agendas: fix permissions for agenda history views (#87751)
This commit is contained in:
parent
1b1bc13c82
commit
ecf0ffd96e
|
@ -4155,31 +4155,21 @@ class TimePeriodExceptionSourceRefreshView(ManagedTimePeriodExceptionMixin, Deta
|
|||
time_period_exception_source_refresh = TimePeriodExceptionSourceRefreshView.as_view()
|
||||
|
||||
|
||||
class AgendaHistoryView(InstanceWithSnapshotHistoryView):
|
||||
class AgendaHistoryView(ManagedAgendaMixin, InstanceWithSnapshotHistoryView):
|
||||
template_name = 'chrono/manager_agenda_history.html'
|
||||
model = AgendaSnapshot
|
||||
instance_context_key = 'agenda'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_staff:
|
||||
raise PermissionDenied()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
agenda_history = AgendaHistoryView.as_view()
|
||||
|
||||
|
||||
class AgendaHistoryCompareView(InstanceWithSnapshotHistoryCompareView):
|
||||
class AgendaHistoryCompareView(ManagedAgendaMixin, InstanceWithSnapshotHistoryCompareView):
|
||||
template_name = 'chrono/manager_agenda_history_compare.html'
|
||||
model = Agenda
|
||||
instance_context_key = 'agenda'
|
||||
history_view = 'chrono-manager-agenda-history'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_staff:
|
||||
raise PermissionDenied()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
agenda_history_compare = AgendaHistoryCompareView.as_view()
|
||||
|
||||
|
@ -4802,31 +4792,23 @@ class UnavailabilityCalendarImportUnavailabilitiesView(ManagedUnavailabilityCale
|
|||
unavailability_calendar_import_unavailabilities = UnavailabilityCalendarImportUnavailabilitiesView.as_view()
|
||||
|
||||
|
||||
class UnavailabilityCalendarHistoryView(InstanceWithSnapshotHistoryView):
|
||||
class UnavailabilityCalendarHistoryView(ManagedUnavailabilityCalendarMixin, InstanceWithSnapshotHistoryView):
|
||||
template_name = 'chrono/manager_unavailability_calendar_history.html'
|
||||
model = UnavailabilityCalendarSnapshot
|
||||
instance_context_key = 'unavailability_calendar'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_staff:
|
||||
raise PermissionDenied()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
unavailability_calendar_history = UnavailabilityCalendarHistoryView.as_view()
|
||||
|
||||
|
||||
class UnavailabilityCalendarHistoryCompareView(InstanceWithSnapshotHistoryCompareView):
|
||||
class UnavailabilityCalendarHistoryCompareView(
|
||||
ManagedUnavailabilityCalendarMixin, InstanceWithSnapshotHistoryCompareView
|
||||
):
|
||||
template_name = 'chrono/manager_unavailability_calendar_history_compare.html'
|
||||
model = UnavailabilityCalendar
|
||||
instance_context_key = 'unavailability_calendar'
|
||||
history_view = 'chrono-manager-unavailability-calendar-history'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_staff:
|
||||
raise PermissionDenied()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
|
||||
unavailability_calendar_history_compare = UnavailabilityCalendarHistoryCompareView.as_view()
|
||||
|
||||
|
|
|
@ -64,6 +64,32 @@ def test_agenda_history(settings, app, admin_user):
|
|||
assert resp.text.count('diff_chg') == 0
|
||||
|
||||
|
||||
def test_agenda_history_as_manager(app, manager_user):
|
||||
agenda = Agenda.objects.create(slug='foo', label='Foo')
|
||||
Desk.objects.create(agenda=agenda, slug='_exceptions_holder')
|
||||
snapshot1 = agenda.take_snapshot()
|
||||
snapshot2 = agenda.take_snapshot()
|
||||
|
||||
app = login(app, username='manager', password='manager')
|
||||
agenda.view_role = manager_user.groups.all()[0]
|
||||
agenda.save()
|
||||
app.get('/manage/agendas/%s/history/' % agenda.pk, status=403)
|
||||
app.get(
|
||||
'/manage/agendas/%s/history/compare/?version1=%s&version2=%s'
|
||||
% (agenda.pk, snapshot2.pk, snapshot1.pk),
|
||||
status=403,
|
||||
)
|
||||
|
||||
agenda.edit_role = manager_user.groups.all()[0]
|
||||
agenda.save()
|
||||
app.get('/manage/agendas/%s/history/' % agenda.pk, status=200)
|
||||
app.get(
|
||||
'/manage/agendas/%s/history/compare/?version1=%s&version2=%s'
|
||||
% (agenda.pk, snapshot2.pk, snapshot1.pk),
|
||||
status=200,
|
||||
)
|
||||
|
||||
|
||||
def test_category_history(settings, app, admin_user):
|
||||
category = Category.objects.create(slug='foo', label='Foo')
|
||||
snapshot1 = category.take_snapshot()
|
||||
|
@ -230,3 +256,28 @@ def test_unavailability_calendar_history(settings, app, admin_user):
|
|||
assert resp.text.count('diff_sub') == 0
|
||||
assert resp.text.count('diff_add') == 0
|
||||
assert resp.text.count('diff_chg') == 2
|
||||
|
||||
|
||||
def test_unavailability_calendar_history_as_manager(app, manager_user):
|
||||
unavailability_calendar = UnavailabilityCalendar.objects.create(slug='foo', label='Foo')
|
||||
snapshot1 = unavailability_calendar.take_snapshot()
|
||||
snapshot2 = unavailability_calendar.take_snapshot()
|
||||
|
||||
app = login(app, username='manager', password='manager')
|
||||
unavailability_calendar.view_role = manager_user.groups.all()[0]
|
||||
unavailability_calendar.save()
|
||||
app.get('/manage/unavailability-calendar/%s/history/' % unavailability_calendar.pk, status=403)
|
||||
app.get(
|
||||
'/manage/unavailability-calendar/%s/history/compare/?version1=%s&version2=%s'
|
||||
% (unavailability_calendar.pk, snapshot2.pk, snapshot1.pk),
|
||||
status=403,
|
||||
)
|
||||
|
||||
unavailability_calendar.edit_role = manager_user.groups.all()[0]
|
||||
unavailability_calendar.save()
|
||||
app.get('/manage/unavailability-calendar/%s/history/' % unavailability_calendar.pk, status=200)
|
||||
app.get(
|
||||
'/manage/unavailability-calendar/%s/history/compare/?version1=%s&version2=%s'
|
||||
% (unavailability_calendar.pk, snapshot2.pk, snapshot1.pk),
|
||||
status=200,
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue