[IMP] cetmix_tower_server: update tower command log security rule

in order to provide access only to records which command access level corresponds the user's one.
cetmix · Jun 30, 2024 · e82b19e · e82b19e
1 parent ee51393
commit e82b19e
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 6 deletions.
diff --git a/cetmix_tower_server/security/cx_tower_command_log_security.xml b/cetmix_tower_server/security/cx_tower_command_log_security.xml
@@ -6,7 +6,9 @@
         <field name="name">Tower command log: user access rule</field>
         <field name="model_id" ref="model_cx_tower_command_log" />
         <field name="groups" eval="[(4, ref('cetmix_tower_server.group_user'))]" />
-        <field name="domain_force">[('create_uid', '=', user.id)]</field>
+        <field
+            name="domain_force"
+        >[('create_uid', '=', user.id), ('command_id.access_level', '=', '1')]</field>
 
 
     </record>

diff --git a/cetmix_tower_server/tests/__init__.py b/cetmix_tower_server/tests/__init__.py
@@ -5,9 +5,5 @@
 from . import test_plan
 from . import test_file
 from . import test_plan_log
-<<<<<<< HEAD
 from . import test_command_wizard
-from . import test_log
-=======
 from . import test_command_log
->>>>>>> 47c5d54 ([IMP]  cetmix_tower_server: rest of command log tests updated)
diff --git a/cetmix_tower_server/tests/test_command_log.py b/cetmix_tower_server/tests/test_command_log.py
@@ -38,7 +38,7 @@ def test_user_access_rule(self):
         #  he did't subscribed to
         with self.assertRaises(AccessError):
             command_name = test_command_log_as_bob.read(["name"])
-        # Subscibe manager to server and test again
+        # Subscribe manager to server and test again
         self.server_test_1.message_subscribe([self.user_bob.partner_id.id])
         command_name = test_command_log_as_bob.read(["name"])
         self.assertEqual(
@@ -54,3 +54,41 @@ def test_user_access_rule(self):
                                 not be able to unlink log entries",
         ):
             test_command_log_as_bob.unlink()
+
+        # Create a new command
+        test_command_1 = self.Command.create(
+            {
+                "name": "Test",
+                "code": "ls",
+                "access_level": "1",
+            }
+        )
+
+        # Create a new command log as user_bob
+        test_command_log_1 = self.CommandLog.create(
+            {
+                "server_id": self.server_test_1.id,
+                "command_id": test_command_1.id,
+                "create_uid": self.user_bob.id,
+            }
+        )
+
+        # Remove user_bob from group_manager
+        self.remove_from_group(
+            self.user_bob,
+            [
+                "cetmix_tower_server.group_manager",
+            ],
+        )
+        # Ensure that user_bob has access to test_command_log_1
+        command_name_1 = test_command_log_1.with_user(self.user_bob).read(["name"])
+        self.assertEqual(
+            command_name_1[0]["name"],
+            test_command_log_1.name,
+            "Command name should be same",
+        )
+        # Update test_command access_level to "2"
+        test_command_1.write({"access_level": "2"})
+        # Ensure that user_bob doesn't have access to test_command_log_1 anymore
+        with self.assertRaises(AccessError):
+            command_name = test_command_log_1.with_user(self.user_bob).read(["name"])