0001-management-add-link-to-form-carddef-page-in-sidebar-.patch
tests/admin_pages/test_workflow.py | ||
---|---|---|
3165 | 3165 |
app.get('/backoffice/workflows/categories/', status=403) |
3166 | 3166 |
app.get('/backoffice/workflows/data-sources/', status=403) |
3167 | 3167 |
app.get('/backoffice/workflows/mail-templates/', status=403) |
3168 |
app.get('/backoffice/workflows/%s/' % workflow.id, status=403) |
|
3168 | 3169 | |
3169 | 3170 |
# no import into other category |
3170 | 3171 |
workflow_xml = ET.tostring(workflow.export_to_xml(include_id=True)) |
tests/backoffice_pages/test_all.py | ||
---|---|---|
331 | 331 |
assert resp.pyquery.find('body.section-management') |
332 | 332 | |
333 | 333 | |
334 |
def test_admin_form_page(pub): |
|
335 |
create_superuser(pub) |
|
336 |
FormDef.wipe() |
|
337 |
formdef = FormDef() |
|
338 |
formdef.name = 'form title' |
|
339 |
formdef.fields = [] |
|
340 |
formdef.store() |
|
341 | ||
342 |
app = login(get_app(pub)) |
|
343 |
resp = app.get('/backoffice/management/form-title/') |
|
344 |
assert 'backoffice/forms/1/' in resp |
|
345 |
assert 'backoffice/workflows/_default/' in resp |
|
346 | ||
347 | ||
334 | 348 |
def test_backoffice_listing(pub): |
335 | 349 |
create_superuser(pub) |
336 | 350 |
create_environment(pub) |
... | ... | |
4575 | 4589 |
resp = app.get(create_formdata['source_formdef'].get_url(backoffice=True)) |
4576 | 4590 | |
4577 | 4591 |
# click on first available formdata |
4578 |
resp = resp.click(href='%s/' % formdata.id)
|
|
4592 |
resp = resp.click('%s-%s' % (create_formdata['source_formdef'].id, formdata.id))
|
|
4579 | 4593 |
target_data_class = create_formdata['target_formdef'].data_class() |
4580 | 4594 |
assert target_data_class.count() == 0 |
4581 | 4595 |
# resubmit it through backoffice submission |
... | ... | |
4693 | 4707 |
resp = app.get(create_formdata['source_formdef'].get_url(backoffice=True)) |
4694 | 4708 | |
4695 | 4709 |
# click on first available formdata |
4696 |
resp = resp.click(href='%s/' % formdata.id)
|
|
4710 |
resp = resp.click('%s-%s' % (create_formdata['source_formdef'].id, formdata.id))
|
|
4697 | 4711 |
target_data_class = create_formdata['target_formdef'].data_class() |
4698 | 4712 |
assert target_data_class.count() == 0 |
4699 | 4713 |
# resubmit it through backoffice submission |
tests/backoffice_pages/test_carddata.py | ||
---|---|---|
15 | 15 |
from wcs.workflows import ChoiceWorkflowStatusItem, Workflow |
16 | 16 | |
17 | 17 |
from ..utilities import clean_temporary_pub, create_temporary_pub, get_app, login |
18 |
from .test_all import create_user |
|
18 |
from .test_all import create_superuser, create_user
|
|
19 | 19 | |
20 | 20 | |
21 | 21 |
def pytest_generate_tests(metafunc): |
... | ... | |
47 | 47 |
clean_temporary_pub() |
48 | 48 | |
49 | 49 | |
50 |
def test_admin_card_page(pub): |
|
51 |
create_superuser(pub) |
|
52 |
CardDef.wipe() |
|
53 |
carddef = CardDef() |
|
54 |
carddef.name = 'foo' |
|
55 |
carddef.fields = [] |
|
56 |
carddef.store() |
|
57 | ||
58 |
app = login(get_app(pub)) |
|
59 |
resp = app.get('/backoffice/data/foo/') |
|
60 |
assert 'backoffice/cards/1/' in resp |
|
61 |
assert 'backoffice/workflows/_carddef_default/' in resp |
|
62 | ||
63 | ||
50 | 64 |
def test_carddata_management(pub): |
51 | 65 |
CardDef.wipe() |
52 | 66 |
user = create_user(pub) |
wcs/admin/forms.py | ||
---|---|---|
1822 | 1822 | |
1823 | 1823 |
def _q_lookup(self, component): |
1824 | 1824 |
directory = self.formdef_page_class(component) |
1825 |
if not directory.formdef.is_managed_by(get_request().user):
|
|
1825 |
if not directory.formdef.has_user_access(get_request().user):
|
|
1826 | 1826 |
raise AccessForbiddenError() |
1827 | 1827 |
return directory |
1828 | 1828 |
wcs/admin/workflows.py | ||
---|---|---|
2044 | 2044 | |
2045 | 2045 |
def _q_lookup(self, component): |
2046 | 2046 |
directory = WorkflowPage(component) |
2047 |
global_access = is_global_accessible() |
|
2048 |
if directory.workflow.id not in ('_default', '_carddef_default') and not global_access: |
|
2049 |
user_roles = set(get_request().user.get_roles()) |
|
2050 |
