From a8f83b17fdcafa58c48a976a9e3b60946f335657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Sun, 30 Aug 2015 14:03:35 +0200 Subject: [PATCH] misc: remove options about read access (#7946) --- tests/test_acl_read.py | 146 ------------------------------------------- tests/test_admin_pages.py | 21 ------- wcs/admin/forms.py | 36 +---------- wcs/backoffice/management.py | 2 +- wcs/formdef.py | 29 ++------- wcs/forms/backoffice.py | 10 ++- wcs/forms/root.py | 6 +- 7 files changed, 13 insertions(+), 237 deletions(-) delete mode 100644 tests/test_acl_read.py diff --git a/tests/test_acl_read.py b/tests/test_acl_read.py deleted file mode 100644 index 57159a9..0000000 --- a/tests/test_acl_read.py +++ /dev/null @@ -1,146 +0,0 @@ -import sys -import shutil - -from quixote import cleanup -from wcs.qommon.http_request import HTTPRequest -from wcs import formdef -from wcs.formdef import FormDef - -from utilities import create_temporary_pub - -users = {} - -def setup_module(module): - cleanup() - - global users - global pub - - pub = create_temporary_pub() - - req = HTTPRequest(None, {}) - pub._set_request(req) - - user = pub.user_class(name='user') - user.id = 'user' - users[user.id] = user - - user = pub.user_class(name='user-one-role') - user.id = 'user-one-role' - user.roles = ['role-1'] - users[user.id] = user - - user = pub.user_class(name='user-same-role') - user.id = 'user-same-role' - user.roles = ['role-1'] - users[user.id] = user - - user = pub.user_class(name='user-other-role') - user.id = 'user-other-role' - user.roles = ['role-2'] - users[user.id] = user - - user = pub.user_class(name='user-admin') - user.id = 'user-admin' - user.is_admin = True - users[user.id] = user - - -def teardown_module(module): - shutil.rmtree(pub.APP_DIR) - - -def create_objects(): - formdef = FormDef() - formdef.url_name = 'foobar' - formdef.workflow_roles = {} - formdata = formdef.data_class()() - formdata._formdef = formdef - formdata.status = 'wf-new' - return formdef, formdata - - -def check_acl(formdata, access_user_id): - return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata) - - -def test_acl_all(): - formdef, formdata = create_objects() - formdef.acl_read = 'all' - - assert check_acl(formdata, None) - assert check_acl(formdata, 'user') - - -def test_acl_owner(): - formdef, formdata = create_objects() - formdef.acl_read = 'owner' - formdata.user_id = 'user' - - assert not check_acl(formdata, None) - assert check_acl(formdata, 'user') - assert not check_acl(formdata, 'user-one-role') - assert check_acl(formdata, 'user-admin') - - formdata.user_id = 'user-one-role' - assert not check_acl(formdata, 'user') - - -def test_acl_roles_basics(): - formdef, formdata = create_objects() - formdef.acl_read = 'roles' - formdef.user_id = 'user-one-role' - formdef.roles = ['role-1'] - - assert not check_acl(formdata, None) - assert not check_acl(formdata, 'user') - assert check_acl(formdata, 'user-admin') - - -def test_acl_roles_submitter_role(): - formdef, formdata = create_objects() - formdef.acl_read = 'roles' - formdef.user_id = 'user-one-role' - formdef.roles = ['role-1'] - - assert check_acl(formdata, 'user-one-role') - assert check_acl(formdata, 'user-same-role') - assert not check_acl(formdata, 'user-other-role') - - -def test_acl_roles_receiver_role(): - formdef, formdata = create_objects() - formdef.acl_read = 'roles' - formdef.user_id = 'user-one-role' - formdef.workflow_roles['_receiver'] = 'role-1' - - assert check_acl(formdata, 'user-one-role') - assert check_acl(formdata, 'user-same-role') - assert not check_acl(formdata, 'user-other-role') - - -def test_acl_none_basics(): - formdef, formdata = create_objects() - formdef.acl_read = 'none' - formdef.user_id = 'user' - formdef.workflow_roles['_receiver'] = 'role-1' - - assert not check_acl(formdata, None) - assert not check_acl(formdata, 'user') - assert check_acl(formdata, 'user-admin') - assert check_acl(formdata, 