From 80784d047b1250bc31a80ef660652f708a48bccd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 30 Nov 2018 19:25:53 +0100
Subject: [PATCH] do not expose legacy features (#28512)

---
 auquotidien/modules/admin.py      | 50 ++++++++++++++++++++-----------
 auquotidien/modules/backoffice.py |  3 ++
 tests/test_admin_pages.py         | 30 +++++++++++++++++--
 3 files changed, 63 insertions(+), 20 deletions(-)

diff --git a/auquotidien/modules/admin.py b/auquotidien/modules/admin.py
index b238469..71a42d1 100644
--- a/auquotidien/modules/admin.py
+++ b/auquotidien/modules/admin.py
@@ -85,21 +85,26 @@ class PanelDirectory(Directory):
         form.add(SingleSelectWidget, 'forms', title = _('Admin role for forms'),
                 value = permissions_cfg.get('forms', None),
                 options = [(None, _('Nobody'), None)] + get_user_roles())
-        form.add(SingleSelectWidget, 'events', title = _('Admin role for events'),
-                value = permissions_cfg.get('events', None),
-                options = [(None, _('Nobody'), None)] + get_user_roles())
-        form.add(SingleSelectWidget, 'links', title = _('Admin role for links'),
-                value = permissions_cfg.get('links', None),
-                options = [(None, _('Nobody'), None)] + get_user_roles())
-        form.add(SingleSelectWidget, 'announces', title = _('Admin role for announces'),
-                value = permissions_cfg.get('announces', None),
-                options = [(None, _('Nobody'), None)] + get_user_roles())
-        form.add(SingleSelectWidget, 'payments', title = _('Admin role for payments'),
-                value = permissions_cfg.get('payments', None),
-                options = [(None, _('Nobody'), None)] + get_user_roles())
-        form.add(SingleSelectWidget, 'strongbox', title = _('Admin role for strongbox'),
-                value = permissions_cfg.get('strongbox', None),
-                options = [(None, _('Nobody'), None)] + get_user_roles())
+        if get_publisher().has_site_option('auquotidien-events'):
+            form.add(SingleSelectWidget, 'events', title = _('Admin role for events'),
+                    value = permissions_cfg.get('events', None),
+                    options = [(None, _('Nobody'), None)] + get_user_roles())
+        if get_publisher().has_site_option('auquotidien-links'):
+            form.add(SingleSelectWidget, 'links', title = _('Admin role for links'),
+                    value = permissions_cfg.get('links', None),
+                    options = [(None, _('Nobody'), None)] + get_user_roles())
+        if get_publisher().has_site_option('auquotidien-announces'):
+            form.add(SingleSelectWidget, 'announces', title = _('Admin role for announces'),
+                    value = permissions_cfg.get('announces', None),
+                    options = [(None, _('Nobody'), None)] + get_user_roles())
+        if get_publisher().has_site_option('auquotidien-payments'):
+            form.add(SingleSelectWidget, 'payments', title = _('Admin role for payments'),
+                    value = permissions_cfg.get('payments', None),
+                    options = [(None, _('Nobody'), None)] + get_user_roles())
+        if get_publisher().has_site_option('auquotidien-strongbox'):
+            form.add(SingleSelectWidget, 'strongbox', title = _('Admin role for strongbox'),
+                    value = permissions_cfg.get('strongbox', None),
+                    options = [(None, _('Nobody'), None)] + get_user_roles())
         form.add_submit('submit', _('Submit'))
         form.add_submit('cancel', _('Cancel'))
 
