Index: openacs-4/contrib/packages/simulation/test/demo-data-setup.test
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/demo-data-setup.test,v
diff -u -r1.15 -r1.16
--- openacs-4/contrib/packages/simulation/test/demo-data-setup.test 7 Jan 2004 13:46:48 -0000 1.15
+++ openacs-4/contrib/packages/simulation/test/demo-data-setup.test 7 Jan 2004 16:16:06 -0000 1.16
@@ -9,88 +9,7 @@
global __demo_users_password
set __demo_users_password 1
- # Demo data start
- set actors_list {
- Teacher
- Student
- Agent1
- Agent2
- }
- array set characters {
- Bernadette "Bernadette"
- MOTORHOME "MOTORHOME"
- "A of Lawfirm X" "Her lawyer"
- "A of Lawfirm Y" "Its lawyer"
- "B of Lawfirm X" "Partner firm X"
- "B of Lawfirm Y" "Partner firm Y"
- "C of Lawfirm X" "Secretary firm X"
- "C of Lawfirm Y" "Secretary firm Y"
- "Portal" "Library"
- "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
- "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
- "Aernout of Legisl. Dept." "Head of Legisl. Dept."
- "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
- "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
- "Fred Undraiser" "Fundraiser"
- "A of ADC" "Representative of ADC"
- "Minister" "Minister of Justice"
- "General Student" "Student"
- }
- array set characters_ld {
- "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
- "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
- "Aernout of Legisl. Dept." "Head of Legisl. Dept."
- "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
- "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
- "Fred Undraiser" "Fundraiser"
- "A of ADC" "Representative of ADC"
- "Minister" "Minister of Justice"
- "General Student" "Student"
- }
- array set properties {
- "Demo Property 1" "Demo Property 1"
- "Demo Property 2" "Demo Property 2"
- }
- array set tasks {
- "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"}
- "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"}
- "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"}
- "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
- "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"}
- "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"}
- "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"}
- "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"}
- "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
- "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
- "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
- "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- }
- array set tasks_ld {
- "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."}
- "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."}
- "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"}
- "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"}
- "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- }
- # Demo data end
+ source demo-data.tcl
::twt::log_section "Login the site wide admin"
::twt::user::login_site_wide_admin
@@ -135,8 +54,8 @@
"City Admins"
"Actors"
} {
- set first_names $group_name
- set last_name "Test User"
+ set first_names [::twt::simulation::permission_user_first_names $group_name]
+ set last_name [::twt::simulation::permission_user_last_name $group_name]
::twt::simulation::add_user -first_names $first_names -last_name $last_name
::twt::simulation::add_user_to_group -group_name $group_name -user_name "$first_names $last_name"
@@ -148,6 +67,9 @@
#
###################################
+ # Do this as the city build user to make sure he has sufficient permissions
+ ::twt::user::login [::twt::simulation::permission_user_email "City Admins"]
+
::twt::log_section "Create an image object"
do_request /simulation/citybuild
link follow ~u object-edit
@@ -186,6 +108,9 @@
#
###################################
+ # TODO: do this is as "Template Authors" test user
+ ::twt::user::login_site_wide_admin
+
set template_name "Elementary Private Law"
::twt::log_section "Create $template_name simulation template"
::twt::simulation::add_template -template_name $template_name
@@ -265,16 +190,45 @@
#
###################################
+ set group_name "City Admins"
+
# login user
+ ::twt::user::login [::twt::simulation::permission_user_email $group_name]
# city admin can access index page
+ ::twt::simulation::assert_page_accessible /simulation
# can access citybuild
- # can create/edit/delete object
- # SPECIAL: can set the on_map_p attribute
-
- # can't access any of the other three modules
+ ::twt::simulation::assert_page_accessible /simulation/citybuild
+ # can create object
+ set object_title "Test property"
+ ::twt::simulation::add_object -type sim_prop -title $object_title
+
+ # can edit on_map_p attribute of object
+ do_request /simulation/citybuild
+ link follow ~c $object_title
+ link follow ~u object-edit
+ regexp {item%5fid=([0-9]+)} [response url] match item_id
