Test community security policies

Updates from OSI:

Show Community

-Tag cloud link should be present on show community

-Members link should be present

-RSS link should be present

-Search Community functionality should be available

Please ignore my last comment - I pasted it in the wrong ticket.

I entered the points below in the updated UAT writeup. Thanks for
getting the comment in.

--Paul

On Mar 5, 2009, at 2:34 PM, Nat Katin-Borland wrote:

> Updates from OSI:
>
> Show Community
>
> -Tag cloud link should be present on show community
>
> -Members link should be present
>
> -RSS link should be present
>
> -Search Community functionality should be available
>
>
> ** Changed in: karl3
> Status: New => Confirmed
>
> --
> Test community security policies
> https://bugs.launchpad.net/bugs/333416
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Porting KARL to a new architecture: New
>
> Bug description:
> Confirm the community security policies in http://carlos.agendaless.com/dko/policies/community-security.html
> work.

I finish 3.1 to 3.5. Overall, the security is working. Except, I can not test search, and search result.

Test 3.1: pass

Test 3.2:
I login as staff1:
create, M3T2 Test 2 community as a public one. I do
Both LS and SR show no result.
CP and MC are working. But MC shows as "m3t2-test-2"
If you do mean to type url address as, http://carlos.agendaless.com/demo/communities/m3t2-test-2 for URLBAR, then it is working

Login as staff2
Both LS and SR show no result.
CP and MC are working

Login as affiliate3
working
not allow me to create a community

Test 3.3/3.4 same testing: working, except no result when searching

Test 3.5: pass except search

Right, we didn't get that part working until a few days ago. We'll
update carlos on Monday.

--Paul

On Mar 5, 2009, at 5:17 PM, Yalan Teng wrote:

> I finish 3.1 to 3.5. Overall, the security is working. Except, I can
> not
> test search, and search result.
>
> Test 3.1: pass
>
> Test 3.2:
> I login as staff1:
> create, M3T2 Test 2 community as a public one. I do
> Both LS and SR show no result.
> CP and MC are working. But MC shows as "m3t2-test-2"
> If you do mean to type url address as, http://carlos.agendaless.com/demo/communities/m3t2-test-2
> for URLBAR, then it is working
>
> Login as staff2
> Both LS and SR show no result.
> CP and MC are working
>
> Login as affiliate3
> working
> not allow me to create a community
>
> Test 3.3/3.4 same testing: working, except no result when searching
>
> Test 3.5: pass except search
>
> --
> Test community security policies
> https://bugs.launchpad.net/bugs/333416
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Porting KARL to a new architecture: New
>
> Bug description:
> Confirm the community security policies in http://carlos.agendaless.com/dko/policies/community-security.html
> work.

I guess, I still can continue testing without the "Search".

I don't quite understand "URLBAR means you can type the community or view". Can you elaborate more?

URLBAR means you can type the URL to the community and navigate
directly to it. We test that to make sure, not only do we not provide
a link to something, but someone can't pass around the URL or guess
the URL and break the security policy.

--Paul

On Mar 6, 2009, at 8:51 AM, Yalan Teng wrote:

> I guess, I still can continue testing without the "Search".
>
> I don't quite understand "URLBAR means you can type the community or
> view". Can you elaborate more?
>
> ** Changed in: karl3
> Status: New => In Progress
>
> --
> Test community security policies
> https://bugs.launchpad.net/bugs/333416
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Porting KARL to a new architecture: In Progress
>
> Bug description:
> Confirm the community security policies in http://carlos.agendaless.com/dko/policies/community-security.html
> work.

Test 3.6:
I create M3T6 Test 6 as public first. When "Edit" the community, I got "server internal error".

Test 3.7:
Odd enough, M3T7 Test 7 shows up in MC for staff2 and affiliate1, but not staff1. Though, staff1 can see M3T7 Test 7 in community list.
Delete M3T7 Testing 7 works

Test 3.8 (very buggy)
Can't test email message becuase email server not installed yet.
Again, staff1 creates M3T8, but can not view it in MC, but others can.
Login as staff2, remove staff1 and staff2 from community. It is successful. However, Staff1 removed, and Staff Two becomes the Sole Moderator. No error message appears as stated. Odd enough, login as Staff1, staff 1 can view M3T8 in CP, not MC. When staff1 in M3T8 community, view members, there is only staff2 as the member. And, there is no "Manage members" for staff 1, either.

Since staff1 is no longer as the member. I login as staff2, add staff 1 as member, assign him as moderator. Login as staff1 again, remove staff1 and staff2 as moderators. No error message. The result shows,
Staff One is no longer a moderator. staff2 as the sole moderator.

Login as staff1, remove from moderator's role. The action box still appears. However, when click, the 'Forbidden' error message shows.

Staff2 is the sole moderator, there is no check box to remove both moderate or memeber.

Just to be clear, Nat will be parsing these and filing bug reports.
(We can't track stuff in comments.)

--Paul

On Mar 6, 2009, at 10:00 AM, Yalan Teng wrote:

> Test 3.6:
> I create M3T6 Test 6 as public first. When "Edit" the community, I
> got "server internal error".
>
> Test 3.7:
> Odd enough, M3T7 Test 7 shows up in MC for staff2 and affiliate1,
> but not staff1. Though, staff1 can see M3T7 Test 7 in community list.
> Delete M3T7 Testing 7 works
>
> Test 3.8 (very buggy)
> Can't test email message becuase email server not installed yet.
> Again, staff1 creates M3T8, but can not view it in MC, but others can.
> Login as staff2, remove staff1 and staff2 from community. It is
> successful. However, Staff1 removed, and Staff Two becomes the Sole
> Moderator. No error message appears as stated. Odd enough, login as
> Staff1, staff 1 can view M3T8 in CP, not MC. When staff1 in M3T8
> community, view members, there is only staff2 as the member. And,
> there is no "Manage members" for staff 1, either.
>
> Since staff1 is no longer as the member. I login as staff2, add
> staff 1 as member, assign him as moderator. Login as staff1 again,
> remove staff1 and staff2 as moderators. No error message. The result
> shows,
> Staff One is no longer a moderator. staff2 as the sole moderator.
>
> Login as staff1, remove from moderator's role. The action box still
> appears. However, when click, the 'Forbidden' error message shows.
>
> Staff2 is the sole moderator, there is no check box to remove both
> moderate or memeber.
>
> --
> Test community security policies
> https://bugs.launchpad.net/bugs/333416
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in Porting KARL to a new architecture: In Progress
>
> Bug description:
> Confirm the community security policies in http://carlos.agendaless.com/dko/policies/community-security.html
> work.

Yes, that's right. The good news is that it seems like many of Yalan's findings are reflected already in other tickets.