@@ -256,16 +261,25 @@ class PanelDirectory(Directory):
 
 class SettingsDirectory(wcs.admin.settings.SettingsDirectory):
     def _q_index(self):
+        if not (get_publisher().has_site_option('auquotidien-announces') or
+                get_publisher().has_site_option('auquotidien-links') or
+                get_publisher().has_site_option('auquotidien-events') or
+                get_publisher().has_site_option('auquotidien-payments') or
+                get_publisher().has_site_option('auquotidien-strongvox')):
+            return super(SettingsDirectory, self)._q_index()
         r = TemplateIO(html=True)
         r += htmltext(super(SettingsDirectory, self)._q_index())
         r += htmltext('<div class="splitcontent-right">')
         r += htmltext('<div class="bo-block">')
         r += htmltext('<h2>%s</h2>') % _('Extra Options')
         r += htmltext('<ul>')
-        r += htmltext('<li><a href="aq/announces">%s</a></li>') % _('Announces Options')
+        if get_publisher().has_site_option('auquotidien-announces'):
+            r += htmltext('<li><a href="aq/announces">%s</a></li>') % _('Announces Options')
         r += htmltext('<li><a href="aq/permissions">%s</a></li>') % _('Permissions')
-        r += htmltext('<li><a href="aq/event_keywords">%s</a></li>') % _('Event Keywords')
-        r += htmltext('<li><a href="aq/announce_themes">%s</a></li>') % _('Announce Themes')
+        if get_publisher().has_site_option('auquotidien-events'):
+            r += htmltext('<li><a href="aq/event_keywords">%s</a></li>') % _('Event Keywords')
+        if get_publisher().has_site_option('auquotidien-announces'):
+            r += htmltext('<li><a href="aq/announce_themes">%s</a></li>') % _('Announce Themes')
         if get_publisher().has_site_option('strongbox'):
             r += htmltext('<li><a href="aq/strongbox">%s</a></li>') % _('Strongbox Support')
         if get_publisher().has_site_option('clicrdv'):
diff --git a/auquotidien/modules/backoffice.py b/auquotidien/modules/backoffice.py
index 0b41830..5e9549c 100644
--- a/auquotidien/modules/backoffice.py
+++ b/auquotidien/modules/backoffice.py
@@ -18,6 +18,9 @@ from qommon.form import *
 CURRENT_USER = object()
 
 def check_visibility(target, user=CURRENT_USER):
+    if not get_publisher().has_site_option('auquotidien-%s' % target):
+        # option not explicitely enabled, -> off.
+        return False
     if user is CURRENT_USER:
         user = get_request().user
     if not user:
diff --git a/tests/test_admin_pages.py b/tests/test_admin_pages.py
index fadf177..fcc2dee 100644
--- a/tests/test_admin_pages.py
+++ b/tests/test_admin_pages.py
@@ -65,6 +65,10 @@ def create_role():
 def teardown_module(module):
     shutil.rmtree(pub.APP_DIR)
 
+@pytest.fixture
+def empty_siteoptions():
+    open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').close()
+
 def test_with_superuser():
     create_superuser()
     app = login(get_app(pub))
@@ -85,18 +89,40 @@ def test_general_admin_permissions():
     del pub.cfg['admin-permissions']
     pub.write_cfg()
 
-def test_aq_permissions_panel():
+def test_aq_permissions_panel(empty_siteoptions):
     create_superuser()
     app = login(get_app(pub))
+    resp = app.get('/backoffice/settings/')
+    assert not 'aq/permissions' in resp.body
+
+    with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd:
+        if not pub.site_options.has_section('options'):
+            pub.site_options.add_section('options')
+        pub.site_options.set('options', 'auquotidien-links', 'true')
+        pub.site_options.write(fd)
+
     resp = app.get('/backoffice/settings/')
     assert 'aq/permissions' in resp.body
     resp = app.get('/backoffice/settings/aq/permissions')
 
-def test_menu_items():
+def test_menu_items(empty_siteoptions):
     create_superuser()
     role = create_role()
 
+    with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd:
+        if not pub.site_options.has_section('options'):
+            pub.site_options.add_section('options')
+        pub.site_options.set('options', 'auquotidien-links', 'true')
+        pub.site_options.write(fd)
+
     for area in ('links', 'announces', 'events', 'links', 'payments'):
+
+        with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd:
+            if not pub.site_options.has_section('options'):
+                pub.site_options.add_section('options')
+            pub.site_options.set('options', 'auquotidien-%s' % area, 'true')
+            pub.site_options.write(fd)
+
         pub.cfg['aq-permissions'] = {area: None}
         pub.write_cfg()
 
-- 
2.20.0.rc1