+ form find ~n object
+ field find ~n attr__sim_prop__on_map_p
+ field select2 ~v t
+ form submit
+ if { [regexp "Permission Denied" [response body]] } {
+ error "City admin should not get permission denied when editing on_map_p of an object"
+ }
+
+ # can delete object
+ do_request "/simulation/citybuild/object-delete?confirm_p=1&item_id=$item_id"
+ if { [regexp "Permission Denied" [response body]] } {
+ error "City admin should not get permission denied when deleting an object"
+ }
+
+ # can not build or instantiate templates
+ foreach module {simbuild siminst} {
+ ::twt::simulation::assert_page_not_accessible /simulation/$module
+ }
+
###################################
#
# Permission testing with sim admin (simulation super user)
Index: openacs-4/contrib/packages/simulation/test/demo-data.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/demo-data.tcl,v
diff -u
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ openacs-4/contrib/packages/simulation/test/demo-data.tcl 7 Jan 2004 16:16:06 -0000 1.1
@@ -0,0 +1,85 @@
+set actors_list {
+ Teacher
+ Student
+ Agent1
+ Agent2
+}
+
+array set characters {
+ Bernadette "Bernadette"
+ MOTORHOME "MOTORHOME"
+ "A of Lawfirm X" "Her lawyer"
+ "A of Lawfirm Y" "Its lawyer"
+ "B of Lawfirm X" "Partner firm X"
+ "B of Lawfirm Y" "Partner firm Y"
+ "C of Lawfirm X" "Secretary firm X"
+ "C of Lawfirm Y" "Secretary firm Y"
+ "Portal" "Library"
+ "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
+ "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
+ "Aernout of Legisl. Dept." "Head of Legisl. Dept."
+ "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
+ "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
+ "Fred Undraiser" "Fundraiser"
+ "A of ADC" "Representative of ADC"
+ "Minister" "Minister of Justice"
+ "General Student" "Student"
+}
+
+array set characters_ld {
+ "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
+ "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
+ "Aernout of Legisl. Dept." "Head of Legisl. Dept."
+ "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
+ "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
+ "Fred Undraiser" "Fundraiser"
+ "A of ADC" "Representative of ADC"
+ "Minister" "Minister of Justice"
+ "General Student" "Student"
+}
+
+array set properties {
+ "Demo Property 1" "Demo Property 1"
+ "Demo Property 2" "Demo Property 2"
+}
+
+array set tasks {
+ "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"}
+ "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"}
+ "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"}
+ "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
+ "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"}
+ "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"}
+ "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"}
+ "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"}
+ "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
+ "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
+ "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
+ "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+}
+
+array set tasks_ld {
+ "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."}
+ "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."}
+ "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"}
+ "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"}
+ "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+}
Index: openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/simulation-test-procs.tcl,v
diff -u -r1.5 -r1.6
--- openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 10:39:31 -0000 1.5
+++ openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 16:16:06 -0000 1.6
@@ -69,8 +69,7 @@
} {
do_request /acs-admin/users/user-add
field find ~n email
- set email_account [string map {" " _} "$first_names $last_name"]
- set email "${email_account}@test.test"
+ set email [email_from_user_name "$first_names $last_name"]
field fill $email
field find ~n first_names
field fill $first_names
@@ -84,6 +83,34 @@
form submit
}
+ad_proc ::twt::simulation::email_from_user_name { user_name } {
+ set email_account [string map {" " _} $user_name]
+ set email "${email_account}@test.test"
+
+ return $email
+}
+
+ad_proc ::twt::simulation::permission_user_email { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the email of the demo user in that group.
+} {
+ return [email_from_user_name "[permission_user_first_names $group_name] [permission_user_last_name $group_name]"]
+}
+
+ad_proc ::twt::simulation::permission_user_first_names { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the first names of the demo user in that group.
+} {
+ return $group_name
+}
+
+ad_proc ::twt::simulation::permission_user_last_name { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the last name of the demo user in that group.
