0001-backoffice-only-display-submission-pages-to-relevant.patch
tests/test_backoffice_pages.py | ||
---|---|---|
461 | 461 | |
462 | 462 |
app = login(get_app(pub)) |
463 | 463 |
resp = app.get('/backoffice/') |
464 |
assert 'Submission' in resp.body |
|
464 |
assert not 'Submission' in resp.body |
|
465 |
app.get('/backoffice/submission/', status=403) |
|
465 | 466 | |
466 |
resp = resp.click('Submission', index=0) |
|
467 | 467 |
formdef = FormDef.select()[0] |
468 |
assert not formdef.url_name in resp.body |
|
469 | ||
470 | 468 |
formdef.backoffice_submission_roles = user.roles[:] |
471 | 469 |
formdef.store() |
470 |
resp = app.get('/backoffice/') |
|
471 |
assert 'Submission' in resp.body |
|
472 | 472 |
resp = app.get('/backoffice/submission/') |
473 | 473 |
assert formdef.url_name in resp.body |
474 | 474 | |
... | ... | |
518 | 518 |
create_environment(pub) |
519 | 519 | |
520 | 520 |
app = login(get_app(pub)) |
521 |
resp = app.get('/backoffice/') |
|
522 |
assert 'Submission' in resp.body |
|
523 | 521 | |
524 |
resp = resp.click('Submission', index=0) |
|
525 | 522 |
formdef = FormDef.select()[0] |
526 |
assert not formdef.url_name in resp.body |
|
527 | ||
528 | 523 |
formdef.enable_tracking_codes = True |
529 | 524 |
formdef.backoffice_submission_roles = user.roles[:] |
530 | 525 |
formdef.store() |
wcs/backoffice/management.py | ||
---|---|---|
47 | 47 |
class ManagementDirectory(Directory): |
48 | 48 |
_q_exports = ['', 'statistics'] |
49 | 49 | |
50 |
def is_accessible(self, user): |
|
51 |
return user.can_go_in_backoffice() |
|
52 | ||
50 | 53 |
def _q_traverse(self, path): |
51 | 54 |
get_response().breadcrumb.append(('management/', _('Management'))) |
52 | 55 |
return super(ManagementDirectory, self)._q_traverse(path) |
wcs/backoffice/root.py | ||
---|---|---|
105 | 105 |
# access is governed by roles set in the settings panel |
106 | 106 |
return user_roles.intersection(authorised_roles) |
107 | 107 | |
108 |
# for some subdirectories, the user needs to be part of a role allowed |
|
109 |
# to go in the backoffice |
|
110 |
if subdirectory in ('management', 'submission'): |
|
111 |
return get_request().user.can_go_in_backoffice() |
|
108 |
# if the directory defines a is_accessible method, use it. |
|
109 |
if hasattr(getattr(cls, subdirectory), 'is_accessible'): |
|
110 |
return getattr(cls, subdirectory).is_accessible(get_request().user) |
|
112 | 111 | |
113 |
# for the other directories, an extra level is required, the user needs
|
|
114 |
# to be marked as admin
|
|
112 |
# as a last resort, for the other directories, the user needs to be
|
|
113 |
# marked as admin |
|
115 | 114 |
return get_request().user.can_go_in_admin() |
116 | 115 | |
117 | 116 |
def check_admin_for_all(self): |
wcs/backoffice/submission.py | ||
---|---|---|
95 | 95 |
class SubmissionDirectory(Directory): |
96 | 96 |
_q_exports = [''] |
97 | 97 | |
98 |
def is_accessible(self, user): |
|
99 |
if not user.can_go_in_backoffice(): |
|
100 |
return False |
|
101 |
# check user has at least one role set for backoffice submission |
|
102 |
for role_id in (user.roles or []): |
|
103 |
ids = FormDef.get_ids_with_indexed_value('backoffice_submission_roles', role_id) |
|
104 |
if ids: |
|
105 |
return True |
|
106 |
return False |
|
107 | ||
98 | 108 |
def _q_index(self): |
99 | 109 |
get_response().breadcrumb.append(('submission/', _('Submission'))) |
100 | 110 |
html_top('submission', _('Submission')) |
wcs/formdef.py | ||
---|---|---|
55 | 55 |
class FormDef(StorableObject): |
56 | 56 |
_names = 'formdefs' |
57 | 57 |
_indexes = ['url_name'] |
58 |
_hashed_indexes = ['backoffice_submission_roles'] |
|
58 | 59 | |
59 | 60 |
name = None |
60 | 61 |
description = None |
wcs/qommon/storage.py | ||
---|---|---|
597 | 597 |
new_value = getattr(self, index) |
598 | 598 |
if previous_object_value: |
599 | 599 |
old_value = getattr(previous_object_value, index) |
600 |
if old_value is None: |
|
601 |
old_value = [] |
|
600 | 602 |
else: |
601 | 603 |
new_value = [getattr(self, index)] |
602 | 604 |
if previous_object_value: |
603 |
- |