Index: openacs-4/contrib/packages/simulation/test/demo-data-setup.test =================================================================== RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/demo-data-setup.test,v diff -u -r1.15 -r1.16 --- openacs-4/contrib/packages/simulation/test/demo-data-setup.test 7 Jan 2004 13:46:48 -0000 1.15 +++ openacs-4/contrib/packages/simulation/test/demo-data-setup.test 7 Jan 2004 16:16:06 -0000 1.16 @@ -9,88 +9,7 @@ global __demo_users_password set __demo_users_password 1 - # Demo data start - set actors_list { - Teacher - Student - Agent1 - Agent2 - } - array set characters { - Bernadette "Bernadette" - MOTORHOME "MOTORHOME" - "A of Lawfirm X" "Her lawyer" - "A of Lawfirm Y" "Its lawyer" - "B of Lawfirm X" "Partner firm X" - "B of Lawfirm Y" "Partner firm Y" - "C of Lawfirm X" "Secretary firm X" - "C of Lawfirm Y" "Secretary firm Y" - "Portal" "Library" - "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." - "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." - "Aernout of Legisl. Dept." "Head of Legisl. Dept." - "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." - "Laurens of Legisl. Dept." "Chief of Legisl. Dept." - "Fred Undraiser" "Fundraiser" - "A of ADC" "Representative of ADC" - "Minister" "Minister of Justice" - "General Student" "Student" - } - array set characters_ld { - "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." - "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." - "Aernout of Legisl. Dept." "Head of Legisl. Dept." - "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." - "Laurens of Legisl. Dept." "Chief of Legisl. Dept." - "Fred Undraiser" "Fundraiser" - "A of ADC" "Representative of ADC" - "Minister" "Minister of Justice" - "General Student" "Student" - } - array set properties { - "Demo Property 1" "Demo Property 1" - "Demo Property 2" "Demo Property 2" - } - array set tasks { - "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"} - "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"} - "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"} - "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"} - "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"} - "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"} - "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"} - "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"} - "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} - "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} - "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"} - "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - } - array set tasks_ld { - "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."} - "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."} - "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"} - "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"} - "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - } - # Demo data end + source demo-data.tcl ::twt::log_section "Login the site wide admin" ::twt::user::login_site_wide_admin @@ -135,8 +54,8 @@ "City Admins" "Actors" } { - set first_names $group_name - set last_name "Test User" + set first_names [::twt::simulation::permission_user_first_names $group_name] + set last_name [::twt::simulation::permission_user_last_name $group_name] ::twt::simulation::add_user -first_names $first_names -last_name $last_name ::twt::simulation::add_user_to_group -group_name $group_name -user_name "$first_names $last_name" @@ -148,6 +67,9 @@ # ################################### + # Do this as the city build user to make sure he has sufficient permissions + ::twt::user::login [::twt::simulation::permission_user_email "City Admins"] + ::twt::log_section "Create an image object" do_request /simulation/citybuild link follow ~u object-edit @@ -186,6 +108,9 @@ # ################################### + # TODO: do this is as "Template Authors" test user + ::twt::user::login_site_wide_admin + set template_name "Elementary Private Law" ::twt::log_section "Create $template_name simulation template" ::twt::simulation::add_template -template_name $template_name @@ -265,16 +190,45 @@ # ################################### + set group_name "City Admins" + # login user + ::twt::user::login [::twt::simulation::permission_user_email $group_name] # city admin can access index page + ::twt::simulation::assert_page_accessible /simulation # can access citybuild - # can create/edit/delete object - # SPECIAL: can set the on_map_p attribute - - # can't access any of the other three modules + ::twt::simulation::assert_page_accessible /simulation/citybuild + # can create object + set object_title "Test property" + ::twt::simulation::add_object -type sim_prop -title $object_title + + # can edit on_map_p attribute of object + do_request /simulation/citybuild + link follow ~c $object_title + link follow ~u object-edit + regexp {item%5fid=([0-9]+)} [response url] match item_id + form find ~n object + field find ~n attr__sim_prop__on_map_p + field select2 ~v t + form submit + if { [regexp "Permission Denied" [response body]] } { + error "City admin should not get permission denied when editing on_map_p of an object" + } + + # can delete object + do_request "/simulation/citybuild/object-delete?confirm_p=1&item_id=$item_id" + if { [regexp "Permission Denied" [response body]] } { + error "City admin should not get permission denied when deleting an object" + } + + # can not build or instantiate templates + foreach module {simbuild siminst} { + ::twt::simulation::assert_page_not_accessible /simulation/$module + } + ################################### # # Permission testing with sim admin (simulation super user) Index: openacs-4/contrib/packages/simulation/test/demo-data.