msg="Should not accept the portal user changes the project of the task."):
subtask_form.project_id = self.project_portal
self.assertEqual(task.child_ids.name, 'Test Subtask')
self.assertEqual(task.child_ids.project_id, self.project_cows)
self.assertFalse(task.child_ids.portal_user_names, 'by default no user should be assigned to a subtask created by the portal user.')
self.assertFalse(task.child_ids.user_ids, 'No user should be assigned to the new subtask.')
task2 = self.env['project.task'] \
.with_context({
'tracking_disable': True,
'default_project_id': self.project_cows.id,
'default_user_ids': [Command.set(self.user_portal.ids)],
}) \
.with_user(self.user_portal) \
.create({'name': 'Test'})
self.assertFalse(task2.portal_user_names, 'the portal user should not be assigned when the portal user creates a task into the project shared.')
# 3.3) Create a second sub-task
with self.get_project_sharing_form_view(task, self.user_portal) as form:
with form.child_ids.new() as subtask_form:
subtask_form.name = 'Test Subtask'
self.assertEqual(len(task.child_ids), 2, 'Check 2 subtasks has correctly been created by the user portal.')
# Create/Update a forbidden task through child_ids
with self.assertRaisesRegex(AccessError, "You cannot write on color"):
task.write({'child_ids': [Command.create({'name': 'Foo', 'color': 1})]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
task.write({'child_ids': [Command.update(self.task_no_collabo.id, {'name': 'Foo'})]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
task.write({'child_ids': [Command.delete(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
task.write({'child_ids': [Command.unlink(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
task.write({'child_ids': [Command.link(self.task_no_collabo.id)]})
with self.assertRaisesRegex(AccessError, "top-secret records"):
task.write({'child_ids': [Command.set([self.task_no_collabo.id])]})
# Create/update a tag through tag_ids
with self.assertRaisesRegex(AccessError, "not allowed to create 'Project Tags'"):
task.write({'tag_ids': [Command.create({'name': 'Bar'})]})
with self.assertRaisesRegex(AccessError, "not allowed to modify 'Project Tags'"):
task.write({'tag_ids': [Command.update(self.task_tag.id, {'name': 'Bar'})]})
with self.assertRaisesRegex(AccessError, "not allowed to delete 'Project Tags'"):
task.write({'tag_ids': [Command.delete(self.task_tag.id)]})
task.write({'tag_ids': [Command.link(self.task_tag.id)]})
self.assertEqual(task.tag_ids, self.task_tag)
task.write({'tag_ids': [Command.unlink(self.task_tag.id)]})
self.assertFalse(task.tag_ids)
task.write({'tag_ids': [Command.link(self.task_tag.id)]})
task.write({'tag_ids': [Command.clear()]})
self.assertFalse(task.tag_ids, [])
task.write({'tag_ids': [Command.set([self.task_tag.id])]})
self.assertEqual(task.tag_ids, self.task_tag)
def test_portal_user_cannot_see_all_assignees(self):
""" Test when the portal sees a task he cannot see all the assignees.
Because of a ir.rule in res.partner filters the assignees, the portal
can only see the assignees in the same company than him.
Test Cases:
==========
1) add many assignees in a task
2) check the portal user can read no assignee in this task. Should have an AccessError exception
"""
self.task_cow.write({'user_ids': [Command.link(self.user_projectmanager.id)]})
with self.assertRaises(AccessError, msg="Should not accept the portal user to access to a task he does not follow it and its project."):
self.task_cow.with_user(self.user_portal).read(['portal_user_names'])
self.assertEqual(len(self.task_cow.user_ids), 2, '2 users should be assigned in this task.')
project_share_wizard = self.env['project.share.wizard'].create({
'access_mode': 'edit',
'res_model': 'project.project',
'res_id': self.project_cows.id,
'partner_ids': [
Command.link(self.user_portal.partner_id.id),
],
})
project_share_wizard.action_send_mail()
self.assertFalse(self.task_cow.with_user(self.user_portal).user_ids, 'the portal user should see no assigness in the task.')
task_portal_read = self.task_cow.with_user(self.user_portal).read(['portal_user_names'])
self.assertEqual(self.task_cow.portal_user_names, task_portal_read[0]['portal_user_names'], 'the portal user should see assignees name in the task via the `portal_user_names` field.')
def test_portal_user_can_change_stage_with_rating(self):
""" Test portal user can change the stage of task to a stage with rating template email
The user should be able to change the stage and the email should be sent as expected
if a email template is set in `rating_template_id` field in the new stage.
