From 768fd7a91655859f0ae2448e7a70d09d1d4fbbcc Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 12 Aug 2020 15:16:30 +0200 Subject: [PATCH] misc: fix shown_because_admin has no role and cell.restricted_to_unlogged is True (#45846) --- combo/public/templatetags/combo.py | 11 +--- tests/test_cells.py | 85 +++++++++++++++++++++++++++++- 2 files changed, 86 insertions(+), 10 deletions(-) diff --git a/combo/public/templatetags/combo.py b/combo/public/templatetags/combo.py index caa817ec..bd5711a7 100644 --- a/combo/public/templatetags/combo.py +++ b/combo/public/templatetags/combo.py @@ -41,7 +41,7 @@ from django.utils.encoding import force_str from django.utils.timezone import is_naive, make_aware from combo.apps.dashboard.models import DashboardCell, Tile -from combo.data.models import Page, Placeholder +from combo.data.models import Page, Placeholder, element_is_visible from combo.public.menu import get_menu_context from combo.utils import NothingInCacheException, flatten_context from combo.utils.date import make_date, make_datetime @@ -312,14 +312,7 @@ def time(value, arg=None): @register.filter def shown_because_admin(cell, request): - if not (request.user and request.user.is_superuser): - return False - if cell.public: - return False - cell_groups = cell.groups.all() - if not cell_groups: - return False - return not (set(cell_groups).intersection(request.user.groups.all())) + return not element_is_visible(cell, user=request.user, ignore_superuser=True) @register.filter(name='has_role') diff --git a/tests/test_cells.py b/tests/test_cells.py index 028d7499..76c0b20e 100644 --- a/tests/test_cells.py +++ b/tests/test_cells.py @@ -9,7 +9,7 @@ import pytest import requests from django.apps import apps from django.conf import settings -from django.contrib.auth.models import User +from django.contrib.auth.models import Group, User from django.db import connection from django.forms.widgets import Media from django.template.exceptions import TemplateDoesNotExist @@ -1671,3 +1671,86 @@ def test_cell_assets(settings, app, admin_user): resp = app.get('/manage/assets/') assert link_cell.get_slug_for_asset() == 'test_cell_assets' assert 'Picture — %s (test)' % link_cell.get_label_for_asset() in resp.text + + +class TestCellVisibility: + @pytest.fixture + def group(self, db): + return Group.objects.create(name='Group') + + @pytest.fixture(autouse=True) + def setup(self, db, group): + pg = Page.objects.create(title='Test', slug='test', template_name='standard') + + order = 0 + + def make_cell(**kwargs): + nonlocal order + try: + return TextCell.objects.create(page=pg, placeholder='content', order=order, **kwargs) + finally: + order += 1 + + make_cell(text='

Always visible

') + make_cell(text='

Visible to unlogged only

', restricted_to_unlogged=True) + make_cell(text='

Visible to logged only

', public=False) + make_cell(text='

Visible only to members of group

', public=False).groups.add(group) + make_cell( + text='

Visible only to non-members of group

', + public=False, + restricted_to_unlogged=True, + ).groups.add(group) + + def test_anonymous(self, app): + response = app.get('/test/') + + assert 'Always visible' in response + assert 'Visible to unlogged only' in response + assert 'Visible to logged only' not in response + assert 'Visible only to members of group' not in response + assert 'Visible only to non-members of group' not in response + assert response.pyquery('.shown-because-admin').text() == '' + + def test_user(self, app): + User.objects.create(username='user') + response = app.get('/test/', user='user') + + assert 'Always visible' in response + assert 'Visible to unlogged only' not in response + assert 'Visible to logged only' in response + assert 'Visible only to members of group' not in response + assert 'Visible only to non-members of group' in response + assert response.pyquery('.shown-because-admin').text() == '' + + def test_user_with_role(self, app, group): + User.objects.create(username='user').groups.add(group) + response = app.get('/test/', user='user') + + assert 'Always visible' in response + assert 'Visible to unlogged only' not in response + assert 'Visible to logged only' in response + assert 'Visible only to members of group' in response + assert 'Visible only to non-members of group' not in response + assert response.pyquery('.shown-because-admin').text() == '' + + def test_superuser(self, app): + User.objects.create(username='superuser', is_superuser=True) + response = app.get('/test/', user='superuser') + + assert 'Always visible' in response + assert 'Visible to unlogged only' not in response + assert 'Visible to logged only' in response + assert 'Visible only to members of group' in response + assert 'Visible only to non-members of group' in response + assert response.pyquery('.shown-because-admin').text() == 'Visible only to members of group' + + def test_superuser_with_role(self, app, group): + User.objects.create(username='superuser', is_superuser=True).groups.add(group) + response = app.get('/test/', user='superuser') + + assert 'Always visible' in response + assert 'Visible to unlogged only' not in response + assert 'Visible to logged only' in response + assert 'Visible only to members of group' in response + assert 'Visible only to non-members of group' in response + assert response.pyquery('.shown-because-admin').text() == 'Visible only to non-members of group' -- 2.37.2