Project

General

Profile

0001-backoffice-allow-backoffice-submission-with-that-sin.patch

Frédéric Péters, 25 November 2022 07:50 AM

Download (3.11 KB)

View differences: 

Subject: [PATCH] backoffice: allow backoffice submission with that single
 permission (#71694)

Method name got changed in 36110d80823da3312b334db5986278191bc601fb (#70194)
and the change was not made in those files.

 tests/backoffice_pages/test_submission.py | 26 +++++++++++++++++++++++
 wcs/backoffice/submission.py              |  4 ++--
 wcs/forms/preview.py                      |  2 +-
 3 files changed, 29 insertions(+), 3 deletions(-)
tests/backoffice_pages/test_submission.py
1912 1912 
    resp = resp.follow().follow()
1913 1913 
    assert 'parent:foobar' in resp.text  # parent var is ok
1914 1914 
    assert 'computed:foobar' in resp.text  # and getting it via a computed var is also ok
1915 

  		




  
  1916
  
    

  		




  
  1917
  
    
def test_backoffice_submission_no_roles(pub):

  		




  
  1918
  
    
    user = create_user(pub)

  		




  
  1919
  
    

  		




  
  1920
  
    
    FormDef.wipe()

  		




  
  1921
  
    
    formdef = FormDef()

  		




  
  1922
  
    
    formdef.name = 'form title'

  		




  
  1923
  
    
    formdef.fields = [

  		




  
  1924
  
    
        fields.StringField(id='1', label='1st field', type='string'),

  		




  
  1925
  
    
    ]

  		




  
  1926
  
    
    formdef.backoffice_submission_roles = user.roles[:]

  		




  
  1927
  
    
    formdef.roles = ['XXX']  # role the agent doesn't have

  		




  
  1928
  
    
    formdef.workflow_roles = {}

  		




  
  1929
  
    
    formdef.store()

  		




  
  1930
  
    
    formdef.data_class().wipe()

  		




  
  1931
  
    

  		




  
  1932
  
    
    app = login(get_app(pub))

  		




  
  1933
  
    
    resp = app.get('/backoffice/submission/')

  		




  
  1934
  
    
    resp = resp.click('form title')

  		




  
  1935
  
    
    resp.forms[0]['f1'] = 'xxx'

  		




  
  1936
  
    
    resp = resp.forms[0].submit('submit')  # -> validation

  		




  
  1937
  
    
    resp = resp.forms[0].submit('submit').follow()  # -> submit

  		




  
  1938
  
    
    assert formdef.data_class().count() == 1

  		




  
  1939
  
    
    formdata = formdef.data_class().select()[0]

  		




  
  1940
  
    
    assert formdata.data == {'1': 'xxx'}

  		












  

    
      wcs/backoffice/submission.py
    
  





  49
  49
  
    
        if not formdata.backoffice_submission:

  		




  50
  50
  
    
            raise errors.AccessForbiddenError()

  		




  51
  51
  
    

  		




  52
  
  
    
        self.parent_directory.check_role()

  		




  
  52
  
    
        self.parent_directory.check_access()

  		




  53
  53
  
    
        if self.parent_directory.edit_mode:

  		




  54
  54
  
    
            raise errors.AccessForbiddenError()

  		




  55
  55
  
    

  		




  ......




  196
  196
  
    
    def check_authentication_context(self):

  		




  197
  197
  
    
        pass

  		




  198
  198
  
    

  		




  199
  
  
    
    def check_role(self):

  		




  
  199
  
    
    def check_access(self):

  		




  200
  200
  
    
        if self.edit_mode:

  		




  201
  201
  
    
            return True

  		




  202
  202
  
    
        if not self.formdef.backoffice_submission_roles:

  		












  

    
      wcs/forms/preview.py
    
  





  26
  26
  
    
    _q_exports = ['', 'tempfile', 'live']

  		




  27
  27
  
    
    preview_mode = True

  		




  28
  28
  
    

  		




  29
  
  
    
    def check_role(self):

  		




  
  29
  
    
    def check_access(self):

  		




  30
  30
  
    
        pass

  		




  31
  31
  
    

  		




  32
  32
  
    
    def check_disabled(self):

  		




  33
  
  
    
-