0001-manager-make-select2-fields-use-direct-widget-refere.patch
src/authentic2/manager/views.py | ||
---|---|---|
46 | 46 |
from authentic2.decorators import json as json_view |
47 | 47 |
from authentic2 import hooks |
48 | 48 | |
49 |
from . import app_settings, utils, forms |
|
49 |
from . import app_settings, utils, forms, widgets
|
|
50 | 50 | |
51 | 51 | |
52 | 52 |
# https://github.com/MongoEngine/django-mongoengine/blob/master/django_mongoengine/views/edit.py |
... | ... | |
679 | 679 |
'''Overrided default django-select2 view to enforce security checks on Select2 AJAX requests.''' |
680 | 680 | |
681 | 681 |
def get_widget_or_404(self): |
682 |
widget = super(Select2View, self).get_widget_or_404() |
|
682 |
field_id = self.kwargs.get('field_id', self.request.GET.get('field_id', None)) |
|
683 |
if not field_id or not hasattr(widgets, field_id): |
|
684 |
raise Http404('Missing or unknown "field_id" provided.') |
|
685 |
widget = getattr(widgets, field_id)() |
|
686 |
widget.queryset = widget.get_queryset() |
|
683 | 687 |
widget.view = self |
684 | 688 |
if hasattr(widget, 'security_check'): |
685 | 689 |
if not widget.security_check(self.request, *self.args, **self.kwargs): |
686 | 690 |
raise PermissionDenied |
687 | 691 |
return widget |
688 | 692 | |
693 | ||
689 | 694 |
select2 = Select2View.as_view() |
690 | 695 | |
691 | 696 |
src/authentic2/manager/widgets.py | ||
---|---|---|
80 | 80 |
return label |
81 | 81 | |
82 | 82 | |
83 |
class ChooseUserWidget(SecurityCheckMixin, ModelSelect2Widget): |
|
83 |
class SimpleModelSelect2Widget(ModelSelect2Widget): |
|
84 |
def build_attrs(self, *args, **kwargs): |
|
85 |
attrs = super(SimpleModelSelect2Widget, self).build_attrs(*args, **kwargs) |
|
86 |
attrs['data-field_id'] = self.__class__.__name__ |
|
87 |
return attrs |
|
88 | ||
89 | ||
90 |
class SimpleModelSelect2MultipleWidget(ModelSelect2MultipleWidget): |
|
91 |
def build_attrs(self, *args, **kwargs): |
|
92 |
attrs = super(SimpleModelSelect2MultipleWidget, self).build_attrs(*args, **kwargs) |
|
93 |
attrs['data-field_id'] = self.__class__.__name__ |
|
94 |
return attrs |
|
95 | ||
96 | ||
97 |
class ChooseUserWidget(SecurityCheckMixin, SimpleModelSelect2Widget): |
|
84 | 98 |
model = get_user_model() |
85 | 99 |
search_fields = [ |
86 | 100 |
'username__icontains', 'first_name__icontains', |
... | ... | |
91 | 105 |
return utils.label_from_user(user) |
92 | 106 | |
93 | 107 | |
94 |
class ChooseUsersWidget(SecurityCheckMixin, ModelSelect2MultipleWidget): |
|
108 |
class ChooseUsersWidget(SecurityCheckMixin, SimpleModelSelect2MultipleWidget):
|
|
95 | 109 |
model = get_user_model() |
96 | 110 |
search_fields = [ |
97 | 111 |
'username__icontains', 'first_name__icontains', |
... | ... | |
102 | 116 |
return utils.label_from_user(user) |
103 | 117 | |
104 | 118 | |
105 |
class ChooseRoleWidget(RoleLabelMixin, SecurityCheckMixin, ModelSelect2Widget): |
|
119 |
class ChooseRoleWidget(RoleLabelMixin, SecurityCheckMixin, SimpleModelSelect2Widget):
|
|
106 | 120 |
queryset = get_role_model().objects.exclude(slug__startswith='_') |
107 | 121 |
split_term_operator = operator.__and__ |
108 | 122 |
search_fields = [ |
... | ... | |
112 | 126 |
] |
113 | 127 | |
114 | 128 | |
115 |
class ChooseRolesWidget(RoleLabelMixin, SecurityCheckMixin, ModelSelect2MultipleWidget): |
|
129 |
class ChooseRolesWidget(RoleLabelMixin, SecurityCheckMixin, SimpleModelSelect2MultipleWidget):
|
|
116 | 130 |
queryset = get_role_model().objects.exclude(slug__startswith='_') |
117 | 131 |
split_term_operator = operator.__and__ |
118 | 132 |
search_fields = [ |
... | ... | |
122 | 136 |
] |
123 | 137 | |
124 | 138 | |
125 |
class ChooseRolesForChangeWidget(RoleLabelMixin, SecurityCheckMixin, ModelSelect2MultipleWidget): |
|
139 |
class ChooseRolesForChangeWidget(RoleLabelMixin, SecurityCheckMixin, SimpleModelSelect2MultipleWidget):
|
|
126 | 140 |
operations = ['change'] |
127 | 141 |
queryset = get_role_model().objects.all() |
128 | 142 |
split_term_operator = operator.__and__ |
... | ... | |
133 | 147 |
] |
134 | 148 | |
135 | 149 | |
136 |
class ChooseUserRoleWidget(RoleLabelMixin, SecurityCheckMixin, ModelSelect2Widget): |
|
150 |
class ChooseUserRoleWidget(RoleLabelMixin, SecurityCheckMixin, SimpleModelSelect2Widget):
|
|
137 | 151 |
operations = ['change'] |
138 | 152 |
model = get_role_model() |
139 | 153 |
search_fields = [ |
tests/test_manager.py | ||
---|---|---|
842 | 842 | |
843 | 843 | |
844 | 844 |
def test_roles_widget(admin, app, db): |
845 |
from django.core import signing |
|
846 | 845 |
from authentic2.manager.forms import ChooseRoleForm |
847 | 846 | |
848 | 847 |
login(app, admin, '/manage/') |
... | ... | |
855 | 854 | |
856 | 855 |
form = ChooseRoleForm() |
857 | 856 |
assert form.as_p() |
858 |
field_id = signing.dumps(id(form.fields['role'].widget))
|
|
857 |
field_id = form.fields['role'].widget.__class__.__name__
|
|
859 | 858 |
url = reverse('django_select2-json') |
860 | 859 |
response = app.get(url, params={'field_id': field_id, 'term': 'Admin'}) |
861 | 860 |
assert len(response.json['results']) == 3 |
... | ... | |
868 | 867 | |
869 | 868 | |
870 | 869 |
def test_roles_for_change_widget(admin, app, db): |
871 |
from django.core import signing |
|
872 | 870 |
from authentic2.manager.forms import RolesForChangeForm |
873 | 871 | |
874 | 872 |
login(app, admin, '/manage/') |
... | ... | |
877 | 875 | |
878 | 876 |
form = RolesForChangeForm() |
879 | 877 |
assert form.as_p() |
880 |
field_id = signing.dumps(id(form.fields['roles'].widget))
|
|
878 |
field_id = form.fields['roles'].widget.__class__.__name__
|
|
881 | 879 |
url = reverse('django_select2-json') |
882 | 880 |
response = app.get(url, params={'field_id': field_id, 'term': 'admin'}) |
883 | 881 |
assert len(response.json['results']) == 1 |
884 |
- |