misc: remove options about read access (#7946)
This commit is contained in:
parent
6da1ab4f20
commit
f93cc0a90e
|
@ -1,146 +0,0 @@
|
|||
import sys
|
||||
import shutil
|
||||
|
||||
from quixote import cleanup
|
||||
from wcs.qommon.http_request import HTTPRequest
|
||||
from wcs import formdef
|
||||
from wcs.formdef import FormDef
|
||||
|
||||
from utilities import create_temporary_pub
|
||||
|
||||
users = {}
|
||||
|
||||
def setup_module(module):
|
||||
cleanup()
|
||||
|
||||
global users
|
||||
global pub
|
||||
|
||||
pub = create_temporary_pub()
|
||||
|
||||
req = HTTPRequest(None, {})
|
||||
pub._set_request(req)
|
||||
|
||||
user = pub.user_class(name='user')
|
||||
user.id = 'user'
|
||||
users[user.id] = user
|
||||
|
||||
user = pub.user_class(name='user-one-role')
|
||||
user.id = 'user-one-role'
|
||||
user.roles = ['role-1']
|
||||
users[user.id] = user
|
||||
|
||||
user = pub.user_class(name='user-same-role')
|
||||
user.id = 'user-same-role'
|
||||
user.roles = ['role-1']
|
||||
users[user.id] = user
|
||||
|
||||
user = pub.user_class(name='user-other-role')
|
||||
user.id = 'user-other-role'
|
||||
user.roles = ['role-2']
|
||||
users[user.id] = user
|
||||
|
||||
user = pub.user_class(name='user-admin')
|
||||
user.id = 'user-admin'
|
||||
user.is_admin = True
|
||||
users[user.id] = user
|
||||
|
||||
|
||||
def teardown_module(module):
|
||||
shutil.rmtree(pub.APP_DIR)
|
||||
|
||||
|
||||
def create_objects():
|
||||
formdef = FormDef()
|
||||
formdef.url_name = 'foobar'
|
||||
formdef.workflow_roles = {}
|
||||
formdata = formdef.data_class()()
|
||||
formdata._formdef = formdef
|
||||
formdata.status = 'wf-new'
|
||||
return formdef, formdata
|
||||
|
||||
|
||||
def check_acl(formdata, access_user_id):
|
||||
return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata)
|
||||
|
||||
|
||||
def test_acl_all():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'all'
|
||||
|
||||
assert check_acl(formdata, None)
|
||||
assert check_acl(formdata, 'user')
|
||||
|
||||
|
||||
def test_acl_owner():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'owner'
|
||||
formdata.user_id = 'user'
|
||||
|
||||
assert not check_acl(formdata, None)
|
||||
assert check_acl(formdata, 'user')
|
||||
assert not check_acl(formdata, 'user-one-role')
|
||||
assert check_acl(formdata, 'user-admin')
|
||||
|
||||
formdata.user_id = 'user-one-role'
|
||||
assert not check_acl(formdata, 'user')
|
||||
|
||||
|
||||
def test_acl_roles_basics():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'roles'
|
||||
formdef.user_id = 'user-one-role'
|
||||
formdef.roles = ['role-1']
|
||||
|
||||
assert not check_acl(formdata, None)
|
||||
assert not check_acl(formdata, 'user')
|
||||
assert check_acl(formdata, 'user-admin')
|
||||
|
||||
|
||||
def test_acl_roles_submitter_role():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'roles'
|
||||
formdef.user_id = 'user-one-role'
|
||||
formdef.roles = ['role-1']
|
||||
|
||||
assert check_acl(formdata, 'user-one-role')
|
||||
assert check_acl(formdata, 'user-same-role')
|
||||
assert not check_acl(formdata, 'user-other-role')
|
||||
|
||||
|
||||
def test_acl_roles_receiver_role():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'roles'
|
||||
formdef.user_id = 'user-one-role'
|
||||
formdef.workflow_roles['_receiver'] = 'role-1'
|
||||
|
||||
assert check_acl(formdata, 'user-one-role')
|
||||
assert check_acl(formdata, 'user-same-role')
|
||||
assert not check_acl(formdata, 'user-other-role')
|
||||
|
||||
|
||||
def test_acl_none_basics():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'none'
|
||||
formdef.user_id = 'user'
|
||||
formdef.workflow_roles['_receiver'] = 'role-1'
|
||||
|
||||
assert not check_acl(formdata, None)
|
||||
assert not check_acl(formdata, 'user')
|
||||
assert check_acl(formdata, 'user-admin')
|
||||
assert check_acl(formdata, 'user-one-role')
|
||||
assert not check_acl(formdata, 'user-other-role')
|
||||
|
||||
|
||||
def test_acl_none_finished():
|
||||
formdef, formdata = create_objects()
|
||||
formdef.acl_read = 'none'
|
||||
formdef.user_id = 'user'
|
||||
formdef.workflow_roles['_receiver'] = 'role-1'
|
||||