management_roles = set() |
|
2051 |
if directory.workflow.category: |
|
2052 |
management_roles = { |
|
2053 |
x.id for x in getattr(directory.workflow.category, 'management_roles') or [] |
|
2054 |
} |
|
2055 |
if not management_roles.intersection(user_roles): |
|
2056 |
raise errors.AccessForbiddenError() |
|
2047 |
if directory.workflow.id in ('_default', '_carddef_default'): |
|
2048 |
return directory |
|
2049 |
if not directory.workflow.has_user_access(get_request().user): |
|
2050 |
raise errors.AccessForbiddenError() |
|
2057 | 2051 |
return directory |
2058 | 2052 | |
2059 | 2053 |
def p_import(self): |
wcs/api.py | ||
---|---|---|
277 | 277 |
return super().check_access(api_name=api_name) |
278 | 278 | |
279 | 279 |
def schema(self): |
280 |
if is_url_signed() or self.formdef.is_managed_by(get_user_from_api_query_string()):
|
|
280 |
if is_url_signed() or self.formdef.has_user_access(get_user_from_api_query_string()):
|
|
281 | 281 |
get_response().set_content_type('application/json') |
282 | 282 |
return self.formdef.export_to_json() |
283 | 283 |
raise AccessForbiddenError() |
... | ... | |
515 | 515 |
self.formdef = formdef |
516 | 516 | |
517 | 517 |
def schema(self): |
518 |
if is_url_signed() or self.formdef.is_managed_by(get_user_from_api_query_string()):
|
|
518 |
if is_url_signed() or self.formdef.has_user_access(get_user_from_api_query_string()):
|
|
519 | 519 |
get_response().set_content_type('application/json') |
520 | 520 |
return self.formdef.export_to_json() |
521 | 521 |
raise AccessForbiddenError() |
wcs/backoffice/data_management.py | ||
---|---|---|
103 | 103 |
admin_permission = 'cards' |
104 | 104 |
formdef_class = CardDef |
105 | 105 |
search_label = _('Search in card content') |
106 |
formdef_view_label = _('View Card') |
|
106 | 107 | |
107 | 108 |
@property |
108 | 109 |
def add(self): |
wcs/backoffice/management.py | ||
---|---|---|
792 | 792 |
admin_permission = 'forms' |
793 | 793 |
formdef_class = FormDef |
794 | 794 |
search_label = _('Search in form content') |
795 |
formdef_view_label = _('View Form') |
|
795 | 796 |
WCS_SYNC_EXPORT_LIMIT = 100 # Arbitrary threshold |
796 | 797 | |
797 | 798 |
def __init__(self, component=None, formdef=None, view=None, update_breadcrumbs=True): |
... | ... | |
875 | 876 |
or self.formdef.category.has_permission('statistics', get_request().user) |
876 | 877 |
): |
877 | 878 |
r += htmltext(' <li class="stats"><a href="stats">%s</a></li>') % _('Statistics') |
879 | ||
880 |
if self.formdef.has_user_access(get_request().user): |
|
881 |
r += htmltext(' <li><a href="%s">%s</a></li>') % ( |
|
882 |
self.formdef.get_admin_url(), |
|
883 |
self.formdef_view_label, |
|
884 |
) |
|
885 |
if self.formdef.workflow.has_user_access(get_request().user): |
|
886 |
r += htmltext(' <li><a href="%s">%s</a></li>') % ( |
|
887 |
self.formdef.workflow.get_admin_url(), |
|
888 |
_('View Workflow'), |
|
889 |
) |
|
878 | 890 |
return r.getvalue() |
879 | 891 | |
880 | 892 |
def get_formdata_sidebar(self, qs=''): |
wcs/formdef.py | ||
---|---|---|
423 | 423 | |
424 | 424 |
return sql.get_formdef_new_id(id_start=id_start) |
425 | 425 | |
426 |
def is_managed_by(self, user):
|
|
426 |
def has_user_access(self, user):
|
|
427 | 427 |
if get_publisher().get_backoffice_root().is_global_accessible(self.backoffice_section): |
428 | 428 |
return True |
429 | 429 |
if not user: |
wcs/workflows.py | ||
---|---|---|
1103 | 1103 |
criterias = [Contains('slug', slugs)] |
1104 | 1104 |
return list(MailTemplate.select(criterias, order_by='name')) |
1105 | 1105 | |
1106 |
def has_user_access(self, user): |
|
1107 |
if get_publisher().get_backoffice_root().is_global_accessible('workflows'): |
|
1108 |
return True |
|
1109 |
if not user: |
|
1110 |
return False |
|
1111 |
if not self.category_id: |
|
1112 |
return False |
|
1113 |
management_roles = {x.id for x in getattr(self.category, 'management_roles') or []} |
|
1114 |
user_roles = set(user.get_roles()) |
|
1115 |
return management_roles.intersection(user_roles) |
|
1116 | ||
1106 | 1117 | |
1107 | 1118 |
class XmlSerialisable: |
1108 | 1119 |
node_name = None |
1109 |
- |