misc: fix log visibility for users with dispatched functions (#17672)
This commit is contained in:
parent
c754ac53bc
commit
1c687adc90
|
@ -3621,3 +3621,61 @@ def test_backoffice_logged_errors(pub):
|
||||||
FormDef.wipe()
|
FormDef.wipe()
|
||||||
resp = resp2.click('ZeroDivisionError')
|
resp = resp2.click('ZeroDivisionError')
|
||||||
assert not 'href="http://example.net/backoffice/management/test/' in resp.body
|
assert not 'href="http://example.net/backoffice/management/test/' in resp.body
|
||||||
|
|
||||||
|
def test_backoffice_private_status_and_history(pub):
|
||||||
|
create_user(pub)
|
||||||
|
create_environment(pub)
|
||||||
|
formdef = FormDef.get_by_urlname('form-title')
|
||||||
|
formdef.private_status_and_history = True
|
||||||
|
formdef.store()
|
||||||
|
form_class = FormDef.get_by_urlname('form-title').data_class()
|
||||||
|
number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
|
||||||
|
app = login(get_app(pub))
|
||||||
|
resp = app.get('/backoffice/management/form-title/')
|
||||||
|
assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 17
|
||||||
|
|
||||||
|
# click on a formdata
|
||||||
|
resp = resp.click(href='%s/' % number31.id)
|
||||||
|
assert (' with the number %s.' % number31.get_display_id()) in resp.body
|
||||||
|
resp.forms[0]['comment'] = 'HELLO WORLD'
|
||||||
|
resp = resp.forms[0].submit('button_accept')
|
||||||
|
resp = resp.follow()
|
||||||
|
assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
|
||||||
|
assert 'HELLO WORLD' in resp.body
|
||||||
|
|
||||||
|
assert 'id="evolution-log"' in resp.body
|
||||||
|
|
||||||
|
def test_backoffice_private_status_and_history_with_assigned_function(pub):
|
||||||
|
create_user(pub)
|
||||||
|
create_environment(pub, set_receiver=False)
|
||||||
|
|
||||||
|
formdef = FormDef.get_by_urlname('form-title')
|
||||||
|
formdef.private_status_and_history = True
|
||||||
|
formdef.store()
|
||||||
|
|
||||||
|
form_class = FormDef.get_by_urlname('form-title').data_class()
|
||||||
|
number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
|
||||||
|
|
||||||
|
app = login(get_app(pub))
|
||||||
|
resp = app.get('/backoffice/management/form-title/', status=403)
|
||||||
|
|
||||||
|
# fake function assignment
|
||||||
|
number31.workflow_roles = {'_receiver': '1'}
|
||||||
|
number31.store()
|
||||||
|
resp = app.get('/backoffice/management/form-title/', status=200)
|
||||||
|
assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 1
|
||||||
|
|
||||||
|
# click on a formdata
|
||||||
|
resp = resp.click(href='%s/' % number31.id)
|
||||||
|
assert (' with the number %s.' % number31.get_display_id()) in resp.body
|
||||||
|
|
||||||
|
# history is visible
|
||||||
|
assert 'id="evolution-log"' in resp.body
|
||||||
|
resp.forms[0]['comment'] = 'HELLO WORLD'
|
||||||
|
resp = resp.forms[0].submit('button_accept')
|
||||||
|
resp = resp.follow()
|
||||||
|
assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
|
||||||
|
|
||||||
|
# history is still visible
|
||||||
|
assert 'HELLO WORLD' in resp.body
|
||||||
|
assert 'id="evolution-log"' in resp.body
|
||||||
|
|
|
@ -1217,6 +1217,8 @@ class FormDef(StorableObject):
|
||||||
if not self.workflow_roles:
|
if not self.workflow_roles:
|
||||||
self.workflow_roles = {}
|
self.workflow_roles = {}
|
||||||
form_roles = [x for x in self.workflow_roles.values() if x]
|
form_roles = [x for x in self.workflow_roles.values() if x]
|
||||||
|
if formdata and formdata.workflow_roles:
|
||||||
|
form_roles.extend([x for x in formdata.workflow_roles.values() if x])
|
||||||
if user and self.private_status_and_history and not user_roles.intersection(form_roles):
|
if user and self.private_status_and_history and not user_roles.intersection(form_roles):
|
||||||
return False
|
return False
|
||||||
return self.is_user_allowed_read(user, formdata=formdata)
|
return self.is_user_allowed_read(user, formdata=formdata)
|
||||||
|
|
Loading…
Reference in New Issue