misc: fix shown_because_admin has no role and cell.restricted_to_unlogged is True (#45846)

2020-08-12 15:16:30 +02:00 · 2020-08-12 15:16:30 +02:00 · 92e68e279a
parent afde19c1fe
commit 92e68e279a
2 changed files with 86 additions and 10 deletions
--- a/combo/public/templatetags/combo.py
+++ b/combo/public/templatetags/combo.py
@ -41,7 +41,7 @@ from django.utils.encoding import force_str
 from django.utils.timezone import is_naive, make_aware

 from combo.apps.dashboard.models import DashboardCell, Tile
-from combo.data.models import Page, Placeholder
+from combo.data.models import Page, Placeholder, element_is_visible
 from combo.public.menu import get_menu_context
 from combo.utils import NothingInCacheException, flatten_context
 from combo.utils.date import make_date, make_datetime
@ -312,14 +312,7 @@ def time(value, arg=None):

@register.filter
 def shown_because_admin(cell, request):
-    if not (request.user and request.user.is_superuser):
-        return False
-    if cell.public:
-        return False
-    cell_groups = cell.groups.all()
-    if not cell_groups:
-        return False
-    return not (set(cell_groups).intersection(request.user.groups.all()))
+    return not element_is_visible(cell, user=request.user, ignore_superuser=True)


@register.filter(name='has_role')
--- a/tests/test_cells.py
+++ b/tests/test_cells.py
@ -9,7 +9,7 @@ import pytest
 import requests
 from django.apps import apps
 from django.conf import settings
-from django.contrib.auth.models import User
+from django.contrib.auth.models import Group, User
 from django.db import connection
 from django.forms.widgets import Media
 from django.template.exceptions import TemplateDoesNotExist
@ -1690,3 +1690,86 @@ def test_cell_assets(settings, app, admin_user):
    resp = app.get('/manage/assets/')
    assert link_cell.get_slug_for_asset() == 'test_cell_assets'
    assert 'Picture — %s (test)' % link_cell.get_label_for_asset() in resp.text
+
+
+class TestCellVisibility:
+    @pytest.fixture
+    def group(self, db):
+        return Group.objects.create(name='Group')
+
+    @pytest.fixture(autouse=True)
+    def setup(self, db, group):
+        pg = Page.objects.create(title='Test', slug='test', template_name='standard')
+
+        order = 0
+
+        def make_cell(**kwargs):
+            nonlocal order
+            try:
+                return TextCell.objects.create(page=pg, placeholder='content', order=order, **kwargs)
+            finally:
+                order += 1
+
+        make_cell(text='<p>Always visible</p>')
+        make_cell(text='<p>Visible to unlogged only</p>', restricted_to_unlogged=True)
+        make_cell(text='<p>Visible to logged only</p>', public=False)
+        make_cell(text='<p>Visible only to members of group</p>', public=False).groups.add(group)
+        make_cell(
+            text='<p id="visible-to-non-members-of-group">Visible only to non-members of group</p>',
+            public=False,
+            restricted_to_unlogged=True,
+        ).groups.add(group)
+
+    def test_anonymous(self, app):
+        response = app.get('/test/')
+
+        assert 'Always visible' in response
+        assert 'Visible to unlogged only' in response
+        assert 'Visible to logged only' not in response
+        assert 'Visible only to members of group' not in response
+        assert 'Visible only to non-members of group' not in response
+        assert len(response.pyquery('.shown-because-admin')) == 0
+
+    def test_user(self, app):
+        User.objects.create(username='user')
+        response = app.get('/test/', user='user')
+
+        assert 'Always visible' in response
+        assert 'Visible to unlogged only' not in response
+        assert 'Visible to logged only' in response
+        assert 'Visible only to members of group' not in response
+        assert 'Visible only to non-members of group' in response
+        assert len(response.pyquery('.shown-because-admin')) == 0
+
+    def test_user_with_role(self, app, group):
+        User.objects.create(username='user').groups.add(group)
+        response = app.get('/test/', user='user')
+
+        assert 'Always visible' in response
+        assert 'Visible to unlogged only' not in response
+        assert 'Visible to logged only' in response
+        assert 'Visible only to members of group' in response
+        assert 'Visible only to non-members of group' not in response
+        assert len(response.pyquery('.shown-because-admin')) == 0
+
+    def test_superuser(self, app):
+        User.objects.create(username='superuser', is_superuser=True)
+        response = app.get('/test/', user='superuser')
+
+        assert 'Always visible' in response
+        assert 'Visible to unlogged only' not in response
+        assert 'Visible to logged only' in response
+        assert 'Visible only to members of group' in response
+        assert 'Visible only to non-members of group' in response
+        assert response.pyquery('.shown-because-admin').text() == 'Visible only to members of group'
+
+    def test_superuser_with_role(self, app, group):
+        User.objects.create(username='superuser', is_superuser=True).groups.add(group)
+        response = app.get('/test/', user='superuser')
+
+        assert 'Always visible' in response
+        assert 'Visible to unlogged only' not in response
+        assert 'Visible to logged only' in response
+        assert 'Visible only to members of group' in response
+        assert 'Visible only to non-members of group' in response
+        assert response.pyquery('.shown-because-admin').text() == 'Visible only to non-members of group'