Projet

Général

Profil

0001-misc-remove-options-about-read-access-7946.patch

Frédéric Péters, 30 août 2015 14:04

Télécharger (13,8 ko)

Voir les différences:

Subject: [PATCH] misc: remove options about read access (#7946)

 tests/test_acl_read.py       | 146 -------------------------------------------
 tests/test_admin_pages.py    |  21 -------
 wcs/admin/forms.py           |  36 +----------
 wcs/backoffice/management.py |   2 +-
 wcs/formdef.py               |  29 ++-------
 wcs/forms/backoffice.py      |  10 ++-
 wcs/forms/root.py            |   6 +-
 7 files changed, 13 insertions(+), 237 deletions(-)
 delete mode 100644 tests/test_acl_read.py
tests/test_acl_read.py
1
import sys
2
import shutil
3

  
4
from quixote import cleanup
5
from wcs.qommon.http_request import HTTPRequest
6
from wcs import formdef
7
from wcs.formdef import FormDef
8

  
9
from utilities import create_temporary_pub
10

  
11
users = {}
12

  
13
def setup_module(module):
14
    cleanup()
15

  
16
    global users
17
    global pub
18

  
19
    pub = create_temporary_pub()
20

  
21
    req = HTTPRequest(None, {})
22
    pub._set_request(req)
23

  
24
    user = pub.user_class(name='user')
25
    user.id = 'user'
26
    users[user.id] = user
27

  
28
    user = pub.user_class(name='user-one-role')
29
    user.id = 'user-one-role'
30
    user.roles = ['role-1']
31
    users[user.id] = user
32

  
33
    user = pub.user_class(name='user-same-role')
34
    user.id = 'user-same-role'
35
    user.roles = ['role-1']
36
    users[user.id] = user
37

  
38
    user = pub.user_class(name='user-other-role')
39
    user.id = 'user-other-role'
40
    user.roles = ['role-2']
41
    users[user.id] = user
42

  
43
    user = pub.user_class(name='user-admin')
44
    user.id = 'user-admin'
45
    user.is_admin = True
46
    users[user.id] = user
47

  
48

  
49
def teardown_module(module):
50
    shutil.rmtree(pub.APP_DIR)
51

  
52

  
53
def create_objects():
54
    formdef = FormDef()
55
    formdef.url_name = 'foobar'
56
    formdef.workflow_roles = {}
57
    formdata = formdef.data_class()()
58
    formdata._formdef = formdef
59
    formdata.status = 'wf-new'
60
    return formdef, formdata
61

  
62

  
63
def check_acl(formdata, access_user_id):
64
    return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata)
65

  
66

  
67
def test_acl_all():
68
    formdef, formdata = create_objects()
69
    formdef.acl_read = 'all'
70

  
71
    assert check_acl(formdata, None)
72
    assert check_acl(formdata, 'user')
73

  
74

  
75
def test_acl_owner():
76
    formdef, formdata = create_objects()
77
    formdef.acl_read = 'owner'
78
    formdata.user_id = 'user'
79

  
80
    assert not check_acl(formdata, None)
81
    assert check_acl(formdata, 'user')
82
    assert not check_acl(formdata, 'user-one-role')
83
    assert check_acl(formdata, 'user-admin')
84

  
85
    formdata.user_id = 'user-one-role'
86
    assert not check_acl(formdata, 'user')
87

  
88

  
89
def test_acl_roles_basics():
90
    formdef, formdata = create_objects()
91
    formdef.acl_read = 'roles'
92
    formdef.user_id = 'user-one-role'
93
    formdef.roles = ['role-1']
94

  
95
    assert not check_acl(formdata, None)
96
    assert not check_acl(formdata, 'user')
97
    assert check_acl(formdata, 'user-admin')
98

  
99

  
100
def test_acl_roles_submitter_role():
101
    formdef, formdata = create_objects()
102
    formdef.acl_read = 'roles'
103
    formdef.user_id = 'user-one-role'
104
    formdef.roles = ['role-1']
105

  
106
    assert check_acl(formdata, 'user-one-role')
107
    assert check_acl(formdata, 'user-same-role')
108
    assert not check_acl(formdata, 'user-other-role')
109

  
110

  
111
def test_acl_roles_receiver_role():
112
    formdef, formdata = create_objects()
113
    formdef.acl_read = 'roles'
114
    formdef.user_id = 'user-one-role'
115
    formdef.workflow_roles['_receiver'] = 'role-1'
116

  
117
    assert check_acl(formdata, 'user-one-role')
118
    assert check_acl(formdata, 'user-same-role')
119
    assert not check_acl(formdata, 'user-other-role')
120

