0001-base-add-confirmation-when-adding-open-access-right-.patch
passerelle/base/forms.py | ||
---|---|---|
11 | 11 | |
12 | 12 | |
13 | 13 |
class AccessRightForm(forms.ModelForm): |
14 |
confirm_open_access = forms.BooleanField(label=_('Allow open access'), required=False, |
|
15 |
widget=forms.HiddenInput()) |
|
16 | ||
14 | 17 |
class Meta: |
15 | 18 |
model = AccessRight |
16 | 19 |
exclude = [] |
... | ... | |
20 | 23 |
'resource_pk': forms.HiddenInput(), |
21 | 24 |
} |
22 | 25 | |
26 |
def add_confirmation_checkbox(self): |
|
27 |
self.add_error(None, _('Selected user has no security.')) |
|
28 |
self.add_error('confirm_open_access', |
|
29 |
_('Check this box if you are sure you want to allow unauthenticated access to ' |
|
30 |
'endpoints. Otherwise, select a different API User.')) |
|
31 |
self.fields['confirm_open_access'].widget = forms.CheckboxInput() |
|
32 | ||
33 |
@property |
|
34 |
def allow_open_access(self): |
|
35 |
return self.cleaned_data['confirm_open_access'] |
|
36 | ||
23 | 37 | |
24 | 38 |
class AvailabilityParametersForm(forms.ModelForm): |
25 | 39 |
class Meta: |
passerelle/base/views.py | ||
---|---|---|
125 | 125 |
d['resource_pk'] = self.kwargs.get('resource_pk') |
126 | 126 |
return d |
127 | 127 | |
128 |
def form_valid(self, form): |
|
129 |
if not form.cleaned_data['apiuser'].key and not form.allow_open_access: |
|
130 |
form.add_confirmation_checkbox() |
|
131 |
return self.form_invalid(form) |
|
132 |
return super(AccessRightCreateView, self).form_valid(form) |
|
133 | ||
128 | 134 |
def get_success_url(self): |
129 | 135 |
return self.object.resource.get_absolute_url() |
130 | 136 |
tests/test_manager.py | ||
---|---|---|
459 | 459 |
resp = resp.form.submit().follow() |
460 | 460 |
assert ApiUser.objects.filter(username='public').exists() |
461 | 461 |
assert AccessRight.objects.filter(codename='can_access').exists() |
462 | ||
463 | ||
464 |
def test_manager_add_open_access_warning(app, admin_user): |
|
465 |
csv = CsvDataSource.objects.create(csv_file=File(StringIO('1;t\n'), 't.csv'), slug='t', title='t') |
|
466 |
private = ApiUser.objects.create(username='private', fullname='private', keytype='', key='xxx') |
|
467 |
public = ApiUser.objects.create(username='public', fullname='private', keytype='', key='') |
|
468 |
assert AccessRight.objects.count() == 0 |
|
469 | ||
470 |
# adding private api user works |
|
471 |
app = login(app) |
|
472 |
resp = app.get(csv.get_absolute_url()) |
|
473 |
resp = resp.click('Add') |
|
474 |
resp.form['apiuser'] = private.pk |
|
475 |
resp = resp.form.submit().follow() |
|
476 |
assert AccessRight.objects.count() == 1 |
|
477 | ||
478 |
# adding public user displays a warning |
|
479 |
resp = resp.click('Add') |
|
480 |
resp.form['apiuser'] = public.pk |
|
481 |
resp = resp.form.submit() |
|
482 |
assert AccessRight.objects.count() == 1 |
|
483 |
assert 'user has no security' in resp.text |
|
484 | ||
485 |
resp = resp.form.submit() |
|
486 |
assert AccessRight.objects.count() == 1 |
|
487 |
assert 'user has no security' in resp.text |
|
488 | ||
489 |
# user has to check a box to procceed |
|
490 |
resp.form['confirm_open_access'] = True |
|
491 |
resp.form.submit().follow() |
|
492 |
assert AccessRight.objects.count() == 2 |
|
462 |
- |