Access control tests

From AtoM wiki

Main Page > Development > Development/Functional testing > Development/Functional testing/Access control tests

These tests help determine that AtoM's user, group, and permissions management modules function as expected. For more information on the expected behaviors of each, see the "Manage user accounts and user groups" and "Edit user permissions" pages in the ADMINISTER section of our AtoM User Manual.

Create and edit groups[edit]

  • Administrators can navigate to group edit screen by clicking Admin > Groups
  • Administrator can add a new group and set permissions for that group
  • Administrator can edit and save changes to administrator, anonymous and authenticated groups but can't delete them
  • Administrator can edit and save changes to contributor, editor and translator groups and can delete them
  • Administrator can edit data in all fields
  • Administrator can delete permissions
  • Adding a user to a group causes the user to have the permissions assigned to the group
  • Editing permissions for a user overrides permissions inherited from the group for that user

Create user and edit user basic information[edit]

  • Administrators can navigate to user edit screen by clicking admin > users > add new or admin > users > (user name) > edit
  • Administrator can create and edit data in all fields in Basic info area
  • Clicking Create or Save opens the user show screen with all changes saved
  • Clicking Cancel opens the user show screen with no changes saved

Edit user permissions[edit]

  • Administrator can assign a user to one or more groups
  • Administrator does not have to assign a user to a group
  • Administrator can remove a user from one or more groups
  • All scenarios described at http://ica-atom.org/doc/UM-7.2_1.0.9 can be run successfully

View drafts[edit]

  • Unauthenticated users will not see draft information objects in search or browse results
  • Unauthenticated users will not see draft descriptions listed in context menu boxes of repository or actor show screens
  • For unauthenticated users, directly entering a url for a draft description forwards to an access denied page
  • Authenticated users will see only published descriptions and draft descriptions to which they have view draft permissions on information object/browse page
  • Authenticated users will see only published descriptions and draft descriptions to which they have view draft permissions in search results
  • Authenticated users will see only published descriptions and draft descriptions to which they have view draft permissions on repository/show page
  • For authenticated users, directly entering a url for a draft description forwards to "permission denied" page if user does not have view draft access to resource

Translate[edit]

  • Translate group grants ability to translate to all languages - issues #3667 and #4279
  • Administrator group grants ability to translate to all languages
  • Other users can only translate to languages specified in "Allowed languages for translation" field in Access control div of user edit screen (at this time, this function does not seem to be working properly in 1.3, but it cannot be properly tested until the above issues are resolved)