  
121

  
122
def test_acl_none_basics():
123
    formdef, formdata = create_objects()
124
    formdef.acl_read = 'none'
125
    formdef.user_id = 'user'
126
    formdef.workflow_roles['_receiver'] = 'role-1'
127

  
128
    assert not check_acl(formdata, None)
129
    assert not check_acl(formdata, 'user')
130
    assert check_acl(formdata, 'user-admin')
131
    assert check_acl(formdata, 'user-one-role')
132
    assert not check_acl(formdata, 'user-other-role')
133

  
134

  
135
def test_acl_none_finished():
136
    formdef, formdata = create_objects()
137
    formdef.acl_read = 'none'
138
    formdef.user_id = 'user'
139
    formdef.workflow_roles['_receiver'] = 'role-1'
140
    formdata.status = 'wf-finished'
141

  
142
    assert not check_acl(formdata, None)
143
    assert not check_acl(formdata, 'user')
144
    assert check_acl(formdata, 'user-admin')
145
    assert check_acl(formdata, 'user-one-role')
146
    assert not check_acl(formdata, 'user-other-role')
tests/test_admin_pages.py
520 520
    resp = resp.forms[0].submit('cancel')
521 521
    assert resp.location == 'http://example.net/backoffice/forms/1/'
522 522

  
523
def test_form_acl_read():
524
    create_superuser()
525
    create_role()
526

  
527
    FormDef.wipe()
528
    formdef = FormDef()
529
    formdef.name = 'form title'
530
    formdef.fields = []
531
    formdef.store()
532

  
533
    app = login(get_app(pub))
534
    resp = app.get('/backoffice/forms/1/')
535
    resp = resp.click(href='acl-read')
536
    resp = resp.forms[0].submit('cancel')
537

  
538
    resp = app.get('/backoffice/forms/1/')
539
    resp = resp.click(href='acl-read')
540
    resp.forms[0]['acl_read'] = 'Everybody'
541
    resp = resp.forms[0].submit('submit')
542
    assert FormDef.get(1).acl_read == 'all'
543

  
544 523
def test_form_roles():
545 524
    create_superuser()
546 525
    role = create_role()
wcs/admin/forms.py
91 91
            form.get_widget('name').set_error(_('This name is already used'))
92 92
            raise ValueError()
93 93

  
94
        for f in ('name', 'confirmation', 'acl_read',
94
        for f in ('name', 'confirmation',
95 95
                    'only_allow_one', 'category_id', 'disabled',
96 96
                    'enable_tracking_codes', 'workflow_id', 'private_status_and_history',
97 97
                    'disabled_redirection', 'always_advertise',
......
288 288
                  'role', ('workflow-options', 'workflow_options'),
289 289
                  ('workflow-variables', 'workflow_variables'),
290 290
                  ('workflow-status-remapping', 'workflow_status_remapping'),
291
                  'roles', 'title', 'options', ('acl-read', 'acl_read'),
291
                  'roles', 'title', 'options',
292 292
                  'overwrite', 'qrcode', 'information',
293 293
                  ('public-url', 'public_url'),
294 294
                  ('backoffice-submission-roles', 'backoffice_submission_roles'),]
......
406 406
                _('Backoffice Submission Role'),
407 407
                self._get_roles_label('backoffice_submission_roles'))
408 408

  
409
        r += add_option_line('acl-read', _('Read Access'),
410
                {'none': _('None'),
411
                 'owner': _('Owner'),
412
                 'roles': _('Roles'),
413
                 'all': _('Everybody')}.get(self.formdef.acl_read, 'none'))
414 409
        r += htmltext('</ul>')
415 410
        r += htmltext('</div>')
416 411
        r += htmltext('</div>')
......
636 631
        r += form.render()
637 632
        return r.getvalue()
638 633

  
639
    def acl_read(self):
640
        form = Form(enctype='multipart/form-data')
641
        form.add(SingleSelectWidget, 'acl_read', title=_('Read Access'),
642
                options=[
643
                    (str('none'), _('None')),
644
                    (str('owner'), _('Owner')),
645
                    (str('roles'), _('Roles')),
646
                    (str('all'), _('Everybody'))],
647
                value=self.formdef.acl_read)
648
        form.add_submit('submit', _('Submit'))
649
        form.add_submit('cancel', _('Cancel'))
650
        if form.get_widget('cancel').parse():
651
            return redirect('.')
652

  
653
        if form.is_submitted() and not form.has_errors():
654
            self.formdef.acl_read = form.get_widget('acl_read').parse()
655
            self.formdef.store()
656
            return redirect('.')
657

