From 226ecfa11ec5a7fc94b2769a105da1d38dd16f63 Mon Sep 17 00:00:00 2001 From: git_admin Date: Mon, 27 Apr 2026 08:43:20 +0000 Subject: [PATCH] Tower: upload cetmix_tower_server 16.0.2.2.9 (via marketplace) --- .../tests/test_file_template.py | 234 ++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 addons/cetmix_tower_server/tests/test_file_template.py diff --git a/addons/cetmix_tower_server/tests/test_file_template.py b/addons/cetmix_tower_server/tests/test_file_template.py new file mode 100644 index 0000000..7b4275a --- /dev/null +++ b/addons/cetmix_tower_server/tests/test_file_template.py @@ -0,0 +1,234 @@ +from odoo.exceptions import AccessError + +from .common import TestTowerCommon + + +class TestCxTowerFileTemplateAccessRules(TestTowerCommon): + def test_user_no_access(self): + """ + Verify that a user in the User group has no access + to any file template records. + """ + # Create a file template record as admin. + record = self.FileTemplate.create( + { + "name": "Template 1", + "file_name": "template1.txt", + "code": "Sample code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + } + ) + # As the user, search for the record – expect no records. + with self.assertRaises(AccessError): + self.FileTemplate.with_user(self.user).search([("id", "=", record.id)]) + + # Attempting to create a record as a user should raise an AccessError. + with self.assertRaises(AccessError): + self.FileTemplate.with_user(self.user).create( + { + "name": "Template 2", + "file_name": "user_template.txt", + "code": "User code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + } + ) + + def test_manager_read_access(self): + """ + Verify that a manager can read file template records + if he is not in user_ids or manager_ids. + """ + # Create a record with the manager in manager_ids. + rec1 = self.FileTemplate.create( + { + "name": "Template 1", + "file_name": "template_manager.txt", + "code": "Manager code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(6, 0, [self.manager.id])], + } + ) + # Create a record with the manager in user_ids. + rec2 = self.FileTemplate.create( + { + "name": "Template 2", + "file_name": "template_user.txt", + "code": "User code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "user_ids": [(6, 0, [self.manager.id])], + } + ) + # Create a record that does not include the manager. + rec3 = self.FileTemplate.create( + { + "name": "Template 3", + "file_name": "template_none.txt", + "code": "None code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + } + ) + recs = self.FileTemplate.with_user(self.manager).search([]) + self.assertIn(rec1, recs, "Manager should read records if in manager_ids.") + self.assertIn(rec2, recs, "Manager should read records if in user_ids.") + self.assertNotIn( + rec3, + recs, + "Manager should not see records if not in user_ids or manager_ids.", + ) + + def test_manager_write_create_access(self): + """ + Verify that a manager can write and create file template records + only if he is in manager_ids. + """ + # Create a record with manager_ids including the manager. + rec = self.FileTemplate.create( + { + "name": "Template 1", + "file_name": "template_for_update.txt", + "code": "Initial code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(6, 0, [self.manager.id])], + } + ) + # Manager should be able to update the record. + try: + rec.with_user(self.manager).write({"file_name": "template_updated.txt"}) + except AccessError: + self.fail( + "Manager should be able to update the record when in manager_ids." + ) + self.assertEqual(rec.with_user(self.manager).file_name, "template_updated.txt") + + # Manager should be able to create a record if included in manager_ids. + rec2 = self.FileTemplate.with_user(self.manager).create( + { + "name": "Template 2", + "file_name": "manager_created_template.txt", + "code": "Manager created", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(6, 0, [self.manager.id])], + } + ) + self.assertTrue( + rec2, + "Manager should be able to create a record when included in manager_ids.", + ) + + # Creating a record without including the manager should raise an AccessError. + with self.assertRaises(AccessError): + self.FileTemplate.with_user(self.manager).create( + { + "name": "Template 3", + "file_name": "invalid_template.txt", + "code": "Invalid", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(5, 0, 0)], + } + ) + + def test_manager_unlink_access(self): + """ + Verify that a manager can delete a file template record only if + he is in manager_ids and is the creator. + """ + # Scenario 1: Record created by the manager. + rec = self.FileTemplate.with_user(self.manager).create( + { + "name": "Template 1", + "file_name": "template_to_delete.txt", + "code": "Code to delete", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(6, 0, [self.manager.id])], + } + ) + try: + rec.with_user(self.manager).unlink() + except AccessError: + self.fail( + "Manager should be able to delete a record " + "he created when in manager_ids." + ) + # Scenario 2: Record created by admin (or another user) + # even though manager_ids includes the manager. + rec2 = self.FileTemplate.create( + { + "name": "Template 2", + "file_name": "template_not_deletable.txt", + "code": "Admin created code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + "manager_ids": [(6, 0, [self.manager.id])], + } + ) + with self.assertRaises(AccessError): + rec2.with_user(self.manager).unlink() + + def test_root_unrestricted_access(self): + """ + Verify that a user in the Root group has unlimited access + to all file template records. + """ + # Create a file template record (with no particular restrictions). + rec = self.FileTemplate.create( + { + "name": "Template 1", + "file_name": "template_for_root.txt", + "code": "Root code", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + } + ) + # As the root user, the record should be visible. + recs = self.FileTemplate.with_user(self.root).search([("id", "=", rec.id)]) + self.assertTrue(recs, "Root should see the record regardless of restrictions.") + # Root should be able to update the record. + try: + rec.with_user(self.root).write({"file_name": "root_updated_template.txt"}) + except AccessError: + self.fail("Root should be able to update the record without restrictions.") + self.assertEqual( + rec.with_user(self.root).file_name, "root_updated_template.txt" + ) + # Root should be able to create a record. + rec2 = self.FileTemplate.with_user(self.root).create( + { + "name": "Template 2", + "file_name": "root_created_template.txt", + "code": "Created by root", + "server_dir": "/templates", + "file_type": "text", + "source": "tower", + } + ) + self.assertTrue( + rec2, "Root should be able to create a record without restrictions." + ) + # Root should be able to delete a record. + rec2.with_user(self.root).unlink() + recs_after = self.FileTemplate.with_user(self.root).search( + [("id", "=", rec2.id)] + ) + self.assertFalse( + recs_after, "Root should be able to delete the record without restrictions." + )