# -*- coding: utf-8 -*- # Part of Odoo. See LICENSE file for full copyright and licensing details. from odoo.addons.project.tests.test_project_base import TestProjectBase from odoo.exceptions import AccessError from odoo.tools import mute_logger class TestPortalProjectBase(TestProjectBase): def setUp(self): super(TestPortalProjectBase, self).setUp() self.user_noone = self.env['res.users'].with_context({'no_reset_password': True, 'mail_create_nosubscribe': True}).create({ 'name': 'Noemie NoOne', 'login': 'noemie', 'email': 'n.n@example.com', 'signature': '--\nNoemie', 'notify_email': 'always', 'groups_id': [(6, 0, [])]}) self.task_3 = self.env['project.task'].with_context({'mail_create_nolog': True}).create({ 'name': 'Test3', 'user_id': self.user_portal.id, 'project_id': self.project_pigs.id}) self.task_4 = self.env['project.task'].with_context({'mail_create_nolog': True}).create({ 'name': 'Test4', 'user_id': self.user_public.id, 'project_id': self.project_pigs.id}) self.task_5 = self.env['project.task'].with_context({'mail_create_nolog': True}).create({ 'name': 'Test5', 'user_id': False, 'project_id': self.project_pigs.id}) self.task_6 = self.env['project.task'].with_context({'mail_create_nolog': True}).create({ 'name': 'Test5', 'user_id': False, 'project_id': self.project_pigs.id}) class TestPortalProject(TestPortalProjectBase): @mute_logger('odoo.addons.base.ir.ir_model') def test_employee_project_access_rights(self): pigs = self.project_pigs pigs.write({'privacy_visibility': 'employees'}) # Do: Alfred reads project -> ok (employee ok employee) pigs.sudo(self.user_projectuser).read(['user_id']) # Test: all project tasks visible tasks = self.env['project.task'].sudo(self.user_projectuser).search([('project_id', '=', pigs.id)]) test_task_ids = set([self.task_1.id, self.task_2.id, self.task_3.id, self.task_4.id, self.task_5.id, self.task_6.id]) self.assertEqual(set(tasks.ids), test_task_ids, 'access rights: project user cannot see all tasks of an employees project') # Do: Bert reads project -> crash, no group self.assertRaises(AccessError, pigs.sudo(self.user_noone).read, ['user_id']) # Do: Donovan reads project -> ko (public ko employee) self.assertRaises(AccessError, pigs.sudo(self.user_public).read, ['user_id']) # Do: project user is employee and can create a task tmp_task = self.env['project.task'].sudo(self.user_projectuser).with_context({'mail_create_nolog': True}).create({ 'name': 'Pigs task', 'project_id': pigs.id}) tmp_task.sudo(self.user_projectuser).unlink() @mute_logger('odoo.addons.base.ir.ir_model') def test_followers_project_access_rights(self): pigs = self.project_pigs pigs.write({'privacy_visibility': 'followers'}) # Do: Alfred reads project -> ko (employee ko followers) self.assertRaises(AccessError, pigs.sudo(self.user_projectuser).read, ['user_id']) # Test: no project task visible tasks = self.env['project.task'].sudo(self.user_projectuser).search([('project_id', '=', pigs.id)]) self.assertEqual(tasks, self.task_1, 'access rights: employee user should not see tasks of a not-followed followers project, only assigned') # Do: Bert reads project -> crash, no group self.assertRaises(AccessError, pigs.sudo(self.user_noone).read, ['user_id']) # Do: Donovan reads project -> ko (public ko employee) self.assertRaises(AccessError, pigs.sudo(self.user_public).read, ['user_id']) pigs.message_subscribe_users(user_ids=[self.user_projectuser.id]) # Do: Alfred reads project -> ok (follower ok followers) prout = pigs.sudo(self.user_projectuser) prout.invalidate_cache() prout.read(['user_id']) # Do: Donovan reads project -> ko (public ko follower even if follower) self.assertRaises(AccessError, pigs.sudo(self.user_public).read, ['user_id']) # Do: project user is follower of the project and can create a task self.env['project.task'].sudo(self.user_projectuser.id).with_context({'mail_create_nolog': True}).create({ 'name': 'Pigs task', 'project_id': pigs.id }) # not follower user should not be able to create a task pigs.sudo(self.user_projectuser).message_unsubscribe_users(user_ids=[self.user_projectuser.id]) self.assertRaises(AccessError, self.env['project.task'].sudo(self.user_projectuser).with_context({ 'mail_create_nolog': True}).create, {'name': 'Pigs task', 'project_id': pigs.id}) # Do: project user can create a task without project self.assertRaises(AccessError, self.env['project.task'].sudo(self.user_projectuser).with_context({ 'mail_create_nolog': True}).create, {'name': 'Pigs task', 'project_id': pigs.id})