manager: let user with view permission access the events agenda page (#22245)
This commit is contained in:
parent
1f9d16e5ee
commit
6c6ee01dd6
|
@ -360,6 +360,19 @@ class AgendaSettings(ManagedAgendaMixin, DetailView):
|
|||
template_name = 'chrono/manager_agenda_settings.html'
|
||||
model = Agenda
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
try:
|
||||
self.agenda = Agenda.objects.get(id=kwargs.get('pk'))
|
||||
except Agenda.DoesNotExist:
|
||||
raise Http404()
|
||||
if not self.agenda.can_be_managed(request.user):
|
||||
# "events" agendas settings page can be access by user with the
|
||||
# view permission as there are no other "view" page for this type
|
||||
# of agenda.
|
||||
if self.agenda.kind != 'events' or not self.agenda.can_be_viewed(request.user):
|
||||
raise PermissionDenied()
|
||||
return super(DetailView, self).dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super(AgendaSettings, self).get_context_data(**kwargs)
|
||||
context['user_can_manage'] = self.get_object().can_be_managed(self.request.user)
|
||||
|
|
|
@ -119,8 +119,8 @@ def test_view_agendas_as_manager(app, manager_user):
|
|||
agenda.view_role = manager_user.groups.all()[0]
|
||||
agenda.save()
|
||||
|
||||
agenda = Agenda(label=u'Bar Foo')
|
||||
agenda.save()
|
||||
agenda2 = Agenda(label=u'Bar Foo')
|
||||
agenda2.save()
|
||||
|
||||
app = login(app, username='manager', password='manager')
|
||||
resp = app.get('/manage/', status=200)
|
||||
|
@ -128,7 +128,21 @@ def test_view_agendas_as_manager(app, manager_user):
|
|||
assert 'Bar Foo' not in resp.body
|
||||
assert 'New' not in resp.body
|
||||
|
||||
app.get('/manage/agendas/%s/' % agenda.id, status=403)
|
||||
# check user doesn't have access
|
||||
app.get('/manage/agendas/%s/' % agenda2.id, status=403)
|
||||
|
||||
# check view gives access to the settings page for "events" agenda
|
||||
resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=200)
|
||||
# but there's no links to actions
|
||||
assert not '>New Event<' in resp.body
|
||||
assert not '>Options<' in resp.body
|
||||
app.get('/manage/agendas/%s/add-event' % agenda.id, status=403)
|
||||
app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
|
||||
|
||||
# check it doesn't give access for "meetings" agenda
|
||||
agenda.kind = 'meetings'
|
||||
agenda.save()
|
||||
resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
|
||||
|
||||
def test_add_agenda(app, admin_user):
|
||||
app = login(app)
|
||||
|
@ -176,9 +190,16 @@ def test_options_agenda_as_manager(app, manager_user):
|
|||
resp = app.get('/manage/', status=200)
|
||||
resp = resp.click('Foo bar')
|
||||
assert not 'Settings' in resp.body
|
||||
resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=200) # ok for "events" agendas
|
||||
resp = app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
|
||||
agenda.kind = 'meetings'
|
||||
agenda.save()
|
||||
resp = app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
|
||||
resp = app.get('/manage/agendas/%s/edit' % agenda.id, status=403)
|
||||
|
||||
agenda.kind = 'events'
|
||||
agenda.save()
|
||||
|
||||
agenda.edit_role = manager_user.groups.all()[0]
|
||||
agenda.save()
|
||||
|
||||
|
@ -282,7 +303,6 @@ def test_add_event_as_manager(app, manager_user):
|
|||
agenda.save()
|
||||
app = login(app, username='manager', password='manager')
|
||||
resp = app.get('/manage/agendas/%s/' % agenda.id, status=302)
|
||||
app.get('/manage/agendas/%s/settings' % agenda.id, status=403)
|
||||
app.get('/manage/agendas/%s/add-event' % agenda.id, status=403)
|
||||
|
||||
agenda.edit_role = manager_user.groups.all()[0]
|
||||
|
|
Loading…
Reference in New Issue