'user-one-role') - assert not check_acl(formdata, 'user-other-role') - - -def test_acl_none_finished(): - formdef, formdata = create_objects() - formdef.acl_read = 'none' - formdef.user_id = 'user' - formdef.workflow_roles['_receiver'] = 'role-1' - formdata.status = 'wf-finished' - - assert not check_acl(formdata, None) - assert not check_acl(formdata, 'user') - assert check_acl(formdata, 'user-admin') - assert check_acl(formdata, 'user-one-role') - assert not check_acl(formdata, 'user-other-role') diff --git a/tests/test_admin_pages.py b/tests/test_admin_pages.py index 554928b..05010e4 100644 --- a/tests/test_admin_pages.py +++ b/tests/test_admin_pages.py @@ -520,27 +520,6 @@ def test_form_workflow_variables(): resp = resp.forms[0].submit('cancel') assert resp.location == 'http://example.net/backoffice/forms/1/' -def test_form_acl_read(): - create_superuser() - create_role() - - FormDef.wipe() - formdef = FormDef() - formdef.name = 'form title' - formdef.fields = [] - formdef.store() - - app = login(get_app(pub)) - resp = app.get('/backoffice/forms/1/') - resp = resp.click(href='acl-read') - resp = resp.forms[0].submit('cancel') - - resp = app.get('/backoffice/forms/1/') - resp = resp.click(href='acl-read') - resp.forms[0]['acl_read'] = 'Everybody' - resp = resp.forms[0].submit('submit') - assert FormDef.get(1).acl_read == 'all' - def test_form_roles(): create_superuser() role = create_role() diff --git a/wcs/admin/forms.py b/wcs/admin/forms.py index fad9945..90b034a 100644 --- a/wcs/admin/forms.py +++ b/wcs/admin/forms.py @@ -91,7 +91,7 @@ class FormDefUI(object): form.get_widget('name').set_error(_('This name is already used')) raise ValueError() - for f in ('name', 'confirmation', 'acl_read', + for f in ('name', 'confirmation', 'only_allow_one', 'category_id', 'disabled', 'enable_tracking_codes', 'workflow_id', 'private_status_and_history', 'disabled_redirection', 'always_advertise', @@ -288,7 +288,7 @@ class FormDefPage(Directory): 'role', ('workflow-options', 'workflow_options'), ('workflow-variables', 'workflow_variables'), ('workflow-status-remapping', 'workflow_status_remapping'), - 'roles', 'title', 'options', ('acl-read', 'acl_read'), + 'roles', 'title', 'options', 'overwrite', 'qrcode', 'information', ('public-url', 'public_url'), ('backoffice-submission-roles', 'backoffice_submission_roles'),] @@ -406,11 +406,6 @@ class FormDefPage(Directory): _('Backoffice Submission Role'), self._get_roles_label('backoffice_submission_roles')) - r += add_option_line('acl-read', _('Read Access'), - {'none': _('None'), - 'owner': _('Owner'), - 'roles': _('Roles'), - 'all': _('Everybody')}.get(self.formdef.acl_read, 'none')) r += htmltext('') r += htmltext('') r += htmltext('') @@ -636,33 +631,6 @@ class FormDefPage(Directory): r += form.render() return r.getvalue() - def acl_read(self): - form = Form(enctype='multipart/form-data') - form.add(SingleSelectWidget, 'acl_read', title=_('Read Access'), - options=[ - (str('none'), _('None')), - (str('owner'), _('Owner')), - (str('roles'), _('Roles')), - (str('all'), _('Everybody'))], - value=self.formdef.acl_read) - form.add_submit('submit', _('Submit')) - form.add_submit('cancel', _('Cancel')) - if form.get_widget('cancel').parse(): - return redirect('.') - - if form.is_submitted() and not form.has_errors(): - self.formdef.acl_read = form.get_widget('acl_read').parse() - self.formdef.store() - return redirect('.') - - get_response().breadcrumb.append( ('acl-read', _('Read Access')) ) - self.html_top(title=self.formdef.name) - r = TemplateIO(html=True) - r += htmltext('

%s

') % _('Roles') - r += htmltext('

%s

