Projet

Général

Profil

0001-misc-fix-shown_because_admin-has-no-role-and-cell.re.patch

Benjamin Dauvergne, 12 août 2020 18:54

Télécharger (6,88 ko)

Voir les différences: 

Subject: [PATCH] misc: fix shown_because_admin has no role and
 cell.restricted_to_unlogged is True (#45846)


 combo/data/models.py               |  4 +-
 combo/public/templatetags/combo.py | 11 +---
 tests/test_cells.py                | 87 +++++++++++++++++++++++++++++-
 tox.ini                            |  1 +
 4 files changed, 91 insertions(+), 12 deletions(-)
combo/data/models.py
71 71 
    pass
72 72 

  		




  73
  73
  
    

  		




  74
  
  
    
def element_is_visible(element, user=None):

  		




  
  74
  
    
def element_is_visible(element, user=None, ignore_superuser=False):

  		




  75
  75
  
    
    if element.public:

  		




  76
  76
  
    
        if getattr(element, 'restricted_to_unlogged', None) is True:

  		




  77
  77
  
    
            return (user is None or user.is_anonymous)

  		




  78
  78
  
    
        return True

  		




  79
  79
  
    
    if user is None or user.is_anonymous:

  		




  80
  80
  
    
        return False

  		




  81
  
  
    
    if user.is_superuser:

  		




  
  81
  
    
    if user.is_superuser and not ignore_superuser:

  		




  82
  82
  
    
        return True

  		




  83
  83
  
    
    page_groups = element.groups.all()

  		




  84
  84
  
    
    if not page_groups:

  		












  

    
      combo/public/templatetags/combo.py
    
  





  44
  44
  
    
from django.utils.safestring import mark_safe

  		




  45
  45
  
    
from django.utils.timezone import is_naive, make_aware

  		




  46
  46
  
    

  		




  47
  
  
    
from combo.data.models import Page, Placeholder

  		




  
  47
  
    
from combo.data.models import Page, Placeholder, element_is_visible

  		




  48
  48
  
    
from combo.public.menu import get_menu_context

  		




  49
  49
  
    
from combo.utils import NothingInCacheException, flatten_context

  		




  50
  50
  
    
from combo.utils.date import make_date, make_datetime

  		




  ......




  277
  277
  
    

  		




  278
  278
  
    
@register.filter

  		




  279
  279
  
    
def shown_because_admin(cell, request):

  		




  280
  
  
    
    if not (request.user and request.user.is_superuser):

  		




  281
  
  
    
        return False

  		




  282
  
  
    
    if cell.public:

  		




  283
  
  
    
        return False

  		




  284
  
  
    
    cell_groups = cell.groups.all()

  		




  285
  
  
    
    if not cell_groups:

  		




  286
  
  
    
        return False

  		




  287
  
  
    
    return not(set(cell_groups).intersection(request.user.groups.all()))

  		




  
  280
  
    
    return not element_is_visible(cell, user=request.user, ignore_superuser=True)

  		




  288
  281
  
    

  		




  289
  282
  
    

  		




  290
  283
  
    
@register.filter(name='has_role')

  		












  

    
      tests/test_cells.py
    
  





  16
  16
  
    
from django.test import override_settings

  		




  17
  17
  
    
from django.test.client import RequestFactory

  		




  18
  18
  
    
from django.test.utils import CaptureQueriesContext

  		




  19
  
  
    
from django.contrib.auth.models import User

  		




  
  19
  
    
from django.contrib.auth.models import User, Group

  		




  20
  20
  
    
from django.urls import reverse

  		




  21
  21
  
    
from django.utils.encoding import force_text, force_bytes

  		




  22
  22
  
    
from django.utils.timezone import now

  		




  ......




  1226
  1226
  
    
    resp = app.get('/manage/assets/')

  		




  1227
  1227
  
    
    assert link_cell.get_slug_for_asset() == 'test_cell_assets'

  		




  1228
  1228
  
    
    assert u'Picture — %s (test)' % link_cell.get_label_for_asset() in resp.text

  		




  
  1229
  
    

  		




  
  1230
  
    

  		




  
  1231
  
    
@pytest.fixture

  		




  
  1232
  
    
def group(db):

  		




  
  1233
  
    
    return Group.objects.create(name='Group')

  		




  
  1234
  
    

  		




  
  1235
  
    

  		




  
  1236
  
    
@pytest.fixture

  		




  
  1237
  
    
def cell_visibility_setup(db, group):

  		




  
  1238
  
    
    pg = Page.objects.create(title='Test', slug='test', template_name='standard')

  		




  
  1239
  
    

  		




  
  1240
  
    
    order = 0

  		




  
  1241
  
    

  		




  
  1242
  
    
    def make_cell(**kwargs):

  		




  
  1243
  
    
        nonlocal order

  		




  
  1244
  
    
        try:

  		




  
  1245
  
    
            return TextCell.objects.create(page=pg, placeholder='content', order=order, **kwargs)

  		




  
  1246
  
    
        finally:

  		




  
  1247
  
    
            order += 1

  		




  
  1248
  
    

  		




  
  1249
  
    
    make_cell(text='<p>Always visible</p>')