+} {
+ return "Test User"
+}
+
ad_proc ::twt::simulation::add_user_to_group_url {
{-group_name:required}
} {
@@ -299,4 +326,36 @@
field fill "This is the task description for task $task_name"
form submit
}
-}
\ No newline at end of file
+}
+
+ad_proc ::twt::simulation::assert_page_accessible {url} {
+ Access the given url and throw an error if it's not accessible.
+
+ @see ::twt::simulation::page_accessible_p
+} {
+ if { ![page_accessible_p $url] } {
+ error "The page at url $url should be accessible but doesn't seem to be (status=[response status] response_url=[response url])"
+ }
+}
+
+ad_proc ::twt::simulation::assert_page_not_accessible {url} {
+ Access the given url and throw an error if it's accessible.
+
+ @see ::twt::simulation::page_accessible_p
+} {
+ if { [page_accessible_p $url] } {
+ error "The page at url $url should not be accessible but seems to be (status=[response status] response_url=[response url])"
+ }
+}
+
+ad_proc ::twt::simulation::page_accessible_p {url} {
+ Access the given url and return 1 if there is no permission violation,
+ breakage, or redirection. Returns 0 otherwise.
+} {
+ # Tclwebtest will throw an error for status 403 and this catch is a workaround for that
+ catch {do_request $url}
+
+ return [expr [string equal [response status] 200] && \
+ [regexp $url [response url]] && \
+ ![regexp "Permission Denied" [response body]]]
+}
Index: openacs-4/contrib/packages/simulation/www/index.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/www/Attic/index.tcl,v
diff -u -r1.12 -r1.13
--- openacs-4/contrib/packages/simulation/www/index.tcl 2 Dec 2003 17:24:32 -0000 1.12
+++ openacs-4/contrib/packages/simulation/www/index.tcl 7 Jan 2004 16:16:06 -0000 1.13
@@ -12,7 +12,7 @@
set user_id [auth::get_user_id]
set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
+set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst]
set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
######################################################################
Index: openacs-4/contrib/packages/simulation/www/simulation-master.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/www/Attic/simulation-master.tcl,v
diff -u -r1.8 -r1.9
--- openacs-4/contrib/packages/simulation/www/simulation-master.tcl 7 Jan 2004 14:32:48 -0000 1.8
+++ openacs-4/contrib/packages/simulation/www/simulation-master.tcl 7 Jan 2004 16:16:06 -0000 1.9
@@ -4,6 +4,12 @@
set parameters_url [export_vars -base "/shared/parameters" {package_id return_url}]
set base_url [apm_package_url_from_id $package_id]
+######################################################################
+#
+# Permission checking
+#
+######################################################################
+
# Anonymous users should only be allowed to access the index page (with the flash map)
# and the object view urls
# We are assuming here that all pages in the package use this master template
@@ -13,6 +19,44 @@
}
}
+set admin_p [permission::permission_p -object_id $package_id -privilege admin]
+set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
+set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst]
+set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
+
+# If we are in any of the modules - check that the user
+# has permission to be there
+if { ![empty_string_p [ad_conn extra_url]] } {
+ regexp {^([^/]+)} [ad_conn extra_url] dir
+
+ set page_forbidden_p 0
+ switch $dir {
+ citybuild {
+ if { !$citybuild_p } {
+ set page_forbidden_p 1
+ }
+ }
+ simbuild {
+ if { !$simbuild_p } {
+ set page_forbidden_p 1
+ }
+
+ }
+ siminst {
+ if { !$siminst_p } {
+ set page_forbidden_p 1
+ }
+
+ }
+ }
+
+ if { $page_forbidden_p } {
+ ad_return_forbidden \
+ "Permission Denied" \
+ "You don't have permission to access this page"
+ }
+}
+
######################################################################
#
# Build a link bar for the subsite
@@ -21,11 +65,6 @@
# TODO: kill link bar for players
-set admin_p [permission::permission_p -object_id $package_id -privilege admin]
-set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
-
if { $citybuild_p } {
lappend subnavbar_list [list "${base_url}citybuild" "CityBuild"]
}
Index: openacs-4/packages/simulation/test/demo-data-setup.test
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/demo-data-setup.test,v
diff -u -r1.15 -r1.16
--- openacs-4/packages/simulation/test/demo-data-setup.test 7 Jan 2004 13:46:48 -0000 1.15
+++ openacs-4/packages/simulation/test/demo-data-setup.test 7 Jan 2004 16:16:06 -0000 1.16
@@ -9,88 +9,7 @@
global __demo_users_password
set __demo_users_password 1
- # Demo data start
- set actors_list {
- Teacher
- Student
- Agent1
- Agent2
- }
- array set characters {
- Bernadette "Bernadette"
- MOTORHOME "MOTORHOME"
- "A of Lawfirm X" "Her lawyer"
- "A of Lawfirm Y" "Its lawyer"
- "B of Lawfirm X" "Partner firm X"
- "B of Lawfirm Y" "Partner firm Y"
- "C of Lawfirm X" "Secretary firm X"
- "C of Lawfirm Y" "Secretary firm Y"
- "Portal" "Library"
- "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
- "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
- "Aernout of Legisl. Dept." "Head of Legisl. Dept."
