misc: fix log visibility for users with dispatched functions (#17672)
This commit is contained in:
parent
c754ac53bc
commit
1c687adc90
|
@ -3621,3 +3621,61 @@ def test_backoffice_logged_errors(pub):
|
|||
FormDef.wipe()
|
||||
resp = resp2.click('ZeroDivisionError')
|
||||
assert not 'href="http://example.net/backoffice/management/test/' in resp.body
|
||||
|
||||
def test_backoffice_private_status_and_history(pub):
|
||||
create_user(pub)
|
||||
create_environment(pub)
|
||||
formdef = FormDef.get_by_urlname('form-title')
|
||||
formdef.private_status_and_history = True
|
||||
formdef.store()
|
||||
form_class = FormDef.get_by_urlname('form-title').data_class()
|
||||
number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
|
||||
app = login(get_app(pub))
|
||||
resp = app.get('/backoffice/management/form-title/')
|
||||
assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 17
|
||||
|
||||
# click on a formdata
|
||||
resp = resp.click(href='%s/' % number31.id)
|
||||
assert (' with the number %s.' % number31.get_display_id()) in resp.body
|
||||
resp.forms[0]['comment'] = 'HELLO WORLD'
|
||||
resp = resp.forms[0].submit('button_accept')
|
||||
resp = resp.follow()
|
||||
assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
|
||||
assert 'HELLO WORLD' in resp.body
|
||||
|
||||
assert 'id="evolution-log"' in resp.body
|
||||
|
||||
def test_backoffice_private_status_and_history_with_assigned_function(pub):
|
||||
create_user(pub)
|
||||
create_environment(pub, set_receiver=False)
|
||||
|
||||
formdef = FormDef.get_by_urlname('form-title')
|
||||
formdef.private_status_and_history = True
|
||||
formdef.store()
|
||||
|
||||
form_class = FormDef.get_by_urlname('form-title').data_class()
|
||||
number31 = [x for x in form_class.select() if x.data['1'] == 'FOO BAR 30'][0]
|
||||
|
||||
app = login(get_app(pub))
|
||||
resp = app.get('/backoffice/management/form-title/', status=403)
|
||||
|
||||
# fake function assignment
|
||||
number31.workflow_roles = {'_receiver': '1'}
|
||||
number31.store()
|
||||
resp = app.get('/backoffice/management/form-title/', status=200)
|
||||
assert re.findall('<tbody.*\/tbody>', resp.body, re.DOTALL)[0].count('<tr') == 1
|
||||
|
||||
# click on a formdata
|
||||
resp = resp.click(href='%s/' % number31.id)
|
||||
assert (' with the number %s.' % number31.get_display_id()) in resp.body
|
||||
|
||||
# history is visible
|
||||
assert 'id="evolution-log"' in resp.body
|
||||
resp.forms[0]['comment'] = 'HELLO WORLD'
|
||||
resp = resp.forms[0].submit('button_accept')
|
||||
resp = resp.follow()
|
||||
assert FormDef.get_by_urlname('form-title').data_class().get(number31.id).status == 'wf-accepted'
|
||||
|
||||
# history is still visible
|
||||
assert 'HELLO WORLD' in resp.body
|
||||
assert 'id="evolution-log"' in resp.body
|
||||
|
|
|
@ -1217,6 +1217,8 @@ class FormDef(StorableObject):
|
|||
if not self.workflow_roles:
|
||||
self.workflow_roles = {}
|
||||
form_roles = [x for x in self.workflow_roles.values() if x]
|
||||
if formdata and formdata.workflow_roles:
|
||||
form_roles.extend([x for x in formdata.workflow_roles.values() if x])
|
||||
if user and self.private_status_and_history and not user_roles.intersection(form_roles):
|
||||
return False
|
||||
return self.is_user_allowed_read(user, formdata=formdata)
|
||||
|
|
Loading…
Reference in New Issue