  		




  
  1250
  
    
    make_cell(text='<p>Visible to unlogged only</p>', restricted_to_unlogged=True)

  		




  
  1251
  
    
    make_cell(text='<p>Visible to logged only</p>', public=False)

  		




  
  1252
  
    
    make_cell(text='<p>Visible only to member of group</p>', public=False).groups.add(group)

  		




  
  1253
  
    
    make_cell(text='<p>Visible only to non-member of group</p>', public=False,

  		




  
  1254
  
    
              restricted_to_unlogged=True).groups.add(group)

  		




  
  1255
  
    

  		




  
  1256
  
    

  		




  
  1257
  
    
def test_cells_visibility_anonymous(app, cell_visibility_setup):

  		




  
  1258
  
    
    response = app.get('/test/')

  		




  
  1259
  
    

  		




  
  1260
  
    
    assert 'Always visible' in response

  		




  
  1261
  
    
    assert 'Visible to unlogged only' in response

  		




  
  1262
  
    
    assert 'Visible to logged only' not in response

  		




  
  1263
  
    
    assert 'Visible only to member of group' not in response

  		




  
  1264
  
    
    assert 'Visible only to non-member of group' not in response

  		




  
  1265
  
    
    assert response.pyquery('.shown-because-admin').text() == ''

  		




  
  1266
  
    

  		




  
  1267
  
    

  		




  
  1268
  
    
def test_cells_visibility_user(app, cell_visibility_setup):

  		




  
  1269
  
    
    User.objects.create(username='user')

  		




  
  1270
  
    
    response = app.get('/test/', user='user')

  		




  
  1271
  
    

  		




  
  1272
  
    
    assert 'Always visible' in response

  		




  
  1273
  
    
    assert 'Visible to unlogged only' not in response

  		




  
  1274
  
    
    assert 'Visible to logged only' in response

  		




  
  1275
  
    
    assert 'Visible only to member of group' not in response

  		




  
  1276
  
    
    assert 'Visible only to non-member of group' in response

  		




  
  1277
  
    
    assert response.pyquery('.shown-because-admin').text() == ''

  		




  
  1278
  
    

  		




  
  1279
  
    

  		




  
  1280
  
    
def test_cells_visibility_user_with_role(app, cell_visibility_setup, group):

  		




  
  1281
  
    
    User.objects.create(username='user').groups.add(group)

  		




  
  1282
  
    
    response = app.get('/test/', user='user')

  		




  
  1283
  
    

  		




  
  1284
  
    
    assert 'Always visible' in response

  		




  
  1285
  
    
    assert 'Visible to unlogged only' not in response

  		




  
  1286
  
    
    assert 'Visible to logged only' in response

  		




  
  1287
  
    
    assert 'Visible only to member of group' in response

  		




  
  1288
  
    
    assert 'Visible only to non-member of group' not in response

  		




  
  1289
  
    
    assert response.pyquery('.shown-because-admin').text() == ''

  		




  
  1290
  
    

  		




  
  1291
  
    

  		




  
  1292
  
    
def test_cells_visibility_superuser(app, cell_visibility_setup):

  		




  
  1293
  
    
    User.objects.create(username='superuser', is_superuser=True)

  		




  
  1294
  
    
    response = app.get('/test/', user='superuser')

  		




  
  1295
  
    

  		




  
  1296
  
    
    assert 'Always visible' in response

  		




  
  1297
  
    
    assert 'Visible to unlogged only' not in response

  		




  
  1298
  
    
    assert 'Visible to logged only' in response

  		




  
  1299
  
    
    assert 'Visible only to member of group' in response

  		




  
  1300
  
    
    assert 'Visible only to non-member of group' in response

  		




  
  1301
  
    
    assert response.pyquery('.shown-because-admin').text() == 'Visible only to member of group'

  		




  
  1302
  
    

  		




  
  1303
  
    

  		




  
  1304
  
    
def test_cells_visibility_superuser_with_role(app, cell_visibility_setup, group):

  		




  
  1305
  
    
    User.objects.create(username='superuser', is_superuser=True).groups.add(group)

  		




  
  1306
  
    
    response = app.get('/test/', user='superuser')

  		




  
  1307
  
    

  		




  
  1308
  
    
    assert 'Always visible' in response

  		




  
  1309
  
    
    assert 'Visible to unlogged only' not in response

  		




  
  1310
  
    
    assert 'Visible to logged only' in response

  		




  
  1311
  
    
    assert 'Visible only to member of group' in response

  		




  
  1312
  
    
    assert 'Visible only to non-member of group' in response

  		




  
  1313
  
    
    assert response.pyquery('.shown-because-admin').text() == 'Visible only to non-member of group'

  		












  

    
      tox.ini
    
  





  31
  31
  
    
  vobject

  		




  32
  32
  
    
  django-ratelimit<3

  		




  33
  33
  
    
  git+http://git.entrouvert.org/debian/django-ckeditor.git

  		




  
  34
  
    
  pyquery

  		




  34
  35
  
    
commands =

  		




  35
  36
  
    
  ./getlasso3.sh

  		




  36
  37
  
    
  python manage.py compilemessages

  		




  37
  
  
    
-