0001-manager-allow-viewing-resources-of-editable-agenda-5.patch
| chrono/agendas/models.py | ||
|---|---|---|
| 2078 | 2078 |
def base_slug(self): |
| 2079 | 2079 |
return slugify(self.label) |
| 2080 | 2080 | |
| 2081 |
def can_be_viewed(self, user): |
|
| 2082 |
if user.is_staff: |
|
| 2083 |
return True |
|
| 2084 |
group_ids = [x.id for x in user.groups.all()] |
|
| 2085 |
return self.agenda_set.filter(edit_role_id__in=group_ids).exists() |
|
| 2086 | ||
| 2081 | 2087 | |
| 2082 | 2088 |
class Category(models.Model): |
| 2083 | 2089 |
slug = models.SlugField(_('Identifier'), max_length=160, unique=True)
|
| chrono/manager/templates/chrono/manager_resource_detail.html | ||
|---|---|---|
| 16 | 16 |
{% endblock %}
|
| 17 | 17 |
<span class="actions"> |
| 18 | 18 |
{% block appbar-extras %}
|
| 19 |
{% if request.user.is_staff %}
|
|
| 19 | 20 |
<a rel="popup" href="{% url 'chrono-manager-resource-edit' pk=resource.pk %}">{% trans 'Edit' %}</a>
|
| 20 | 21 |
<a rel="popup" href="{% url 'chrono-manager-resource-delete' pk=resource.pk %}">{% trans 'Delete' %}</a>
|
| 22 |
{% endif %}
|
|
| 21 | 23 |
{% now "Y" as today_year %}
|
| 22 | 24 |
{% now "n" as today_month %}
|
| 23 | 25 |
{% now "j" as today_day %}
|
| chrono/manager/views.py | ||
|---|---|---|
| 178 | 178 |
model = Resource |
| 179 | 179 | |
| 180 | 180 |
def dispatch(self, request, *args, **kwargs): |
| 181 |
if not request.user.is_staff: |
|
| 181 |
resource = self.get_object() |
|
| 182 |
if not resource.can_be_viewed(request.user): |
|
| 182 | 183 |
raise PermissionDenied() |
| 183 | 184 |
return super().dispatch(request, *args, **kwargs) |
| 184 | 185 | |
| ... | ... | |
| 212 | 213 |
allow_future = True |
| 213 | 214 | |
| 214 | 215 |
def dispatch(self, request, *args, **kwargs): |
| 215 |
if not request.user.is_staff: |
|
| 216 |
raise PermissionDenied() |
|
| 217 | 216 |
self.resource = get_object_or_404(Resource, pk=kwargs['pk']) |
| 217 |
if not self.resource.can_be_viewed(request.user): |
|
| 218 |
raise PermissionDenied() |
|
| 218 | 219 |
# specify 6am time to get the expected timezone on daylight saving time |
| 219 | 220 |
# days. |
| 220 | 221 |
try: |
| ... | ... | |
| 339 | 340 |
allow_future = True |
| 340 | 341 | |
| 341 | 342 |
def dispatch(self, request, *args, **kwargs): |
| 342 |
if not request.user.is_staff: |
|
| 343 |
raise PermissionDenied() |
|
| 344 | 343 |
self.resource = get_object_or_404(Resource, pk=kwargs['pk']) |
| 344 |
if not self.resource.can_be_viewed(request.user): |
|
| 345 |
raise PermissionDenied() |
|
| 345 | 346 |
self.date = make_aware( |
| 346 | 347 |
datetime.datetime.strptime( |
| 347 | 348 |
'%s-%s-%s 06:00' % (self.get_year(), self.get_month(), 1), '%Y-%m-%d %H:%M' |
| tests/manager/test_resource.py | ||
|---|---|---|
| 560 | 560 |
resp = resp.follow() |
| 561 | 561 |
assert '/manage/resource/%s/' % resource.pk not in resp.text |
| 562 | 562 |
assert '/manage/agendas/%s/resource/%s/delete/' % (agenda.pk, resource.pk) not in resp.text |
| 563 | ||
| 564 | ||
| 565 |
def test_resource_access_permission(app, manager_user): |
|
| 566 |
agenda = Agenda.objects.create(label='Foo Bar', kind='meetings') |
|
| 567 |
resource = Resource.objects.create(label='Resource 1', agenda=agenda) |
|
| 568 |
resource2 = Resource.objects.create(label='Resource 2') |
|
| 569 |
agenda.resources.add(resource) |
|
| 570 | ||
| 571 |
app = login(app, username='manager', password='manager') |
|
| 572 |
assert app.get('/manage/resource/%s/' % resource.pk, status=403)
|
|
| 573 |
assert app.get('/manage/resource/%s/' % resource2.pk, status=403)
|
|
| 574 | ||
| 575 |
agenda.edit_role = manager_user.groups.all()[0] |
|
| 576 |
agenda.save() |
|
| 577 | ||
| 578 |
resp = app.get('/manage/agendas/%s/settings' % agenda.pk)
|
|
| 579 |
resp = resp.click('Resource 1')
|
|
| 580 |
assert 'Edit' not in resp.text |
|
| 581 |
assert 'Delete' not in resp.text |
|
| 582 | ||
| 583 |
assert resp.click('Month view')
|
|
| 584 |
assert resp.click('Day view')
|
|
| 585 | ||
| 586 |
assert app.get('/manage/resource/%s/' % resource2.pk, status=403)
|
|
| 563 |
- |
|