0001-misc-fix-log-visibility-for-users-with-dispatched-fu.patch

Frédéric Péters, 17 juillet 2017 22:06

Voir les différences: en ligne côte à côte

Subject: [PATCH] misc: fix log visibility for users with dispatched functions
 (#17672)

 tests/test_backoffice_pages.py | 58 ++++++++++++++++++++++++++++++++++++++++++
 wcs/formdef.py                 |  2 ++
 2 files changed, 60 insertions(+)

         FormDef.wipe()
         resp = resp2.click('ZeroDivisionError')
         assert not 'href="http://example.net/backoffice/management/test/' in resp.body
     def test_backoffice_private_status_and_history(pub):
         create_user(pub)
         create_environment(pub)
         formdef = FormDef.get_by_urlname('form-title')
         formdef.private_status_and_history = True
         formdef.store()
         form_class = FormDef.get_by_urlname('form-title').data_class()
         number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
         app = login(get_app(pub))
         resp = app.get('/backoffice/management/form-title/')
         assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 17
         # click on a formdata
         resp = resp.click(href='%s/' % number31.id)
         assert (' with the number %s.' % number31.get_display_id()) in resp.body
         resp.forms[0]['comment'] = 'HELLO WORLD'
         resp = resp.forms[0].submit('button_accept')
         resp = resp.follow()
         assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
         assert 'HELLO WORLD' in resp.body
         assert 'id="evolution-log"' in resp.body
     def test_backoffice_private_status_and_history_with_assigned_function(pub):
         create_user(pub)
         create_environment(pub, set_receiver=False)
         formdef = FormDef.get_by_urlname('form-title')
         formdef.private_status_and_history = True
         formdef.store()
         form_class = FormDef.get_by_urlname('form-title').data_class()
         number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
         app = login(get_app(pub))
         resp = app.get('/backoffice/management/form-title/', status=403)
         # fake function assignment
         number31.workflow_roles = {'_receiver': '1'}
         number31.store()
         resp = app.get('/backoffice/management/form-title/', status=200)
         assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 1
         # click on a formdata
         resp = resp.click(href='%s/' % number31.id)
         assert (' with the number %s.' % number31.get_display_id()) in resp.body
         # history is visible
         assert 'id="evolution-log"' in resp.body
         resp.forms[0]['comment'] = 'HELLO WORLD'
         resp = resp.forms[0].submit('button_accept')
         resp = resp.follow()
         assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
         # history is still visible
         assert 'HELLO WORLD' in resp.body
         assert 'id="evolution-log"' in resp.body

             if not self.workflow_roles:
                 self.workflow_roles = {}
             form_roles = [x for x in self.workflow_roles.values() if x]
             if formdata and formdata.workflow_roles:
                 form_roles.extend([x for x in formdata.workflow_roles.values() if x])
             if user and self.private_status_and_history and not user_roles.intersection(form_roles):
                 return False
             return self.is_user_allowed_read(user, formdata=formdata)
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0001-misc-fix-log-visibility-for-users-with-dispatched-fu.patch