Project

General

Profile

0001-custom-views-fix-access-to-owner-any-views-with-same.patch

Lauréline Guérin, 04 October 2022 10:47 AM

Download (3.64 KB)

View differences:

Subject: [PATCH] custom views: fix access to owner/any views with same slug
 (#69699)

 tests/backoffice_pages/test_custom_view.py | 26 +++++++++++++++++-----
 wcs/backoffice/management.py               |  7 +++++-
 2 files changed, 27 insertions(+), 6 deletions(-)
tests/backoffice_pages/test_custom_view.py
70 70
        formdata.jump_status('new')
71 71
        formdata.store()
72 72

  
73
    formdef = FormDef()
74
    formdef.workflow_roles = {'_receiver': 1}
75
    formdef.name = 'other form'
76
    formdef.fields = []
77
    formdef.store()
73
    other_formdef = FormDef()
74
    other_formdef.workflow_roles = {'_receiver': 1}
75
    other_formdef.name = 'other form'
76
    other_formdef.fields = []
77
    other_formdef.store()
78 78

  
79 79
    app = login(get_app(pub))
80 80
    resp = app.get('/backoffice/management/form-title/')
81 81
    assert resp.text.count('<span>User Label</span>') == 1
82 82
    assert resp.text.count('<tr') == 4
83 83

  
84
    # create a view for all, with the same slug
85
    custom_view = pub.custom_view_class()
86
    custom_view.title = 'custom test view'
87
    custom_view.formdef = formdef
88
    custom_view.visibility = 'any'
89
    custom_view.columns = {'list': [{'id': 'id'}]}
90
    custom_view.filters = {}
91
    custom_view.store()
92

  
84 93
    # columns
85 94
    resp.forms['listing-settings']['user-label'].checked = False
86 95
    resp = resp.forms['listing-settings'].submit()
......
100 109
    resp = resp.follow()
101 110
    assert resp.text.count('<span>User Label</span>') == 0
102 111
    assert resp.text.count('<tr') == 3
112
    assert resp.pyquery('#sidebar-custom-views li.active a').attr['href'] == '../user-custom-test-view/'
103 113

  
114
    resp = app.get('/backoffice/management/form-title/custom-test-view/')
115
    assert resp.text.count('<tr') == 4
116
    assert resp.pyquery('#sidebar-custom-views li.active a').attr['href'] == '../custom-test-view/'
117

  
118
    resp = app.get('/backoffice/management/form-title/user-custom-test-view/')
104 119
    resp.forms['listing-settings']['filter-1-value'] = 'foo'
105 120
    resp = resp.forms['listing-settings'].submit()
106 121
    assert resp.text.count('<tr') == 2
......
120 135
    resp = resp.follow()
121 136
    assert resp.text.count('<tr') == 3
122 137

  
138
    custom_view.remove_self()
123 139
    resp = app.get('/backoffice/management/other-form/')
124 140
    assert 'custom test view' not in resp
125 141

  
wcs/backoffice/management.py
2903 2903

  
2904 2904
        if not self.view:
2905 2905
            view_slug = component
2906
            criterias = []
2906 2907
            if view_slug.startswith('user-'):
2907 2908
                view_slug = view_slug[5:]
2908
            for view in self.get_custom_views([Contains('slug', [view_slug, component])]):
2909
                criterias.append(Equal('visibility', 'owner'))
2910
            else:
2911
                criterias.append(NotEqual('visibility', 'owner'))
2912
            criterias.append(Equal('slug', view_slug))
2913
            for view in self.get_custom_views(criterias):
2909 2914
                return self.__class__(formdef=self.formdef, view=view)
2910 2915
            if component.startswith('user-'):
2911 2916
                get_session().message = (
2912
-