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/demo-data.tcl,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/contrib/packages/simulation/test/demo-data.tcl 7 Jan 2004 16:16:06 -0000 1.1 @@ -0,0 +1,85 @@ +set actors_list { + Teacher + Student + Agent1 + Agent2 +} + +array set characters { + Bernadette "Bernadette" + MOTORHOME "MOTORHOME" + "A of Lawfirm X" "Her lawyer" + "A of Lawfirm Y" "Its lawyer" + "B of Lawfirm X" "Partner firm X" + "B of Lawfirm Y" "Partner firm Y" + "C of Lawfirm X" "Secretary firm X" + "C of Lawfirm Y" "Secretary firm Y" + "Portal" "Library" + "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." + "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." + "Aernout of Legisl. Dept." "Head of Legisl. Dept." + "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." + "Laurens of Legisl. Dept." "Chief of Legisl. Dept." + "Fred Undraiser" "Fundraiser" + "A of ADC" "Representative of ADC" + "Minister" "Minister of Justice" + "General Student" "Student" +} + +array set characters_ld { + "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." + "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." + "Aernout of Legisl. Dept." "Head of Legisl. Dept." + "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." + "Laurens of Legisl. Dept." "Chief of Legisl. Dept." + "Fred Undraiser" "Fundraiser" + "A of ADC" "Representative of ADC" + "Minister" "Minister of Justice" + "General Student" "Student" +} + +array set properties { + "Demo Property 1" "Demo Property 1" + "Demo Property 2" "Demo Property 2" +} + +array set tasks { + "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"} + "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"} + "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"} + "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"} + "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"} + "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"} + "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"} + "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"} + "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} + "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} + "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"} + "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} +} + +array set tasks_ld { + "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."} + "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."} + "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"} + "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"} + "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} +} Index: openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/test/Attic/simulation-test-procs.tcl,v diff -u -r1.5 -r1.6 --- openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 10:39:31 -0000 1.5 +++ openacs-4/contrib/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 16:16:06 -0000 1.6 @@ -69,8 +69,7 @@ } { do_request /acs-admin/users/user-add field find ~n email - set email_account [string map {" " _} "$first_names $last_name"] - set email "${email_account}@test.test" + set email [email_from_user_name "$first_names $last_name"] field fill $email field find ~n first_names field fill $first_names @@ -84,6 +83,34 @@ form submit } +ad_proc ::twt::simulation::email_from_user_name { user_name } { + set email_account [string map {" " _} $user_name] + set email "${email_account}@test.test" + + return $email +} + +ad_proc ::twt::simulation::permission_user_email { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the email of the demo user in that group. +} { + return [email_from_user_name "[permission_user_first_names $group_name] [permission_user_last_name $group_name]"] +} + +ad_proc ::twt::simulation::permission_user_first_names { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the first names of the demo user in that group. +} { + return $group_name +} + +ad_proc ::twt::simulation::permission_user_last_name { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the last name of the demo user in that group. +} { + return "Test User" +} + ad_proc ::twt::simulation::add_user_to_group_url { {-group_name:required} } { @@ -299,4 +326,36 @@ field fill "This is the task description for task $task_name" form submit } -} \ No newline at end of file +} + +ad_proc ::twt::simulation::assert_page_accessible {url} { + Access the given url and throw an error if it's not accessible. + + @see ::twt::simulation::page_accessible_p +} { + if { ![page_accessible_p $url] } { + error "The page at url $url should be accessible but doesn't seem to be (status=[response status] response_url=[response url])" + } +} + +ad_proc ::twt::simulation::assert_page_not_accessible {url} { + Access the given url and throw an error if it's accessible. + + @see ::twt::simulation::page_accessible_p +} { + if { [page_accessible_p $url] } { + error "The page at url $url should not be accessible but seems to be (status=[response status] response_url=[response url])" + } +} + +ad_proc ::twt::simulation::page_accessible_p {url} { + Access the given url and return 1 if there is no permission violation, + breakage, or redirection. Returns 0 otherwise. +} { + # Tclwebtest will throw an error for status 403 and this catch is a workaround for that + catch {do_request $url} + + return [expr [string equal [response status] 200] && \ + [regexp $url [response url]] && \ + ![regexp "Permission Denied" [response body]]] +} Index: openacs-4/contrib/packages/simulation/www/index.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/www/Attic/index.tcl,v diff -u -r1.12 -r1.13 --- openacs-4/contrib/packages/simulation/www/index.tcl 2 Dec 2003 17:24:32 -0000 1.12 +++ openacs-4/contrib/packages/simulation/www/index.tcl 7 Jan 2004 16:16:06 -0000 1.13 @@ -12,7 +12,7 @@ set user_id [auth::get_user_id] set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] +set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst] set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] ###################################################################### Index: openacs-4/contrib/packages/simulation/www/simulation-master.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/contrib/packages/simulation/www/Attic/simulation-master.tcl,v diff -u -r1.8 -r1.9 --- openacs-4/contrib/packages/simulation/www/simulation-master.tcl 7 Jan 2004 14:32:48 -0000 1.8 +++ openacs-4/contrib/packages/simulation/www/simulation-master.tcl 7 Jan 2004 16:16:06 -0000 1.9 @@ -4,6 +4,12 @@ set parameters_url [export_vars -base "/shared/parameters" {package_id return_url}] set base_url [apm_package_url_from_id $package_id] +###################################################################### +# +# Permission checking +# +###################################################################### + # Anonymous users should only be allowed to access the index page (with the flash map) # and the object view urls # We are assuming here that all pages in the package use this master template @@ -13,6 +19,44 @@ } } +set admin_p [permission::permission_p -object_id $package_id -privilege admin] +set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] +set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst] +set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] + +# If we are in any of the modules - check that the user +# has permission to be there +if { ![empty_string_p [ad_conn extra_url]] } { + regexp {^([^/]+)} [ad_conn extra_url] dir + + set page_forbidden_p 0 + switch $dir { + citybuild { + if { !$citybuild_p } { + set page_forbidden_p 1 + } + } + simbuild { + if { !$simbuild_p } { + set page_forbidden_p 1 + } + + } + siminst { + if { !$siminst_p } { + set page_forbidden_p 1 + } + + } + } + + if { $page_forbidden_p } { + ad_return_forbidden \ + "Permission Denied" \ + "You don't have permission to access this page" + } +} + ###################################################################### # # Build a link bar for the subsite @@ -21,11 +65,6 @@ # TODO: kill link bar for players -set admin_p [permission::permission_p -object_id $package_id -privilege admin] -set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] - if { $citybuild_p } { lappend subnavbar_list [list "${base_url}citybuild" "CityBuild"] } Index: openacs-4/packages/simulation/test/demo-data-setup.test =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/demo-data-setup.test,v diff -u -r1.15 -r1.16 --- openacs-4/packages/simulation/test/demo-data-setup.test 7 Jan 2004 13:46:48 -0000 1.15 +++ openacs-4/packages/simulation/test/demo-data-setup.test 7 Jan 2004 16:16:06 -0000 1.16 @@ -9,88 +9,7 @@ global __demo_users_password set __demo_users_password 1 - # Demo data start - set actors_list { - Teacher - Student - Agent1 - Agent2 - } - array set characters { - Bernadette "Bernadette" - MOTORHOME "MOTORHOME" - "A of Lawfirm X" "Her lawyer" - "A of Lawfirm Y" "Its lawyer" - "B of Lawfirm X" "Partner firm X" - "B of Lawfirm Y" "Partner firm Y" - "C of Lawfirm X" "Secretary firm X" - "C of Lawfirm Y" "Secretary firm Y" - "Portal" "Library" - "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." - "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." - "Aernout of Legisl. Dept." "Head of Legisl. Dept." - "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." - "Laurens of Legisl. Dept." "Chief of Legisl. Dept." - "Fred Undraiser" "Fundraiser" - "A of ADC" "Representative of ADC" - "Minister" "Minister of Justice" - "General Student" "Student" - } - array set characters_ld { - "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." - "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." - "Aernout of Legisl. Dept." "Head of Legisl. Dept." - "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." - "Laurens of Legisl. Dept." "Chief of Legisl. Dept." - "Fred Undraiser" "Fundraiser" - "A of ADC" "Representative of ADC" - "Minister" "Minister of Justice" - "General Student" "Student" - } - array set properties { - "Demo Property 1" "Demo Property 1" - "Demo Property 2" "Demo Property 2" - } - array set tasks { - "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"} - "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"} - "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"} - "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"} - "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"} - "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"} - "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"} - "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"} - "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} - "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} - "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"} - "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} - } - array set tasks_ld { - "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."} - "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."} - "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"} - "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"} - "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} - "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} - "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} - "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} - } - # Demo data end + source demo-data.tcl ::twt::log_section "Login the site wide admin" ::twt::user::login_site_wide_admin @@ -135,8 +54,8 @@ "City Admins" "Actors" } { - set first_names $group_name - set last_name "Test User" + set first_names [::twt::simulation::permission_user_first_names $group_name] + set last_name [::twt::simulation::permission_user_last_name $group_name] ::twt::simulation::add_user -first_names $first_names -last_name $last_name ::twt::simulation::add_user_to_group -group_name $group_name -user_name "$first_names $last_name" @@ -148,6 +67,9 @@ # ################################### + # Do this as the city build user to make sure he has sufficient permissions + ::twt::user::login [::twt::simulation::permission_user_email "City Admins"] + ::twt::log_section "Create an image object" do_request /simulation/citybuild link follow ~u object-edit @@ -186,6 +108,9 @@ # ################################### + # TODO: do this is as "Template Authors" test user + ::twt::user::login_site_wide_admin + set template_name "Elementary Private Law" ::twt::log_section "Create $template_name simulation template" ::twt::simulation::add_template -template_name $template_name @@ -265,16 +190,45 @@ # ################################### + set group_name "City Admins" + # login user + ::twt::user::login [::twt::simulation::permission_user_email $group_name] # city admin can access index page + ::twt::simulation::assert_page_accessible /simulation # can access citybuild - # can create/edit/delete object - # SPECIAL: can set the on_map_p attribute - - # can't access any of the other three modules + ::twt::simulation::assert_page_accessible /simulation/citybuild + # can create object + set object_title "Test property" + ::twt::simulation::add_object -type sim_prop -title $object_title + + # can edit on_map_p attribute of object + do_request /simulation/citybuild + link follow ~c $object_title + link follow ~u object-edit + regexp {item%5fid=([0-9]+)} [response url] match item_id + form find ~n object + field find ~n attr__sim_prop__on_map_p + field select2 ~v t + form submit + if { [regexp "Permission Denied" [response body]] } { + error "City admin should not get permission denied when editing on_map_p of an object" + } + + # can delete object + do_request "/simulation/citybuild/object-delete?confirm_p=1&item_id=$item_id" + if { [regexp "Permission Denied" [response body]] } { + error "City admin should not get permission denied when deleting an object" + } + + # can not build or instantiate templates + foreach module {simbuild siminst} { + ::twt::simulation::assert_page_not_accessible /simulation/$module + } + ################################### # # Permission testing with sim admin (simulation super user) Index: openacs-4/packages/simulation/test/demo-data.