- "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
- "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
- "Fred Undraiser" "Fundraiser"
- "A of ADC" "Representative of ADC"
- "Minister" "Minister of Justice"
- "General Student" "Student"
- }
- array set characters_ld {
- "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
- "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
- "Aernout of Legisl. Dept." "Head of Legisl. Dept."
- "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
- "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
- "Fred Undraiser" "Fundraiser"
- "A of ADC" "Representative of ADC"
- "Minister" "Minister of Justice"
- "General Student" "Student"
- }
- array set properties {
- "Demo Property 1" "Demo Property 1"
- "Demo Property 2" "Demo Property 2"
- }
- array set tasks {
- "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"}
- "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"}
- "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"}
- "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
- "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"}
- "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"}
- "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"}
- "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"}
- "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
- "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
- "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
- "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
- }
- array set tasks_ld {
- "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."}
- "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."}
- "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"}
- "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"}
- "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
- "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
- "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
- }
- # Demo data end
+ source demo-data.tcl
::twt::log_section "Login the site wide admin"
::twt::user::login_site_wide_admin
@@ -135,8 +54,8 @@
"City Admins"
"Actors"
} {
- set first_names $group_name
- set last_name "Test User"
+ set first_names [::twt::simulation::permission_user_first_names $group_name]
+ set last_name [::twt::simulation::permission_user_last_name $group_name]
::twt::simulation::add_user -first_names $first_names -last_name $last_name
::twt::simulation::add_user_to_group -group_name $group_name -user_name "$first_names $last_name"
@@ -148,6 +67,9 @@
#
###################################
+ # Do this as the city build user to make sure he has sufficient permissions
+ ::twt::user::login [::twt::simulation::permission_user_email "City Admins"]
+
::twt::log_section "Create an image object"
do_request /simulation/citybuild
link follow ~u object-edit
@@ -186,6 +108,9 @@
#
###################################
+ # TODO: do this is as "Template Authors" test user
+ ::twt::user::login_site_wide_admin
+
set template_name "Elementary Private Law"
::twt::log_section "Create $template_name simulation template"
::twt::simulation::add_template -template_name $template_name
@@ -265,16 +190,45 @@
#
###################################
+ set group_name "City Admins"
+
# login user
+ ::twt::user::login [::twt::simulation::permission_user_email $group_name]
# city admin can access index page
+ ::twt::simulation::assert_page_accessible /simulation
# can access citybuild
- # can create/edit/delete object
- # SPECIAL: can set the on_map_p attribute
-
- # can't access any of the other three modules
+ ::twt::simulation::assert_page_accessible /simulation/citybuild
+ # can create object
+ set object_title "Test property"
+ ::twt::simulation::add_object -type sim_prop -title $object_title
+
+ # can edit on_map_p attribute of object
+ do_request /simulation/citybuild
+ link follow ~c $object_title
+ link follow ~u object-edit
+ regexp {item%5fid=([0-9]+)} [response url] match item_id
+ form find ~n object
+ field find ~n attr__sim_prop__on_map_p
+ field select2 ~v t
+ form submit
+ if { [regexp "Permission Denied" [response body]] } {
+ error "City admin should not get permission denied when editing on_map_p of an object"
+ }
+
+ # can delete object
+ do_request "/simulation/citybuild/object-delete?confirm_p=1&item_id=$item_id"
+ if { [regexp "Permission Denied" [response body]] } {
+ error "City admin should not get permission denied when deleting an object"
+ }
+
+ # can not build or instantiate templates
+ foreach module {simbuild siminst} {
