manager: adapt responses to restricted access on home (#57163)

2021-09-21 20:20:06 +02:00 · 2021-09-21 20:20:06 +02:00 · 494a2b3798
parent d3554167b9
commit 494a2b3798
4 changed files with 57 additions and 20 deletions
--- a/chrono/manager/templates/chrono/manager_home.html
+++ b/chrono/manager/templates/chrono/manager_home.html
@ -13,7 +13,9 @@
 <a href="{% url 'chrono-manager-absence-reason-list' %}">{% trans 'Absence reasons' %}</a>
 <a href="{% url 'chrono-manager-category-list' %}">{% trans 'Categories' %}</a>
 {% endif %}
+{% if has_access_to_unavailability_calendars %}
 <a href="{% url 'chrono-manager-unavailability-calendar-list' %}">{% trans 'Unavailability calendars' %}</a>
+{% endif %}
 {% if user.is_staff %}
 <a href="{% url 'chrono-manager-resource-list' %}">{% trans 'Resources' %}</a>
 <a rel="popup" href="{% url 'chrono-manager-agenda-add' %}">{% trans 'New' %}</a>
@ -36,19 +38,12 @@
 </div>
 {% endfor %}
 {% else %}
-{% if user.is_staff %}
 <div class="big-msg-info">
  {% blocktrans %}
  This site doesn't have any agenda yet. Click on the "New" button in the top
  right of the page to add a first one.
  {% endblocktrans %}
 </div>
-{% else %}
-<div class="big-msg-sorry">
-  <p>{% trans 'This screen display agendas you can access.' %}</p>
-  <p>{% trans 'Unfortunately, there is still no agenda configurated this way.' %}</p>
-</div>
-{% endif %}
 {% endif %}

 {% endblock %}
--- a/chrono/manager/templates/chrono/manager_no_access.html
+++ b/chrono/manager/templates/chrono/manager_no_access.html
@ -0,0 +1,13 @@
+{% extends "chrono/manager_base.html" %}
+{% load i18n %}
+
+{% block appbar %}
+<h2>{% trans 'Agendas' %}</h2>
+{% endblock %}
+
+{% block content %}
+<div class="big-msg-sorry">
+  <p>{% trans 'This screen displays agendas you can access.' %}</p>
+  <p>{% trans 'Unfortunately, there is still no agenda configured this way.' %}</p>
+</div>
+{% endblock %}
--- a/chrono/manager/views.py
+++ b/chrono/manager/views.py
@ -125,14 +125,34 @@ class HomepageView(ListView):
            queryset = queryset.filter(Q(view_role_id__in=group_ids) | Q(edit_role_id__in=group_ids))
        return queryset.order_by('category__label', 'label')

+    def has_access_to_unavailability_calendars(self):
+        if self.request.user.is_staff:
+            return True
+        group_ids = [x.id for x in self.request.user.groups.all()]
+        queryset = UnavailabilityCalendar.objects.filter(
+            Q(view_role_id__in=group_ids) | Q(edit_role_id__in=group_ids)
+        )
+        return queryset.exists()
+
+    def has_access(self):
+        return self.request.user.is_staff or self.get_queryset().exists()
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context['has_access_to_unavailability_calendars'] = self.has_access_to_unavailability_calendars()
+        return context
+
    def get(self, request, *args, **kwargs):
-        self.object_list = self.get_queryset()
-        context = self.get_context_data()
-        if self.request.user.is_staff or self.object_list.count():
-            status = 200
-        else:
-            status = 403
-        return self.render_to_response(context, status=status)
+        if not self.has_access():
+            if self.has_access_to_unavailability_calendars():
+                return HttpResponseRedirect(reverse('chrono-manager-unavailability-calendar-list'))
+            self.template_name = 'chrono/manager_no_access.html'
+        return super().get(request, *args, **kwargs)
+
+    def render_to_response(self, context, **response_kwargs):
+        if self.template_name == 'chrono/manager_no_access.html':
+            response_kwargs['status'] = 403
+        return super().render_to_response(context, **response_kwargs)


 homepage = HomepageView.as_view()
@ -3190,7 +3210,9 @@ unavailability_calendar_add_unavailability = UnavailabilityCalendarAddUnavailabi
 def menu_json(request):
    if not request.user.is_staff:
        homepage_view = HomepageView(request=request)
-        if not homepage_view.get_queryset().exists():
+        if not (
+            homepage_view.get_queryset().exists() or homepage_view.has_access_to_unavailability_calendars()
+        ):
            return HttpResponseForbidden()
    label = _('Agendas')
    json_str = json.dumps(
--- a/tests/manager/test_unavailability_calendar.py
+++ b/tests/manager/test_unavailability_calendar.py
@ -353,13 +353,20 @@ def test_unavailability_calendar_homepage_permission(app, manager_user):
    unavailability_calendar.view_role = group
    unavailability_calendar.edit_role = None
    unavailability_calendar.save()
-    resp = app.get('/manage/', status=403)
-    resp = resp.click('Unavailability calendars')
+    resp = app.get('/manage/', status=302)
+    resp = resp.follow()
+    assert 'Calendar 1' in resp.text
+
+    agenda = Agenda.objects.create(label='Agenda', kind='meetings')
+    agenda.view_role = group
+    agenda.save()
+    resp = app.get('/manage/')
+    assert 'Unavailability calendars' in resp.text
+
    unavailability_calendar.view_role = None
-    unavailability_calendar.edit_role = group
    unavailability_calendar.save()
-    resp = app.get('/manage/', status=403)
-    resp = resp.click('Unavailability calendars')
+    resp = app.get('/manage/')
+    assert 'Unavailability calendars' not in resp.text


 def test_unavailability_calendar_list_permissions(app, manager_user):