"""
self.project_portal.write({
'rating_active': True,
'rating_status': 'stage',
'collaborator_ids': [
Command.create({'partner_id': self.user_portal.partner_id.id}),
],
})
self.task_portal.with_user(self.user_portal).write({'stage_id': self.project_portal.type_ids[-1].id})
def test_orm_method_with_true_false_domain(self):
""" Test orm method overriden in project for project sharing works with TRUE_LEAF/FALSE_LEAF
Test Case
=========
1) Share a project in edit mode for portal user
2) Search the portal task contained in the project shared by using a domain with TRUE_LEAF
3) Check the task is found with the `search` method
4) filter the task with `TRUE_DOMAIN` and check if the task is always returned by `filtered_domain` method
5) filter the task with `FALSE_DOMAIN` and check if no task is returned by `filtered_domain` method
6) Search the task with `FALSE_LEAF` and check no task is found with `search` method
7) Call `read_group` method with `TRUE_LEAF` in the domain and check if the task is found
8) Call `read_group` method with `FALSE_LEAF` in the domain and check if no task is found
"""
domain = [('id', '=', self.task_portal.id)]
self.project_portal.write({
'collaborator_ids': [Command.create({
'partner_id': self.user_portal.partner_id.id,
})],
})
task = self.env['project.task'].with_user(self.user_portal).search(
expression.AND([
expression.TRUE_DOMAIN,
domain,
])
)
self.assertTrue(task, 'The task should be found.')
self.assertEqual(task, task.filtered_domain(expression.TRUE_DOMAIN), 'The task found should be kept since the domain is truly')
self.assertFalse(task.filtered_domain(expression.FALSE_DOMAIN), 'The task should not be found since the domain is falsy')
task = self.env['project.task'].with_user(self.user_portal).search(
expression.AND([
expression.FALSE_DOMAIN,
domain,
]),
)
self.assertFalse(task, 'No task should be found since the domain contained a falsy tuple.')
task_read_group = self.env['project.task'].read_group(
expression.AND([expression.TRUE_DOMAIN, domain]),
['id:min'],
[],
)
self.assertEqual(task_read_group[0]['__count'], 1, 'The task should be found with the read_group method containing a truly tuple.')
self.assertEqual(task_read_group[0]['id'], self.task_portal.id, 'The task should be found with the read_group method containing a truly tuple.')
task_read_group = self.env['project.task'].read_group(
expression.AND([expression.FALSE_DOMAIN, domain]),
['id:min'],
[],
)
self.assertFalse(task_read_group[0]['__count'], 'No result should found with the read_group since the domain is falsy.')
def test_milestone_read_access_right(self):
""" This test ensures that a portal user has read access on the milestone of the project that was shared with him """
project_milestone = self.env['project.milestone'].create({
'name': 'Test Project Milestone',
'project_id': self.project_portal.id,
})
with self.assertRaises(AccessError, msg="Should not accept the portal user to access to a milestone if he's not a collaborator of its project."):
project_milestone.with_user(self.user_portal).read(['name'])
self.project_portal.write({
'collaborator_ids': [Command.create({
'partner_id': self.user_portal.partner_id.id,
})],
})
# Reading the milestone should no longer trigger an access error.
project_milestone.with_user(self.user_portal).read(['name'])
with self.assertRaises(AccessError, msg="Should not accept the portal user to update a milestone."):
project_milestone.with_user(self.user_portal).write(['name'])
with self.assertRaises(AccessError, msg="Should not accept the portal user to delete a milestone."):
project_milestone.with_user(self.user_portal).unlink()
with self.assertRaises(AccessError, msg="Should not accept the portal user to create a milestone."):
self.env['project.milestone'].with_user(self.user_portal).create({
'name': 'Test Project new Milestone',
'project_id': self.project_portal.id,
})