Includes: - Odoo 19 framework (odoo/) - 27 custom EnCoach addons (new_project/custom_addons/) - encoach_core, encoach_api, encoach_lms_api, encoach_adaptive_api - encoach_exam, encoach_taxonomy, encoach_adaptive, encoach_assignment - encoach_ai, encoach_ai_grading, encoach_ai_generation, encoach_ai_media - encoach_courseware, encoach_communication, encoach_subscription - encoach_notification, encoach_approval, encoach_branding - encoach_classroom, encoach_registration, encoach_stats - encoach_faq, encoach_ticket, encoach_training, encoach_resources - encoach_adaptive_ai, encoach_sis - 21 OpenEduCat Enterprise modules (new_project/enterprise-19/) - 14 OpenEduCat Community modules (new_project/openeducat_erp-19.0/) - Configuration: odoo.conf, requirements.txt, scripts - 200+ REST API endpoints with JWT authentication - SRS and test documentation Made-with: Cursor
77 lines
3.0 KiB
Python
77 lines
3.0 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
|
|
|
|
from odoo.addons.mail.tests.common import mail_new_test_user
|
|
from odoo.exceptions import AccessError
|
|
from odoo.tests import tagged, common, new_test_user
|
|
from odoo.tools import mute_logger
|
|
|
|
|
|
@tagged('security')
|
|
class TestAccessRating(common.TransactionCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
super(TestAccessRating, cls).setUpClass()
|
|
|
|
cls.user_manager_partner = mail_new_test_user(
|
|
cls.env, name='Jean Admin', login='user_mana', email='admin@example.com',
|
|
groups='base.group_partner_manager,base.group_system'
|
|
)
|
|
|
|
cls.user_emp = mail_new_test_user(
|
|
cls.env, name='Eglantine Employee', login='user_emp', email='employee@example.com',
|
|
groups='base.group_user'
|
|
)
|
|
|
|
cls.user_portal = mail_new_test_user(
|
|
cls.env, name='Patrick Portal', login='user_portal', email='portal@example.com',
|
|
groups='base.group_portal'
|
|
)
|
|
|
|
cls.user_public = mail_new_test_user(
|
|
cls.env, name='Pauline Public', login='user_public', email='public@example.com',
|
|
groups='base.group_public'
|
|
)
|
|
|
|
cls.partner_to_rate = cls.env['res.partner'].with_user(cls.user_manager_partner).create({
|
|
"name": "Partner to Rate :("
|
|
})
|
|
|
|
|
|
@mute_logger('odoo.addons.base.models.ir_model')
|
|
def test_rating_access(self):
|
|
""" Security test : only a employee (user group) can create and write rating object """
|
|
# Public and portal user can't Access direclty to the ratings
|
|
with self.assertRaises(AccessError):
|
|
self.env['rating.rating'].with_user(self.user_portal).create({
|
|
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
|
|
'res_model': 'res.partner',
|
|
'res_id': self.partner_to_rate.id,
|
|
'rating': 1
|
|
})
|
|
with self.assertRaises(AccessError):
|
|
self.env['rating.rating'].with_user(self.user_public).create({
|
|
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
|
|
'res_model': 'res.partner',
|
|
'res_id': self.partner_to_rate.id,
|
|
'rating': 3
|
|
})
|
|
|
|
# No error with employee
|
|
ratting = self.env['rating.rating'].with_user(self.user_emp).create({
|
|
'res_model_id': self.env['ir.model'].sudo().search([('model', '=', 'res.partner')], limit=1).id,
|
|
'res_model': 'res.partner',
|
|
'res_id': self.partner_to_rate.id,
|
|
'rating': 3
|
|
})
|
|
|
|
with self.assertRaises(AccessError):
|
|
ratting.with_user(self.user_portal).write({
|
|
'feedback': 'You should not pass!'
|
|
})
|
|
with self.assertRaises(AccessError):
|
|
ratting.with_user(self.user_public).write({
|
|
'feedback': 'You should not pass!'
|
|
})
|