workflows: don't create missing roles if they're managed by an idp (#13933)
This commit is contained in:
parent
3dab5f9469
commit
c107d20bb6
|
@ -32,7 +32,8 @@ from wcs.data_sources import NamedDataSource
|
|||
from wcs.wscalls import NamedWsCall
|
||||
from wcs.roles import Role
|
||||
from wcs.workflows import (Workflow, DisplayMessageWorkflowStatusItem,
|
||||
WorkflowCriticalityLevel, WorkflowBackofficeFieldsFormDef)
|
||||
WorkflowCriticalityLevel, WorkflowBackofficeFieldsFormDef,
|
||||
CommentableWorkflowStatusItem)
|
||||
from wcs.wf.jump import JumpWorkflowStatusItem
|
||||
from wcs.wf.register_comment import RegisterCommenterWorkflowStatusItem
|
||||
from wcs.wf.wscall import WebserviceCallStatusItem
|
||||
|
@ -1607,6 +1608,66 @@ def test_workflows_export_import(pub):
|
|||
assert 'Invalid File' in resp.body
|
||||
assert Workflow.count() == 2
|
||||
|
||||
def test_workflows_export_import_create_role(pub):
|
||||
create_superuser(pub)
|
||||
|
||||
Role.wipe()
|
||||
role = Role()
|
||||
role.name = 'PLOP'
|
||||
role.store()
|
||||
|
||||
Workflow.wipe()
|
||||
workflow = Workflow(name='foo')
|
||||
st1 = workflow.add_status(name='baz')
|
||||
commentable = CommentableWorkflowStatusItem()
|
||||
commentable.id = '_commentable'
|
||||
commentable.by = [role.id]
|
||||
st1.items.append(commentable)
|
||||
commentable.parent = st1
|
||||
workflow.store()
|
||||
|
||||
app = login(get_app(pub))
|
||||
resp = app.get('/backoffice/workflows/1/')
|
||||
resp = resp.click('Export')
|
||||
assert resp.content_type == 'application/x-wcs-form'
|
||||
wf_export = resp.body
|
||||
|
||||
resp = app.get('/backoffice/workflows/')
|
||||
resp = resp.click('Import')
|
||||
resp.form['file'] = Upload('xxx.wcs', wf_export)
|
||||
resp = resp.form.submit('submit')
|
||||
assert resp.location == 'http://example.net/backoffice/workflows/2/'
|
||||
resp = resp.follow()
|
||||
assert 'This workflow has been successfully imported' in resp.body
|
||||
assert Workflow.get(2).name == 'Copy of foo'
|
||||
assert Workflow.get(2).possible_status[0].items[0].by == [role.id]
|
||||
|
||||
role.remove_self()
|
||||
|
||||
# automatically create role
|
||||
resp = app.get('/backoffice/workflows/')
|
||||
resp = resp.click('Import')
|
||||
resp.form['file'] = Upload('xxx.wcs', wf_export)
|
||||
resp = resp.form.submit('submit')
|
||||
assert resp.location == 'http://example.net/backoffice/workflows/3/'
|
||||
resp = resp.follow()
|
||||
assert 'This workflow has been successfully imported' in resp.body
|
||||
assert Workflow.get(3).name == 'Copy of foo (2)'
|
||||
assert Role.count() == 1
|
||||
assert Role.select()[0].name == 'PLOP'
|
||||
assert Workflow.get(2).possible_status[0].items[0].by == [Role.select()[0].id]
|
||||
|
||||
# don't create role if they are managed by the identity provider
|
||||
Role.wipe()
|
||||
|
||||
pub.cfg['sp'] = {'idp-manage-roles': True}
|
||||
pub.write_cfg()
|
||||
resp = app.get('/backoffice/workflows/')
|
||||
resp = resp.click('Import')
|
||||
resp.form['file'] = Upload('xxx.wcs', wf_export)
|
||||
resp = resp.form.submit('submit')
|
||||
assert 'Invalid File (Unknown referenced role (PLOP))' in resp.body
|
||||
|
||||
def test_workflows_duplicate(pub):
|
||||
create_superuser(pub)
|
||||
|
||||
|
|
|
@ -1891,7 +1891,7 @@ class WorkflowsDirectory(Directory):
|
|||
workflow = Workflow.import_from_xml(fp)
|
||||
except WorkflowImportError, e:
|
||||
error = True
|
||||
reason = _(e)
|
||||
reason = _(e) % e.msg_args
|
||||
except ValueError:
|
||||
error = True
|
||||
|
||||
|
|
|
@ -78,7 +78,9 @@ def perform_items(items, formdata, depth=20):
|
|||
|
||||
|
||||
class WorkflowImportError(Exception):
|
||||
pass
|
||||
def __init__(self, msg, msg_args=None):
|
||||
super(Exception, self).__init__(msg)
|
||||
self.msg_args = msg_args or ()
|
||||
|
||||
|
||||
class AbortActionException(Exception):
|
||||
|
@ -921,6 +923,10 @@ class XmlSerialisable(object):
|
|||
if role.name == value:
|
||||
return role.id
|
||||
|
||||
# if the roles are managed by the idp, don't try further.
|
||||
if get_publisher() and get_cfg('sp', {}).get('idp-manage-roles') is True:
|
||||
raise WorkflowImportError(N_('Unknown referenced role (%s)'), (value,))
|
||||
|
||||
# and if there's no match, create a new role
|
||||
role = Role()
|
||||
role.name = value
|
||||
|
|
Loading…
Reference in New Issue