Initial commit: OCA Server Auth packages (29 packages)

2026-04-19 07:12:02 +02:00 · 2025-08-29 15:43:06 +02:00 · 2025-08-29 15:43:06 +02:00 · 3ed80311c4
commit 3ed80311c4
1325 changed files with 127292 additions and 0 deletions
--- a/odoo-bringout-oca-server-auth-vault/vault/tests/test_rights.py
+++ b/odoo-bringout-oca-server-auth-vault/vault/tests/test_rights.py
@ -0,0 +1,155 @@
+# © 2021 Florian Kantelberg - initOS GmbH
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+import logging
+
+from odoo.exceptions import AccessError
+from odoo.tests import TransactionCase
+
+_logger = logging.getLogger(__name__)
+
+
+class TestAccessRights(TransactionCase):
+    def setUp(self):
+        super().setUp()
+        self.user = self.env["res.users"].create(
+            {"login": "user", "name": "tester", "email": "user@localhost"}
+        )
+        self.vault = self.env["vault"].create({"name": "Vault"})
+        self.entry = self.env["vault.entry"].create(
+            {"vault_id": self.vault.id, "name": "Entry"}
+        )
+        self.field = self.env["vault.field"].create(
+            {"entry_id": self.entry.id, "name": "Field", "value": "Value"}
+        )
+        self.vault.right_ids.write({"key": "Owner"})
+
+    def test_vault_reencrypt(self):
+        right = self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+            }
+        )
+
+        assert not self.vault.reencrypt_required
+        right.unlink()
+        assert self.vault.reencrypt_required
+
+    def test_public_key(self):
+        key = self.env["res.users.key"].create(
+            {
+                "user_id": self.vault.user_id.id,
+                "public": "a public key",
+                "salt": "42",
+                "iv": "2424",
+                "iterations": 4000,
+                "private": "24",
+            }
+        )
+        self.assertTrue(self.vault.right_ids.public_key)
+        self.assertEqual(key.public, self.vault.right_ids.public_key)
+
+    def test_owner_access(self):
+        # The owner can always access despite the permissions
+        for obj in [self.field, self.entry, self.vault]:
+            obj.name = "Owned"
+
+            right = self.vault.right_ids
+            right.perm_write = False
+            obj.name = "Owned"
+
+            right.perm_delete = False
+            obj.unlink()
+
+    def test_no_create(self):
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+            }
+        )
+
+        for obj in [self.field, self.entry, self.vault]:
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).check_access_rule("create")
+
+    def test_no_right(self):
+        # No right defined for test user means access denied
+        for obj in [self.field, self.entry, self.vault]:
+            with self.assertRaises(AccessError):
+                self.assertTrue(obj.with_user(self.user).read())
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).name = "Owned"
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).unlink()
+
+    def test_no_permission(self):
+        # Defined right but no write permission means access denied
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_create": False,
+                "perm_write": False,
+                "perm_delete": False,
+            }
+        )
+        for obj in [self.field, self.entry, self.vault]:
+            self.assertTrue(obj.with_user(self.user).read())
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).name = "Owned"
+
+            with self.assertRaises(AccessError):
+                obj.with_user(self.user).unlink()
+
+    def test_granted(self):
+        # Granted write permission allows writing
+        self.env["vault.right"].create(
+            {
+                "vault_id": self.vault.id,
+                "user_id": self.user.id,
+                "perm_write": True,
+                "perm_delete": True,
+            }
+        )
+        for obj in [self.field, self.entry, self.vault]:
+            self.assertTrue(obj.with_user(self.user).read())
+
+            obj.with_user(self.user).name = "Owned"
+            obj.with_user(self.user).unlink()
+
+    def test_owner_share(self):
+        self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id}
+        )
+
+    def test_user_share_no_right(self):
+        # No right defined means AccessError
+        with self.assertRaises(AccessError):
+            self.env["vault.right"].with_user(self.user).create(
+                {"vault_id": self.vault.id, "user_id": 2}
+            )
+
+    def test_user_share_no_permission(self):
+        # Created right but no permission to share
+        right = self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id, "perm_share": False}
+        )
+
+        with self.assertRaises(AccessError):
+            right.with_user(self.user).create({"vault_id": self.vault.id, "user_id": 2})
+
+    def test_user_share_granted(self):
+        # Granted permission to share
+        right = self.env["vault.right"].create(
+            {"vault_id": self.vault.id, "user_id": self.user.id, "perm_share": True}
+        )
+        right.with_user(self.user).create({"vault_id": self.vault.id, "user_id": 2})
+
+        right.unlink()