Project

General

Profile

0001-backoffice-allow-backoffice-submission-with-that-sin.patch

Frédéric Péters, 25 November 2022 07:50 AM

Download (3.11 KB)

View differences:

Subject: [PATCH] backoffice: allow backoffice submission with that single
 permission (#71694)

Method name got changed in 36110d80823da3312b334db5986278191bc601fb (#70194)
and the change was not made in those files.
 tests/backoffice_pages/test_submission.py | 26 +++++++++++++++++++++++
 wcs/backoffice/submission.py              |  4 ++--
 wcs/forms/preview.py                      |  2 +-
 3 files changed, 29 insertions(+), 3 deletions(-)
tests/backoffice_pages/test_submission.py
1912 1912
    resp = resp.follow().follow()
1913 1913
    assert 'parent:foobar' in resp.text  # parent var is ok
1914 1914
    assert 'computed:foobar' in resp.text  # and getting it via a computed var is also ok
1915

  
1916

  
1917
def test_backoffice_submission_no_roles(pub):
1918
    user = create_user(pub)
1919

  
1920
    FormDef.wipe()
1921
    formdef = FormDef()
1922
    formdef.name = 'form title'
1923
    formdef.fields = [
1924
        fields.StringField(id='1', label='1st field', type='string'),
1925
    ]
1926
    formdef.backoffice_submission_roles = user.roles[:]
1927
    formdef.roles = ['XXX']  # role the agent doesn't have
1928
    formdef.workflow_roles = {}
1929
    formdef.store()
1930
    formdef.data_class().wipe()
1931

  
1932
    app = login(get_app(pub))
1933
    resp = app.get('/backoffice/submission/')
1934
    resp = resp.click('form title')
1935
    resp.forms[0]['f1'] = 'xxx'
1936
    resp = resp.forms[0].submit('submit')  # -> validation
1937
    resp = resp.forms[0].submit('submit').follow()  # -> submit
1938
    assert formdef.data_class().count() == 1
1939
    formdata = formdef.data_class().select()[0]
1940
    assert formdata.data == {'1': 'xxx'}
wcs/backoffice/submission.py
49 49
        if not formdata.backoffice_submission:
50 50
            raise errors.AccessForbiddenError()
51 51

  
52
        self.parent_directory.check_role()
52
        self.parent_directory.check_access()
53 53
        if self.parent_directory.edit_mode:
54 54
            raise errors.AccessForbiddenError()
55 55

  
......
196 196
    def check_authentication_context(self):
197 197
        pass
198 198

  
199
    def check_role(self):
199
    def check_access(self):
200 200
        if self.edit_mode:
201 201
            return True
202 202
        if not self.formdef.backoffice_submission_roles:
wcs/forms/preview.py
26 26
    _q_exports = ['', 'tempfile', 'live']
27 27
    preview_mode = True
28 28

  
29
    def check_role(self):
29
    def check_access(self):
30 30
        pass
31 31

  
32 32
    def check_disabled(self):
33
-