Access control tests
From AtoM wiki
Main Page > Development > Development/Functional testing > Development/Functional testing/Access control tests
These tests help determine that AtoM's user, group, and permissions management modules function as expected. For more information on the expected behaviors of each, see the "Manage user accounts and user groups" and "Edit user permissions" pages in the ADMINISTER section of our AtoM User Manual.
Create and edit groups
- Administrators can navigate to group edit screen by clicking Admin > Groups
- Administrator can add a new group and set permissions for that group
- Administrator can edit and save changes to administrator, anonymous and authenticated groups but can't delete them
- Administrator can edit and save changes to contributor, editor and translator groups and can delete them
- Administrator can edit data in all fields
- Administrator can delete permissions
- Adding a user to a group causes the user to have the permissions assigned to the group
- Editing permissions for a user overrides permissions inherited from the group for that user
Create user and edit user basic information
- Administrators can navigate to user edit screen by clicking admin > users > add new or admin > users > (user name) > edit
- Administrator can create and edit data in all fields in Basic info area
- Clicking Create or Save opens the user show screen with all changes saved
- Clicking Cancel opens the user show screen with no changes saved
Edit user permissions
- Administrator can assign a user to one or more groups
- Administrator does not have to assign a user to a group
- Administrator can remove a user from one or more groups
- All scenarios described at http://ica-atom.org/doc/UM-7.2_1.0.9 can be run successfully
Hierarchy treeview
- Only authenticated users with update permission can drag and drop information objects within the information object hierarchy treeview
- Users who have update permission only for specified repositories can drag and drop information objects linked to those repositories only
View drafts
- Unauthenticated users do not retrieve draft information objects in search or browse results
- Unauthenticated users do not see draft descriptions listed in context menu boxes of repository or actor show screens
- For unauthenticated users, directly entering a url for a draft description forwards to an access denied page
- On informationobject/browse page, authenticated users see only published fonds and draft fonds to which they have view draft permissions
- Search results by authenticated users only show published descriptions and draft fonds to which they have view draft permissions
- On repository/show page, authenticated users see only published fonds and draft fonds to which they have view draft permissions
- For authenticated users, directly entering a url for a draft description forwards to "permission denied" page if user does not have view draft access to resource
Translate
- Translate group grants ability to translate to all languages - issues #3667 and #4279
- Administrator group grants ability to translate to all languages
- Other users can only translate to languages specified in "Allowed languages for translation" field in Access control div of user edit screen (at this time, this function does not seem to be working properly in 1.3, but it cannot be properly tested until the above issues are resolved)