Files
encoach_backend_new_v2/odoo/addons/rating/tests/test_security.py
Yamen Ahmad 3e83d8d7d5 feat: add complete EnCoach backend — Odoo 19 + all addons
Includes:
- Odoo 19 framework (odoo/)
- 27 custom EnCoach addons (new_project/custom_addons/)
  - encoach_core, encoach_api, encoach_lms_api, encoach_adaptive_api
  - encoach_exam, encoach_taxonomy, encoach_adaptive, encoach_assignment
  - encoach_ai, encoach_ai_grading, encoach_ai_generation, encoach_ai_media
  - encoach_courseware, encoach_communication, encoach_subscription
  - encoach_notification, encoach_approval, encoach_branding
  - encoach_classroom, encoach_registration, encoach_stats
  - encoach_faq, encoach_ticket, encoach_training, encoach_resources
  - encoach_adaptive_ai, encoach_sis
- 21 OpenEduCat Enterprise modules (new_project/enterprise-19/)
- 14 OpenEduCat Community modules (new_project/openeducat_erp-19.0/)
- Configuration: odoo.conf, requirements.txt, scripts
- 200+ REST API endpoints with JWT authentication
- SRS and test documentation

Made-with: Cursor
2026-04-01 17:10:04 +04:00

77 lines
3.0 KiB
Python

# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from odoo.addons.mail.tests.common import mail_new_test_user
from odoo.exceptions import AccessError
from odoo.tests import tagged, common, new_test_user
from odoo.tools import mute_logger
@tagged('security')
class TestAccessRating(common.TransactionCase):
@classmethod
def setUpClass(cls):
super(TestAccessRating, cls).setUpClass()
cls.user_manager_partner = mail_new_test_user(
cls.env, name='Jean Admin', login='user_mana', email='admin@example.com',
groups='base.group_partner_manager,base.group_system'
)
cls.user_emp = mail_new_test_user(
cls.env, name='Eglantine Employee', login='user_emp', email='employee@example.com',
groups='base.group_user'
)
cls.user_portal = mail_new_test_user(
cls.env, name='Patrick Portal', login='user_portal', email='portal@example.com',
groups='base.group_portal'
)
cls.user_public = mail_new_test_user(
cls.env, name='Pauline Public', login='user_public', email='public@example.com',
groups='base.group_public'
)
cls.partner_to_rate = cls.env['res.partner'].with_user(cls.user_manager_partner).create({
"name": "Partner to Rate :("
})
@mute_logger('odoo.addons.base.models.ir_model')
def test_rating_access(self):
""" Security test : only a employee (user group) can create and write rating object """
# Public and portal user can't Access direclty to the ratings
with self.assertRaises(AccessError):
self.env['rating.rating'].with_user(self.user_portal).create({
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
'res_model': 'res.partner',
'res_id': self.partner_to_rate.id,
'rating': 1
})
with self.assertRaises(AccessError):
self.env['rating.rating'].with_user(self.user_public).create({
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
'res_model': 'res.partner',
'res_id': self.partner_to_rate.id,
'rating': 3
})
# No error with employee
ratting = self.env['rating.rating'].with_user(self.user_emp).create({
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
'res_model': 'res.partner',
'res_id': self.partner_to_rate.id,
'rating': 3
})
with self.assertRaises(AccessError):
ratting.with_user(self.user_portal).write({
'feedback': 'You should not pass!'
})
with self.assertRaises(AccessError):
ratting.with_user(self.user_public).write({
'feedback': 'You should not pass!'
})