[Testbot] Plone 5.0 - Python 2.7 - Build # 1930 - Regression! - 3 failure(s)
jenkins at plone.org
jenkins at plone.org
Wed Mar 12 04:26:51 UTC 2014
-------------------------------------------------------------------------------
Plone 5.0 - Python 2.7 - Build # 1930 - Still Failing!
-------------------------------------------------------------------------------
http://jenkins.plone.org/job/plone-5.0-python-2.7/1930/
-------------------------------------------------------------------------------
CHANGES
-------------------------------------------------------------------------------
Repository: plone.app.portlets
Branch: refs/heads/master
Date: 2014-03-11T21:37:28-05:00
Author: Nathan Van Gheem (vangheem) <vangheem at gmail.com>
Commit: https://github.com/plone/plone.app.portlets/commit/e80de82d2dfe1a5be2acaced35f7bfbb01569807
fix auto csrf protection integration
Files changed:
M plone/app/portlets/browser/manage.py
M plone/app/portlets/browser/templates/manage-dashboard.pt
M plone/app/portlets/tests/testMemberDashboard.txt
M plone/app/portlets/tests/testViewName.txt
diff --git a/plone/app/portlets/browser/manage.py b/plone/app/portlets/browser/manage.py
index 5bff12a..b987ce8 100644
--- a/plone/app/portlets/browser/manage.py
+++ b/plone/app/portlets/browser/manage.py
@@ -32,6 +32,7 @@
from plone.app.portlets import utils
from plone.memoize.view import memoize
+from plone.protect.authenticator import createToken
class ManageContextualPortlets(BrowserView):
@@ -112,6 +113,10 @@ class ManageDashboardPortlets(BrowserView):
# IManagePortletsView implementation
@property
+ def auth_token(self):
+ return createToken()
+
+ @property
def macros(self):
return self.index.macros
diff --git a/plone/app/portlets/browser/templates/manage-dashboard.pt b/plone/app/portlets/browser/templates/manage-dashboard.pt
index 377862e..8cf7a4f 100644
--- a/plone/app/portlets/browser/templates/manage-dashboard.pt
+++ b/plone/app/portlets/browser/templates/manage-dashboard.pt
@@ -45,7 +45,7 @@
</li>
<li class="selected">
<a href=""
- tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard"
+ tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@manage-dashboard?_authenticator=${view/auth_token}"
i18n:translate="label_edit">Edit</a>
</li>
</ul>
diff --git a/plone/app/portlets/tests/testMemberDashboard.txt b/plone/app/portlets/tests/testMemberDashboard.txt
index 0a8dadd..004291d 100644
--- a/plone/app/portlets/tests/testMemberDashboard.txt
+++ b/plone/app/portlets/tests/testMemberDashboard.txt
@@ -6,6 +6,7 @@ Setup::
>>> uf.userFolderAddUser(user1, pass1, ['Member'], [])
>>> uf.userFolderAddUser(user2, pass2, ['Member'], [])
>>> import re
+ >>> from plone.protect.authenticator import createToken
bug: 11174: Portal Members can't add portlets to their dashboard
@@ -22,7 +23,8 @@ Login as the 'user1' user
Go to the dashboard and check that portlets are addable here
- >>> browser.open(portal.absolute_url()+'/@@manage-dashboard')
+ >>> browser.open(portal.absolute_url()+'/@@dashboard')
+ >>> browser.getLink('Edit').click()
>>> 'Add portlet' in browser.contents
True
@@ -66,17 +68,19 @@ Using the addview, let's see that we cannot add a portlet for another user
>>> browser.getControl(name='__ac_password').value = 'pass2'
>>> browser.getControl(name='submit').click()
- >>> browser.open(portalURL+'/@@manage-dashboard')
+ >>> self.login('user2')
+
+ >>> browser.open(portalURL+'/@@manage-dashboard?_authenticator=' + createToken())
>>> bool(re.search('\<\/span\>\s+Search\s+\<\/div\>', browser.contents))
False
Now, we try to open the @@manage-portlets view and also try to call the addview
for a portlet. We shouldn't be able to do any of this
- >>> browser.open(portalURL+'/@@manage-portlets')
+ >>> browser.open(portalURL+'/@@manage-portlets?_authenticator=' + createToken())
>>> "Insufficient Privileges" in browser.contents
True
- >>> browser.open(portalURL + "/++contextportlets++plone.leftcolumn/+/portlets.Search")
+ >>> browser.open(portalURL + "/++contextportlets++plone.leftcolumn/+/portlets.Search?_authenticator=" + createToken())
>>> "Insufficient Privileges" in browser.contents
True
@@ -84,7 +88,7 @@ Finally, if we add the "Member" role to the "Portlets: Manage portlets" permissi
those views
>>> portal.manage_permission('Portlets: Manage portlets', roles=['Manager', 'Member'], acquire=0)
- >>> browser.open(portalURL+'/@@manage-portlets')
+ >>> browser.open(portalURL+'/@@manage-portlets?_authenticator=' + createToken())
>>> "Insufficient Privileges" in browser.contents
False
>>> bool(re.search('\<\/span\>\s+Search\s+\<\/div\>', browser.contents))
diff --git a/plone/app/portlets/tests/testViewName.txt b/plone/app/portlets/tests/testViewName.txt
index 7d5ddb5..cdd47d3 100644
--- a/plone/app/portlets/tests/testViewName.txt
+++ b/plone/app/portlets/tests/testViewName.txt
@@ -108,7 +108,8 @@ Now customize the manage dashboard view and check the name is in place too::
Add a portlet in the dashboard and try to delete it::
- >>> browser.open(portal.absolute_url()+'/@@manage-dashboard')
+ >>> browser.open(portal.absolute_url()+'/dashboard')
+ >>> browser.getLink('Edit').click()
>>> browser.getControl(name=':action',index=0).value = ['/++dashboard++plone.dashboard1+test_user_1_/+/portlets.Search']
>>> browser.getForm(index=1).submit()
>>> browser.getControl('Save').click() # This submits the now shown add form.
-------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CHANGES.log
Type: application/octet-stream
Size: 5236 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/69bd465b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: build.log
Type: application/octet-stream
Size: 130508 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-testbot/attachments/20140312/69bd465b/attachment-0003.obj>
More information about the Testbot
mailing list