+ ::twt::simulation::assert_page_not_accessible /simulation/$module
+ }
+
###################################
#
# Permission testing with sim admin (simulation super user)
Index: openacs-4/packages/simulation/test/demo-data.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/demo-data.tcl,v
diff -u
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ openacs-4/packages/simulation/test/demo-data.tcl 7 Jan 2004 16:16:06 -0000 1.1
@@ -0,0 +1,85 @@
+set actors_list {
+ Teacher
+ Student
+ Agent1
+ Agent2
+}
+
+array set characters {
+ Bernadette "Bernadette"
+ MOTORHOME "MOTORHOME"
+ "A of Lawfirm X" "Her lawyer"
+ "A of Lawfirm Y" "Its lawyer"
+ "B of Lawfirm X" "Partner firm X"
+ "B of Lawfirm Y" "Partner firm Y"
+ "C of Lawfirm X" "Secretary firm X"
+ "C of Lawfirm Y" "Secretary firm Y"
+ "Portal" "Library"
+ "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
+ "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
+ "Aernout of Legisl. Dept." "Head of Legisl. Dept."
+ "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
+ "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
+ "Fred Undraiser" "Fundraiser"
+ "A of ADC" "Representative of ADC"
+ "Minister" "Minister of Justice"
+ "General Student" "Student"
+}
+
+array set characters_ld {
+ "Lok of Legisl. Dept." "Member 1 of Legisl. Dept."
+ "Peter of Legisl. Dept." "Member 2 of Legisl. Dept."
+ "Aernout of Legisl. Dept." "Head of Legisl. Dept."
+ "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept."
+ "Laurens of Legisl. Dept." "Chief of Legisl. Dept."
+ "Fred Undraiser" "Fundraiser"
+ "A of ADC" "Representative of ADC"
+ "Minister" "Minister of Justice"
+ "General Student" "Student"
+}
+
+array set properties {
+ "Demo Property 1" "Demo Property 1"
+ "Demo Property 2" "Demo Property 2"
+}
+
+array set tasks {
+ "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"}
+ "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"}
+ "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"}
+ "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
+ "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"}
+ "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"}
+ "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"}
+ "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"}
+ "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
+ "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"}
+ "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"}
+ "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+ "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"}
+}
+
+array set tasks_ld {
+ "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."}
+ "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."}
+ "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"}
+ "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"}
+ "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"}
+ "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+ "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"}
+}
Index: openacs-4/packages/simulation/test/simulation-test-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/simulation-test-procs.tcl,v
diff -u -r1.5 -r1.6
--- openacs-4/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 10:39:31 -0000 1.5
+++ openacs-4/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 16:16:06 -0000 1.6
@@ -69,8 +69,7 @@
} {
do_request /acs-admin/users/user-add
field find ~n email
- set email_account [string map {" " _} "$first_names $last_name"]
- set email "${email_account}@test.test"
+ set email [email_from_user_name "$first_names $last_name"]
field fill $email
field find ~n first_names
field fill $first_names
@@ -84,6 +83,34 @@
form submit
}
+ad_proc ::twt::simulation::email_from_user_name { user_name } {
+ set email_account [string map {" " _} $user_name]
+ set email "${email_account}@test.test"
+
+ return $email
+}
+
+ad_proc ::twt::simulation::permission_user_email { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the email of the demo user in that group.
+} {
+ return [email_from_user_name "[permission_user_first_names $group_name] [permission_user_last_name $group_name]"]
+}
+
+ad_proc ::twt::simulation::permission_user_first_names { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the first names of the demo user in that group.
+} {
+ return $group_name
+}
+
+ad_proc ::twt::simulation::permission_user_last_name { group_name } {
+ Given the name of one of the permission groups, i.e. "Sim Admins",
+ return the last name of the demo user in that group.
