0001-base-add-confirmation-when-adding-open-access-right-.patch
passerelle/base/forms.py | ||
---|---|---|
11 | 11 | |
12 | 12 | |
13 | 13 |
class AccessRightForm(forms.ModelForm): |
14 |
confirm_open_access = forms.BooleanField(label=_('Allow open access'), required=False, |
|
15 |
widget=forms.HiddenInput()) |
|
16 | ||
14 | 17 |
class Meta: |
15 | 18 |
model = AccessRight |
16 | 19 |
exclude = [] |
... | ... | |
20 | 23 |
'resource_pk': forms.HiddenInput(), |
21 | 24 |
} |
22 | 25 | |
26 |
def add_confirmation_checkbox(self): |
|
27 |
self.add_error(None, _('Selected user has no security.')) |
|
28 |
self.add_error('confirm_open_access', |
|
29 |
_('Check this box if you are sure you want to allow unauthenticated access to ' |
|
30 |
'endpoints. Otherwise, select a different API User.')) |
|
31 |
self.fields['confirm_open_access'].widget = forms.CheckboxInput() |
|
32 | ||
33 |
@property |
|
34 |
def allow_open_access(self): |
|
35 |
return self.cleaned_data['confirm_open_access'] |
|
36 | ||
23 | 37 | |
24 | 38 |
class AvailabilityParametersForm(forms.ModelForm): |
25 | 39 |
class Meta: |
passerelle/base/views.py | ||
---|---|---|
125 | 125 |
d['resource_pk'] = self.kwargs.get('resource_pk') |
126 | 126 |
return d |
127 | 127 | |
128 |
def form_valid(self, form): |
|
129 |
if not form.cleaned_data['apiuser'].key and not form.allow_open_access: |
|
130 |
form.add_confirmation_checkbox() |
|
131 |
return self.form_invalid(form) |
|
132 |
return super(AccessRightCreateView, self).form_valid(form) |
|
133 | ||
128 | 134 |
def get_success_url(self): |
129 | 135 |
return self.object.resource.get_absolute_url() |
130 | 136 |
tests/test_manager.py | ||
---|---|---|
511 | 511 |
resp = resp.form.submit().follow() |
512 | 512 |
assert ApiUser.objects.filter(username='public').exists() |
513 | 513 |
assert AccessRight.objects.filter(codename='can_access').exists() |
514 | ||
515 | ||
516 |
def test_manager_add_open_access_warning(app, admin_user): |
|
517 |
csv = CsvDataSource.objects.create(csv_file=File(StringIO('1;t\n'), 't.csv'), slug='t', title='t') |
|
518 |
private = ApiUser.objects.create(username='private', fullname='private', keytype='', key='xxx') |
|
519 |
public = ApiUser.objects.create(username='public', fullname='private', keytype='', key='') |
|
520 |
assert AccessRight.objects.count() == 0 |
|
521 | ||
522 |
# adding private api user works |
|
523 |
app = login(app) |
|
524 |
resp = app.get(csv.get_absolute_url()) |
|
525 |
resp = resp.click('Add') |
|
526 |
resp.form['apiuser'] = private.pk |
|
527 |
resp = resp.form.submit().follow() |
|
528 |
assert AccessRight.objects.count() == 1 |
|
529 | ||
530 |
# adding public user displays a warning |
|
531 |
resp = resp.click('Add') |
|
532 |
resp.form['apiuser'] = public.pk |
|
533 |
resp = resp.form.submit() |
|
534 |
assert AccessRight.objects.count() == 1 |
|
535 |
assert 'user has no security' in resp.text |
|
536 | ||
537 |
resp = resp.form.submit() |
|
538 |
assert AccessRight.objects.count() == 1 |
|
539 |
assert 'user has no security' in resp.text |
|
540 | ||
541 |
# user has to check a box to procceed |
|
542 |
resp.form['confirm_open_access'] = True |
|
543 |
resp.form.submit().follow() |
|
544 |
assert AccessRight.objects.count() == 2 |
|
514 |
- |