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/demo-data.tcl,v diff -u --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ openacs-4/packages/simulation/test/demo-data.tcl 7 Jan 2004 16:16:06 -0000 1.1 @@ -0,0 +1,85 @@ +set actors_list { + Teacher + Student + Agent1 + Agent2 +} + +array set characters { + Bernadette "Bernadette" + MOTORHOME "MOTORHOME" + "A of Lawfirm X" "Her lawyer" + "A of Lawfirm Y" "Its lawyer" + "B of Lawfirm X" "Partner firm X" + "B of Lawfirm Y" "Partner firm Y" + "C of Lawfirm X" "Secretary firm X" + "C of Lawfirm Y" "Secretary firm Y" + "Portal" "Library" + "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." + "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." + "Aernout of Legisl. Dept." "Head of Legisl. Dept." + "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." + "Laurens of Legisl. Dept." "Chief of Legisl. Dept." + "Fred Undraiser" "Fundraiser" + "A of ADC" "Representative of ADC" + "Minister" "Minister of Justice" + "General Student" "Student" +} + +array set characters_ld { + "Lok of Legisl. Dept." "Member 1 of Legisl. Dept." + "Peter of Legisl. Dept." "Member 2 of Legisl. Dept." + "Aernout of Legisl. Dept." "Head of Legisl. Dept." + "Jeroen of Legisl. Dept." "Deputy Head of Legisl. Dept." + "Laurens of Legisl. Dept." "Chief of Legisl. Dept." + "Fred Undraiser" "Fundraiser" + "A of ADC" "Representative of ADC" + "Minister" "Minister of Justice" + "General Student" "Student" +} + +array set properties { + "Demo Property 1" "Demo Property 1" + "Demo Property 2" "Demo Property 2" +} + +array set tasks { + "Ask information from Bernadette" {assigned_role "Her lawyer" recipient_role "Bernadette"} + "Ask information from MOTORHOME" {assigned_role "Her lawyer" recipient_role "MOTORHOME"} + "Ask information from opponent's lawyer 1" {assigned_role "Its lawyer" recipient_role "Her lawyer"} + "Ask information from opponent's lawyer 2" {assigned_role "Her lawyer" recipient_role "Its lawyer"} + "Ask information from library" {assigned_role "Her lawyer" recipient_role "Library"} + "Ask information from partner" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Intervene" {assigned_role "Partner firm X" recipient_role "Her lawyer"} + "Reply to intervention" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Give information as Bernadette" {assigned_role "Bernadette" recipient_role "Her lawyer"} + "Give information as Motorhome" {assigned_role "MOTORHOME" recipient_role "Her lawyer"} + "Make/edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} + "Edit draft report" {assigned_role "Her lawyer" recipient_role "Her lawyer"} + "Give information to opponent's lawyer" {assigned_role "Her lawyer" recipient_role "Its lawyer"} + "Send final report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} + "Send draft report" {assigned_role "Her lawyer" recipient_role "Partner firm X"} +} + +array set tasks_ld { + "Write Proposal gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Head of Legisl. Dept."} + "Write Proposal gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Deputy Head of Legisl. Dept."} + "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Fundraiser" recipient_role "Minister of Justice"} + "Write Opinion SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Representative of ADC" recipient_role "Minister of Justice"} + "Comment on Member2 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment on Member1 Proposal SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Revise using Opinions and Comment from Head SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Revise using Opinions and Comment from Deputy SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Rate Comments SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Rate Revisions SHOULD BE A REVIEWINFO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Learning evaluation DUMMY or ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Write Definition based on Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Elaborate the Revision SHOULD BE AN ADDINFOTOPORTFOLIO" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment Revision of Member 1" {assigned_role "Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Comment Revision of Member 2" {assigned_role "Deputy Head of Legisl. Dept." recipient_role "Minister of Justice"} + "Learning Evalution SHOULD BE A ADDINFOTOPORTFOLIO" {assigned_role "Student" recipient_role "Minister of Justice"} + "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Implementation of all received comments and opinions SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 2 of Legisl. Dept." recipient_role "Minister of Justice"} + "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr1" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} + "Write law SHOULD BE AN ADDINFOTOPORTFOLIO gr2" {assigned_role "Member 1 of Legisl. Dept." recipient_role "Minister of Justice"} +} Index: openacs-4/packages/simulation/test/simulation-test-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/test/simulation-test-procs.tcl,v diff -u -r1.5 -r1.6 --- openacs-4/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 10:39:31 -0000 1.5 +++ openacs-4/packages/simulation/test/simulation-test-procs.tcl 7 Jan 2004 16:16:06 -0000 1.6 @@ -69,8 +69,7 @@ } { do_request /acs-admin/users/user-add field find ~n email - set email_account [string map {" " _} "$first_names $last_name"] - set email "${email_account}@test.test" + set email [email_from_user_name "$first_names $last_name"] field fill $email field find ~n first_names field fill $first_names @@ -84,6 +83,34 @@ form submit } +ad_proc ::twt::simulation::email_from_user_name { user_name } { + set email_account [string map {" " _} $user_name] + set email "${email_account}@test.test" + + return $email +} + +ad_proc ::twt::simulation::permission_user_email { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the email of the demo user in that group. +} { + return [email_from_user_name "[permission_user_first_names $group_name] [permission_user_last_name $group_name]"] +} + +ad_proc ::twt::simulation::permission_user_first_names { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the first names of the demo user in that group. +} { + return $group_name +} + +ad_proc ::twt::simulation::permission_user_last_name { group_name } { + Given the name of one of the permission groups, i.e. "Sim Admins", + return the last name of the demo user in that group. +} { + return "Test User" +} + ad_proc ::twt::simulation::add_user_to_group_url { {-group_name:required} } { @@ -299,4 +326,36 @@ field fill "This is the task description for task $task_name" form submit } -} \ No newline at end of file +} + +ad_proc ::twt::simulation::assert_page_accessible {url} { + Access the given url and throw an error if it's not accessible. + + @see ::twt::simulation::page_accessible_p +} { + if { ![page_accessible_p $url] } { + error "The page at url $url should be accessible but doesn't seem to be (status=[response status] response_url=[response url])" + } +} + +ad_proc ::twt::simulation::assert_page_not_accessible {url} { + Access the given url and throw an error if it's accessible. + + @see ::twt::simulation::page_accessible_p +} { + if { [page_accessible_p $url] } { + error "The page at url $url should not be accessible but seems to be (status=[response status] response_url=[response url])" + } +} + +ad_proc ::twt::simulation::page_accessible_p {url} { + Access the given url and return 1 if there is no permission violation, + breakage, or redirection. Returns 0 otherwise. +} { + # Tclwebtest will throw an error for status 403 and this catch is a workaround for that + catch {do_request $url} + + return [expr [string equal [response status] 200] && \ + [regexp $url [response url]] && \ + ![regexp "Permission Denied" [response body]]] +} Index: openacs-4/packages/simulation/www/index.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/www/index.tcl,v diff -u -r1.12 -r1.13 --- openacs-4/packages/simulation/www/index.tcl 2 Dec 2003 17:24:32 -0000 1.12 +++ openacs-4/packages/simulation/www/index.tcl 7 Jan 2004 16:16:06 -0000 1.13 @@ -12,7 +12,7 @@ set user_id [auth::get_user_id] set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] +set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst] set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] ###################################################################### Index: openacs-4/packages/simulation/www/simulation-master.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/simulation/www/simulation-master.tcl,v diff -u -r1.8 -r1.9 --- openacs-4/packages/simulation/www/simulation-master.tcl 7 Jan 2004 14:32:48 -0000 1.8 +++ openacs-4/packages/simulation/www/simulation-master.tcl 7 Jan 2004 16:16:06 -0000 1.9 @@ -4,6 +4,12 @@ set parameters_url [export_vars -base "/shared/parameters" {package_id return_url}] set base_url [apm_package_url_from_id $package_id] +###################################################################### +# +# Permission checking +# +###################################################################### + # Anonymous users should only be allowed to access the index page (with the flash map) # and the object view urls # We are assuming here that all pages in the package use this master template @@ -13,6 +19,44 @@ } } +set admin_p [permission::permission_p -object_id $package_id -privilege admin] +set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] +set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_inst] +set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] + +# If we are in any of the modules - check that the user +# has permission to be there +if { ![empty_string_p [ad_conn extra_url]] } { + regexp {^([^/]+)} [ad_conn extra_url] dir + + set page_forbidden_p 0 + switch $dir { + citybuild { + if { !$citybuild_p } { + set page_forbidden_p 1 + } + } + simbuild { + if { !$simbuild_p } { + set page_forbidden_p 1 + } + + } + siminst { + if { !$siminst_p } { + set page_forbidden_p 1 + } + + } + } + + if { $page_forbidden_p } { + ad_return_forbidden \ + "Permission Denied" \ + "You don't have permission to access this page" + } +} + ###################################################################### # # Build a link bar for the subsite @@ -21,11 +65,6 @@ # TODO: kill link bar for players -set admin_p [permission::permission_p -object_id $package_id -privilege admin] -set citybuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set simbuild_p [permission::permission_p -object_id $package_id -privilege sim_object_create] -set siminst_p [permission::permission_p -object_id $package_id -privilege sim_inst] - if { $citybuild_p } { lappend subnavbar_list [list "${base_url}citybuild" "CityBuild"] }