0001-manager-let-user-with-view-permission-access-the-eve.patch

Frédéric Péters, 03 mars 2018 11:13

Voir les différences: en ligne côte à côte

Subject: [PATCH] manager: let user with view permission access the events
 agenda page (#22245)

 chrono/manager/views.py | 13 +++++++++++++
 tests/test_manager.py   | 28 ++++++++++++++++++++++++----
 2 files changed, 37 insertions(+), 4 deletions(-)

         template_name = 'chrono/manager_agenda_settings.html'
         model = Agenda
         def dispatch(self, request, *args, **kwargs):
             try:
                 self.agenda = Agenda.objects.get(id=kwargs.get('pk'))
             except Agenda.DoesNotExist:
                 raise Http404()
             if not self.agenda.can_be_managed(request.user):
                 # "events" agendas settings page can be access by user with the
                 # view permission as there are no other "view" page for this type
                 # of agenda.
                 if self.agenda.kind != 'events' or not self.agenda.can_be_viewed(request.user):
                     raise PermissionDenied()
             return super(DetailView, self).dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             context = super(AgendaSettings, self).get_context_data(**kwargs)
             context['user_can_manage'] = self.get_object().can_be_managed(self.request.user)

         agenda.view_role = manager_user.groups.all()[0]
         agenda.save()
         agenda = Agenda(label=u'Bar Foo')
         agenda.save()
         agenda2 = Agenda(label=u'Bar Foo')
         agenda2.save()
         app = login(app, username='manager', password='manager')
         resp = app.get('/manage/', status=200)
-...
         assert 'Bar Foo' not in resp.body
         assert 'New' not in resp.body
         app.get('/manage/agendas/%s/' % agenda.id, status=403)
         # check user doesn't have access
         app.get('/manage/agendas/%s/' % agenda2.id, status=403)
         # check view gives access to the settings page for "events" agenda
         resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=200)
         # but there's no links to actions
         assert not '>New Event<' in resp.body
         assert not '>Options<' in resp.body
         app.get('/manage/agendas/%s/add-event' % agenda.id, status=403)
         app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
         # check it doesn't give access for "meetings" agenda
         agenda.kind = 'meetings'
         agenda.save()
         resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
     def test_add_agenda(app, admin_user):
         app = login(app)
-...
         resp = app.get('/manage/', status=200)
         resp = resp.click('Foo bar')
         assert not 'Settings' in resp.body
         resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=200)  # ok for "events" agendas
         resp = app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
         agenda.kind = 'meetings'
         agenda.save()
         resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
         resp = app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
         agenda.kind = 'events'
         agenda.save()
         agenda.edit_role = manager_user.groups.all()[0]
         agenda.save()
-...
         agenda.save()
         app = login(app, username='manager', password='manager')
         resp = app.get('/manage/agendas/%s/' % agenda.id, status=302)
         app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
         app.get('/manage/agendas/%s/add-event' % agenda.id, status=403)
         agenda.edit_role = manager_user.groups.all()[0]
+    -

Projet

Général

Profil

Produits Entr'ouvert » Chrono

0001-manager-let-user-with-view-permission-access-the-eve.patch