  
658
        get_response().breadcrumb.append( ('acl-read', _('Read Access')) )
659
        self.html_top(title=self.formdef.name)
660
        r = TemplateIO(html=True)
661
        r += htmltext('<h2>%s</h2>') % _('Roles')
662
        r += htmltext('<p>%s</p>') % _('Select who is granted a read access.')
663
        r += form.render()
664
        return r.getvalue()
665

  
666 634
    def workflow(self):
667 635
        form = Form(enctype='multipart/form-data')
668 636
        workflows = get_workflows(condition=lambda x: x.possible_status)
wcs/backoffice/management.py
71 71
                pending_forms.extend(formdef_data_class.get_ids_with_indexed_value(
72 72
                                        'status', status))
73 73

  
74
            if formdef.acl_read != 'all' and pending_forms:
74
            if pending_forms:
75 75
                concerned_ids = set()
76 76
                formdata_class = formdef.data_class()
77 77
                user_roles = set(user.roles or [])
wcs/formdef.py
80 80
    expiration_date = None
81 81
    has_captcha = False
82 82

  
83
    acl_read = 'owner'  # one of ('none', 'owner', 'roles', 'all')
84 83
    private_status_and_history = False
85 84

  
86 85
    last_modification_time = None
......
142 141
            self.fields = [x.real_field for x in self.fields]
143 142

  
144 143
        if self.__dict__.has_key('public'):
145
            if self.__dict__.get('public'):
146
                self.acl_read = 'all'
147 144
            del self.__dict__['public']
148 145
            changed = True
149 146

  
......
882 879
        return False
883 880

  
884 881
    def is_user_allowed_read(self, user, formdata=None):
885
        if self.acl_read == 'all':
886
            return True
887 882
        if not user:
888
            if self.acl_read == 'owner' and formdata and get_session() and \
883
            if formdata and get_session() and \
889 884
                    get_session().is_anonymous_submitter(formdata):
890 885
                return True
891 886
            return False
......
905 900

  
906 901
        user_roles = ensure_role_are_strings(user_roles)
907 902

  
908
        if self.acl_read == 'roles':
909
            form_roles = (self.roles or [])
910
            if formdata:
911
                from wcs.workflows import get_role_translation
912
                form_roles.extend([get_role_translation(formdata, x)
913
                                   for x in self.workflow_roles.keys() if x])
914
            form_roles = ensure_role_are_strings(form_roles)
915
            if user_roles.intersection(form_roles):
916
                return True
917
        elif self.acl_read == 'owner':
918
            if formdata and formdata.is_submitter(user):
903
        if formdata and formdata.is_submitter(user):
904
            return True
905
        if self.is_of_concern_for_user(user):
906
            if not formdata:
919 907
                return True
920
            if self.is_of_concern_for_user(user):
921
                if not formdata:
922
                    return True
923
        elif self.acl_read == 'none':
924
            # no special permission for anybody, but the form will be viewable
925
            # to users with a workflow action available.
926
            pass
927 908

  
928 909
        if formdata:
929 910
            # current status
wcs/forms/backoffice.py
158 158
            select_ids = [x.id for x in formdata_class.select(clause=criterias)]
159 159
            item_ids = list(set(item_ids).intersection(select_ids))
160 160

  
161
        if self.formdef.acl_read != 'all' and item_ids:
162
            # if the formdef has some ACL defined, we don't go the full way of
163
            # supporting all the cases but assume that as we are in the
164
            # backoffice, we don't have to care about the situation where the
165
            # user is the submitter, and may limit ourselves to consider
166
            # treating roles.
161
        if item_ids:
162
            # as we are in the backoffice, we don't have to care about the
163
            # situation where the user is the submitter, and we limit ourselves
164
            # to consider treating roles.
167 165
            user = user or get_request().user
168 166
            if not user.is_admin:
169 167
                user_roles = set(user.roles or [])
wcs/forms/root.py
864 864

  
865 865
    def tempfile(self):
866 866
        self.check_role()
867
        if not self.formdef.acl_read == 'all' and (
868
                self.user and not self.user.id == get_session().user):
867
        if self.user and not self.user.id == get_session().user:
869 868
            self.check_receiver()
870 869
        try:
871 870
            t = get_request().form['t']
......
1207 1206
                r += htmltext('<li><a class="%s" href="%s%s/">%s</a>') % (
1208 1207
                        ' '.join(classes), url_prefix, formdef.url_name, formdef.name)
1209 1208

  
1210
            if formdef.acl_read == 'all':
1211
                r += htmltext(' <a class="listing" href="%s%s/listing">%s</a>') % (
1212
                        url_prefix, formdef.url_name, _('(listing)'))
1213 1209
            if formdef.description:
1214 1210
                r += htmltext('<div class="description">%s</div>' % formdef.description)
1215 1211
            r += htmltext('</li>')
1216
-