Projet

Général

Profil

0001-backoffice-only-display-submission-pages-to-relevant.patch

Frédéric Péters, 31 août 2015 13:12

Télécharger (5,16 ko)

Voir les différences: 

Subject: [PATCH] backoffice: only display submission pages to relevant users
 (#8134)


 tests/test_backoffice_pages.py | 13 ++++---------
 wcs/backoffice/management.py   |  3 +++
 wcs/backoffice/root.py         | 11 +++++------
 wcs/backoffice/submission.py   | 10 ++++++++++
 wcs/formdef.py                 |  1 +
 wcs/qommon/storage.py          |  2 ++
 6 files changed, 25 insertions(+), 15 deletions(-)
tests/test_backoffice_pages.py
461 461 

  		




  462
  462
  
    
    app = login(get_app(pub))

  		




  463
  463
  
    
    resp = app.get('/backoffice/')

  		




  464
  
  
    
    assert 'Submission' in resp.body

  		




  
  464
  
    
    assert not 'Submission' in resp.body

  		




  
  465
  
    
    app.get('/backoffice/submission/', status=403)

  		




  465
  466
  
    

  		




  466
  
  
    
    resp = resp.click('Submission', index=0)

  		




  467
  467
  
    
    formdef = FormDef.select()[0]

  		




  468
  
  
    
    assert not formdef.url_name in resp.body

  		




  469
  
  
    

  		




  470
  468
  
    
    formdef.backoffice_submission_roles = user.roles[:]

  		




  471
  469
  
    
    formdef.store()

  		




  
  470
  
    
    resp = app.get('/backoffice/')

  		




  
  471
  
    
    assert 'Submission' in resp.body

  		




  472
  472
  
    
    resp = app.get('/backoffice/submission/')

  		




  473
  473
  
    
    assert formdef.url_name in resp.body

  		




  474
  474
  
    

  		




  ......




  518
  518
  
    
    create_environment(pub)

  		




  519
  519
  
    

  		




  520
  520
  
    
    app = login(get_app(pub))

  		




  521
  
  
    
    resp = app.get('/backoffice/')

  		




  522
  
  
    
    assert 'Submission' in resp.body

  		




  523
  521
  
    

  		




  524
  
  
    
    resp = resp.click('Submission', index=0)

  		




  525
  522
  
    
    formdef = FormDef.select()[0]

  		




  526
  
  
    
    assert not formdef.url_name in resp.body

  		




  527
  
  
    

  		




  528
  523
  
    
    formdef.enable_tracking_codes = True

  		




  529
  524
  
    
    formdef.backoffice_submission_roles = user.roles[:]

  		




  530
  525
  
    
    formdef.store()

  		












  

    
      wcs/backoffice/management.py
    
  





  47
  47
  
    
class ManagementDirectory(Directory):

  		




  48
  48
  
    
    _q_exports = ['', 'statistics']

  		




  49
  49
  
    

  		




  
  50
  
    
    def is_accessible(self, user):

  		




  
  51
  
    
        return user.can_go_in_backoffice()

  		




  
  52
  
    

  		




  50
  53
  
    
    def _q_traverse(self, path):

  		




  51
  54
  
    
        get_response().breadcrumb.append(('management/', _('Management')))

  		




  52
  55
  
    
        return super(ManagementDirectory, self)._q_traverse(path)

  		












  

    
      wcs/backoffice/root.py
    
  





  105
  105
  
    
            # access is governed by roles set in the settings panel

  		




  106
  106
  
    
            return user_roles.intersection(authorised_roles)

  		




  107
  107
  
    

  		




  108
  
  
    
        # for some subdirectories, the user needs to be part of a role allowed

  		




  109
  
  
    
        # to go in the backoffice

  		




  110
  
  
    
        if subdirectory in ('management', 'submission'):

  		




  111
  
  
    
            return get_request().user.can_go_in_backoffice()

  		




  
  108
  
    
        # if the directory defines a is_accessible method, use it.

  		




  
  109
  
    
        if hasattr(getattr(cls, subdirectory), 'is_accessible'):

  		




  
  110
  
    
            return getattr(cls, subdirectory).is_accessible(get_request().user)

  		




  112
  111
  
    

  		




  113
  
  
    
        # for the other directories, an extra level is required, the user needs

  		




  114
  
  
    
        # to be marked as admin

  		




  
  112
  
    
        # as a last resort, for the other directories, the user needs to be

  		




  
  113
  
    
        # marked as admin

  		




  115
  114
  
    
        return get_request().user.can_go_in_admin()

  		




  116
  115
  
    

  		




  117
  116
  
    
    def check_admin_for_all(self):

  		












  

    
      wcs/backoffice/submission.py
    
  





  95
  95
  
    
class SubmissionDirectory(Directory):

  		




  96
  96
  
    
    _q_exports = ['']

  		




  97
  97
  
    

  		




  
  98
  
    
    def is_accessible(self, user):

  		




  
  99
  
    
        if not user.can_go_in_backoffice():

  		




  
  100
  
    
            return False

  		




  
  101
  
    
        # check user has at least one role set for backoffice submission

  		




  
  102
  
    
        for role_id in (user.roles or []):

  		




  
  103
  
    
            ids = FormDef.get_ids_with_indexed_value('backoffice_submission_roles', role_id)

  		




  
  104
  
    
            if ids:

  		




  
  105
  
    
                return True

  		




  
  106
  
    
        return False

  		




  
  107
  
    

  		




  98
  108
  
    
    def _q_index(self):

  		




  99
  109
  
    
        get_response().breadcrumb.append(('submission/', _('Submission')))

  		




  100
  110
  
    
        html_top('submission', _('Submission'))

  		












  

    
      wcs/formdef.py
    
  





  55
  55
  
    
class FormDef(StorableObject):

  		




  56
  56
  
    
    _names = 'formdefs'

  		




  57
  57
  
    
    _indexes = ['url_name']

  		




  
  58
  
    
    _hashed_indexes = ['backoffice_submission_roles']

  		




  58
  59
  
    

  		




  59
  60
  
    
    name = None

  		




  60
  61
  
    
    description = None

  		












  

    
      wcs/qommon/storage.py
    
  





  597
  597
  
    
                new_value = getattr(self, index)

  		




  598
  598
  
    
                if previous_object_value:

  		




  599
  599
  
    
                    old_value = getattr(previous_object_value, index)

  		




  
  600
  
    
                    if old_value is None:

  		




  
  601
  
    
                        old_value = []

  		




  600
  602
  
    
            else:

  		




  601
  603
  
    
                new_value = [getattr(self, index)]

  		




  602
  604
  
    
                if previous_object_value:

  		




  603
  
  
    
-