+} {
+ return "Test User"
+}
+
ad_proc ::twt::simulation::add_user_to_group_url {
{-group_name:required}
} {
@@ -299,4 +326,36 @@
field fill "This is the task description for task $task_name"
form submit
}
-}
\ No newline at end of file
+}
+
+ad_proc ::twt::simulation::assert_page_accessible {url} {
+ Access the given url and throw an error if it's not accessible.
+
+ @see ::twt::simulation::page_accessible_p
+} {
+ if { ![page_accessible_p $url] } {
+ error "The page at url $url should be accessible but doesn't seem to be (status=[response status] response_url=[response url])"
+ }
+}
+
+ad_proc ::twt::simulation::assert_page_not_accessible {url} {
+ Access the given url and throw an error if it's accessible.
+
+ @see ::twt::simulation::page_accessible_p
+} {
+ if { [page_accessible_p $url] } {
+ error "The page at url $url should not be accessible but seems to be (status=[response status] response_url=[response url])"
+ }
+}
+
+ad_proc ::twt::simulation::page_accessible_p {url} {
+ Access the given url and return 1 if there is no permission violation,
+ breakage, or redirection. Returns 0 otherwise.
+} {
+ # Tclwebtest will throw an error for status 403 and this catch is a workaround for that
+ catch {do_request $url}
+
+ return [expr [string equal [response status] 200] && \
+ [regexp $url [response url]] && \
+ ![regexp "Permission Denied" [response body]]]
+}
Index: openacs-4/packages/simulation/www/index.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/www/index.tcl,v
diff -u -r1.12 -r1.13
--- openacs-4/packages/simulation/www/index.tcl 2 Dec 2003 17:24:32 -0000 1.12
+++ openacs-4/packages/simulation/www/index.tcl 7 Jan 2004 16:16:06 -0000 1.13
@@ -12,7 +12,7 @@
set user_id [auth::get_user_id]
set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
+set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst]
set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
######################################################################
Index: openacs-4/packages/simulation/www/simulation-master.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/www/simulation-master.tcl,v
diff -u -r1.8 -r1.9
--- openacs-4/packages/simulation/www/simulation-master.tcl 7 Jan 2004 14:32:48 -0000 1.8
+++ openacs-4/packages/simulation/www/simulation-master.tcl 7 Jan 2004 16:16:06 -0000 1.9
@@ -4,6 +4,12 @@
set parameters_url [export_vars -base "/shared/parameters" {package_id return_url}]
set base_url [apm_package_url_from_id $package_id]
+######################################################################
+#
+# Permission checking
+#
+######################################################################
+
# Anonymous users should only be allowed to access the index page (with the flash map)
# and the object view urls
# We are assuming here that all pages in the package use this master template
@@ -13,6 +19,44 @@
}
}
+set admin_p [permission::permission_p -object_id $package_id -privilege admin]
+set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
+set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst]
+set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
+
+# If we are in any of the modules - check that the user
+# has permission to be there
+if { ![empty_string_p [ad_conn extra_url]] } {
+ regexp {^([^/]+)} [ad_conn extra_url] dir
+
+ set page_forbidden_p 0
+ switch $dir {
+ citybuild {
+ if { !$citybuild_p } {
+ set page_forbidden_p 1
+ }
+ }
+ simbuild {
+ if { !$simbuild_p } {
+ set page_forbidden_p 1
+ }
+
+ }
+ siminst {
+ if { !$siminst_p } {
+ set page_forbidden_p 1
+ }
+
+ }
+ }
+
+ if { $page_forbidden_p } {
+ ad_return_forbidden \
+ "Permission Denied" \
+ "You don't have permission to access this page"
+ }
+}
+
######################################################################
#
# Build a link bar for the subsite
@@ -21,11 +65,6 @@
# TODO: kill link bar for players
-set admin_p [permission::permission_p -object_id $package_id -privilege admin]
-set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create]
-set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst]
-
if { $citybuild_p } {
lappend subnavbar_list [list "${base_url}citybuild" "CityBuild"]
}