') % _('Select who is granted a read access.') - r += form.render() - return r.getvalue() - def workflow(self): form = Form(enctype='multipart/form-data') workflows = get_workflows(condition=lambda x: x.possible_status) diff --git a/wcs/backoffice/management.py b/wcs/backoffice/management.py index 84fe164..d8f392f 100644 --- a/wcs/backoffice/management.py +++ b/wcs/backoffice/management.py @@ -71,7 +71,7 @@ class ManagementDirectory(Directory): pending_forms.extend(formdef_data_class.get_ids_with_indexed_value( 'status', status)) - if formdef.acl_read != 'all' and pending_forms: + if pending_forms: concerned_ids = set() formdata_class = formdef.data_class() user_roles = set(user.roles or []) diff --git a/wcs/formdef.py b/wcs/formdef.py index 6368089..4ff7182 100644 --- a/wcs/formdef.py +++ b/wcs/formdef.py @@ -80,7 +80,6 @@ class FormDef(StorableObject): expiration_date = None has_captcha = False - acl_read = 'owner' # one of ('none', 'owner', 'roles', 'all') private_status_and_history = False last_modification_time = None @@ -142,8 +141,6 @@ class FormDef(StorableObject): self.fields = [x.real_field for x in self.fields] if self.__dict__.has_key('public'): - if self.__dict__.get('public'): - self.acl_read = 'all' del self.__dict__['public'] changed = True @@ -882,10 +879,8 @@ class FormDef(StorableObject): return False def is_user_allowed_read(self, user, formdata=None): - if self.acl_read == 'all': - return True if not user: - if self.acl_read == 'owner' and formdata and get_session() and \ + if formdata and get_session() and \ get_session().is_anonymous_submitter(formdata): return True return False @@ -905,25 +900,11 @@ class FormDef(StorableObject): user_roles = ensure_role_are_strings(user_roles) - if self.acl_read == 'roles': - form_roles = (self.roles or []) - if formdata: - from wcs.workflows import get_role_translation - form_roles.extend([get_role_translation(formdata, x) - for x in self.workflow_roles.keys() if x]) - form_roles = ensure_role_are_strings(form_roles) - if user_roles.intersection(form_roles): - return True - elif self.acl_read == 'owner': - if formdata and formdata.is_submitter(user): + if formdata and formdata.is_submitter(user): + return True + if self.is_of_concern_for_user(user): + if not formdata: return True - if self.is_of_concern_for_user(user): - if not formdata: - return True - elif self.acl_read == 'none': - # no special permission for anybody, but the form will be viewable - # to users with a workflow action available. - pass if formdata: # current status diff --git a/wcs/forms/backoffice.py b/wcs/forms/backoffice.py index 077fc35..a05a128 100644 --- a/wcs/forms/backoffice.py +++ b/wcs/forms/backoffice.py @@ -158,12 +158,10 @@ class FormDefUI(object): select_ids = [x.id for x in formdata_class.select(clause=criterias)] item_ids = list(set(item_ids).intersection(select_ids)) - if self.formdef.acl_read != 'all' and item_ids: - # if the formdef has some ACL defined, we don't go the full way of - # supporting all the cases but assume that as we are in the - # backoffice, we don't have to care about the situation where the - # user is the submitter, and may limit ourselves to consider - # treating roles. + if item_ids: + # as we are in the backoffice, we don't have to care about the + # situation where the user is the submitter, and we limit ourselves + # to consider treating roles. user = user or get_request().user if not user.is_admin: user_roles = set(user.roles or []) diff --git a/wcs/forms/root.py b/wcs/forms/root.py index 1582ab3..913cd75 100644 --- a/wcs/forms/root.py +++ b/wcs/forms/root.py @@ -864,8 +864,7 @@ class FormPage(Directory): def tempfile(self): self.check_role() - if not self.formdef.acl_read == 'all' and ( - self.user and not self.user.id == get_session().user): + if self.user and not self.user.id == get_session().user: self.check_receiver() try: t = get_request().form['t'] @@ -1207,9 +1206,6 @@ class RootDirectory(AccessControlled, Directory): r += htmltext('
  • %s') % ( ' '.join(classes), url_prefix, formdef.url_name, formdef.name) - if formdef.acl_read == 'all': - r += htmltext(' %s') % ( - url_prefix, formdef.url_name, _('(listing)')) if formdef.description: r += htmltext('
    %s
    ' % formdef.description) r += htmltext('
    • ') -- 2.5.1