0001-base-add-confirmation-when-adding-open-access-right-.patch
| passerelle/base/forms.py | ||
|---|---|---|
| 11 | 11 | |
| 12 | 12 | |
| 13 | 13 |
class AccessRightForm(forms.ModelForm): |
| 14 |
confirm_open_access = forms.BooleanField(label=_('Allow open access'), required=False,
|
|
| 15 |
widget=forms.HiddenInput()) |
|
| 16 | ||
| 14 | 17 |
class Meta: |
| 15 | 18 |
model = AccessRight |
| 16 | 19 |
exclude = [] |
| ... | ... | |
| 20 | 23 |
'resource_pk': forms.HiddenInput(), |
| 21 | 24 |
} |
| 22 | 25 | |
| 26 |
def add_confirmation_checkbox(self): |
|
| 27 |
self.add_error(None, _('Selected user has no security.'))
|
|
| 28 |
self.add_error('confirm_open_access',
|
|
| 29 |
_('Check this box if you are sure you want to allow unauthenticated access to '
|
|
| 30 |
'endpoints. Otherwise, select a different API User.')) |
|
| 31 |
self.fields['confirm_open_access'].widget = forms.CheckboxInput() |
|
| 32 | ||
| 33 |
@property |
|
| 34 |
def allow_open_access(self): |
|
| 35 |
return self.cleaned_data['confirm_open_access'] |
|
| 36 | ||
| 23 | 37 | |
| 24 | 38 |
class AvailabilityParametersForm(forms.ModelForm): |
| 25 | 39 |
class Meta: |
| passerelle/base/views.py | ||
|---|---|---|
| 125 | 125 |
d['resource_pk'] = self.kwargs.get('resource_pk')
|
| 126 | 126 |
return d |
| 127 | 127 | |
| 128 |
def form_valid(self, form): |
|
| 129 |
if not form.cleaned_data['apiuser'].key and not form.allow_open_access: |
|
| 130 |
form.add_confirmation_checkbox() |
|
| 131 |
return self.form_invalid(form) |
|
| 132 |
return super(AccessRightCreateView, self).form_valid(form) |
|
| 133 | ||
| 128 | 134 |
def get_success_url(self): |
| 129 | 135 |
return self.object.resource.get_absolute_url() |
| 130 | 136 | |
| tests/test_manager.py | ||
|---|---|---|
| 459 | 459 |
resp = resp.form.submit().follow() |
| 460 | 460 |
assert ApiUser.objects.filter(username='public').exists() |
| 461 | 461 |
assert AccessRight.objects.filter(codename='can_access').exists() |
| 462 | ||
| 463 | ||
| 464 |
def test_manager_add_open_access_warning(app, admin_user): |
|
| 465 |
csv = CsvDataSource.objects.create(csv_file=File(StringIO('1;t\n'), 't.csv'), slug='t', title='t')
|
|
| 466 |
private = ApiUser.objects.create(username='private', fullname='private', keytype='', key='xxx') |
|
| 467 |
public = ApiUser.objects.create(username='public', fullname='private', keytype='', key='') |
|
| 468 |
assert AccessRight.objects.count() == 0 |
|
| 469 | ||
| 470 |
# adding private api user works |
|
| 471 |
app = login(app) |
|
| 472 |
resp = app.get(csv.get_absolute_url()) |
|
| 473 |
resp = resp.click('Add')
|
|
| 474 |
resp.form['apiuser'] = private.pk |
|
| 475 |
resp = resp.form.submit().follow() |
|
| 476 |
assert AccessRight.objects.count() == 1 |
|
| 477 | ||
| 478 |
# adding public user displays a warning |
|
| 479 |
resp = resp.click('Add')
|
|
| 480 |
resp.form['apiuser'] = public.pk |
|
| 481 |
resp = resp.form.submit() |
|
| 482 |
assert AccessRight.objects.count() == 1 |
|
| 483 |
assert 'user has no security' in resp.text |
|
| 484 | ||
| 485 |
resp = resp.form.submit() |
|
| 486 |
assert AccessRight.objects.count() == 1 |
|
| 487 |
assert 'user has no security' in resp.text |
|
| 488 | ||
| 489 |
# user has to check a box to procceed |
|
| 490 |
resp.form['confirm_open_access'] = True |
|
| 491 |
resp.form.submit().follow() |
|
| 492 |
assert AccessRight.objects.count() == 2 |
|
| 462 |
- |
|