formdata.status = 'wf-finished'
|
||||
|
||||
assert not check_acl(formdata, None)
|
||||
assert not check_acl(formdata, 'user')
|
||||
assert check_acl(formdata, 'user-admin')
|
||||
assert check_acl(formdata, 'user-one-role')
|
||||
assert not check_acl(formdata, 'user-other-role')
|
|
@ -520,27 +520,6 @@ def test_form_workflow_variables():
|
|||
resp = resp.forms[0].submit('cancel')
|
||||
assert resp.location == 'http://example.net/backoffice/forms/1/'
|
||||
|
||||
def test_form_acl_read():
|
||||
create_superuser()
|
||||
create_role()
|
||||
|
||||
FormDef.wipe()
|
||||
formdef = FormDef()
|
||||
formdef.name = 'form title'
|
||||
formdef.fields = []
|
||||
formdef.store()
|
||||
|
||||
app = login(get_app(pub))
|
||||
resp = app.get('/backoffice/forms/1/')
|
||||
resp = resp.click(href='acl-read')
|
||||
resp = resp.forms[0].submit('cancel')
|
||||
|
||||
resp = app.get('/backoffice/forms/1/')
|
||||
resp = resp.click(href='acl-read')
|
||||
resp.forms[0]['acl_read'] = 'Everybody'
|
||||
resp = resp.forms[0].submit('submit')
|
||||
assert FormDef.get(1).acl_read == 'all'
|
||||
|
||||
def test_form_roles():
|
||||
create_superuser()
|
||||
role = create_role()
|
||||
|
|
|
@ -91,7 +91,7 @@ class FormDefUI(object):
|
|||
form.get_widget('name').set_error(_('This name is already used'))
|
||||
raise ValueError()
|
||||
|
||||
for f in ('name', 'confirmation', 'acl_read',
|
||||
for f in ('name', 'confirmation',
|
||||
'only_allow_one', 'category_id', 'disabled',
|
||||
'enable_tracking_codes', 'workflow_id', 'private_status_and_history',
|
||||
'disabled_redirection', 'always_advertise',
|
||||
|
@ -288,7 +288,7 @@ class FormDefPage(Directory):
|
|||
'role', ('workflow-options', 'workflow_options'),
|
||||
('workflow-variables', 'workflow_variables'),
|
||||
('workflow-status-remapping', 'workflow_status_remapping'),
|
||||
'roles', 'title', 'options', ('acl-read', 'acl_read'),
|
||||
'roles', 'title', 'options',
|
||||
'overwrite', 'qrcode', 'information',
|
||||
('public-url', 'public_url'),
|
||||
('backoffice-submission-roles', 'backoffice_submission_roles'),]
|
||||
|
@ -406,11 +406,6 @@ class FormDefPage(Directory):
|
|||
_('Backoffice Submission Role'),
|
||||
self._get_roles_label('backoffice_submission_roles'))
|
||||
|
||||
r += add_option_line('acl-read', _('Read Access'),
|
||||
{'none': _('None'),
|
||||
'owner': _('Owner'),
|
||||
'roles': _('Roles'),
|
||||
'all': _('Everybody')}.get(self.formdef.acl_read, 'none'))
|
||||
r += htmltext('</ul>')
|
||||
r += htmltext('</div>')
|
||||
r += htmltext('</div>')
|
||||
|
@ -636,33 +631,6 @@ class FormDefPage(Directory):
|
|||
r += form.render()
|
||||
return r.getvalue()
|
||||
|
||||
def acl_read(self):
|
||||
form = Form(enctype='multipart/form-data')
|
||||
form.add(SingleSelectWidget, 'acl_read', title=_('Read Access'),
|
||||
options=[
|
||||
(str('none'), _('None')),
|
||||
(str('owner'), _('Owner')),
|
||||
(str('roles'), _('Roles')),
|
||||
(str('all'), _('Everybody'))],
|
||||
value=self.formdef.acl_read)
|
||||
form.add_submit('submit', _('Submit'))
|
||||
form.add_submit('cancel', _('Cancel'))
|
||||
if form.get_widget('cancel').parse():
|
||||
return redirect('.')
|
||||
|
||||
if form.is_submitted() and not form.has_errors():
|
||||
self.formdef.acl_read = form.get_widget('acl_read').parse()
|
||||
self.formdef.store()
|
||||
return redirect('.')
|
||||
|
||||
get_response().breadcrumb.append( ('acl-read', _('Read Access')) )
|
||||
self.html_top(title=self.formdef.name)
|
||||
r = TemplateIO(html=True)
|
||||
r += htmltext('<h2>%s</h2>') % _('Roles')
|
||||
r += htmltext('<p>%s</p>') % _('Select who is granted a read access.')
|
||||
r += form.render()
|
||||
return r.getvalue()
|
||||
|
||||
def workflow(self):
|
||||
form = Form(enctype='multipart/form-data')
|
||||
workflows = get_workflows(condition=lambda x: x.possible_status)
|
||||
|
|
|
@ -71,7 +71,7 @@ class ManagementDirectory(Directory):
|
|||
pending_forms.extend(formdef_data_class.get_ids_with_indexed_value(
|
||||
'status', status))
|
||||
|
||||
if formdef.acl_read != 'all' and pending_forms:
|
||||
if pending_forms:
|
||||
concerned_ids = set()
|
||||
formdata_class = formdef.data_class()
|
||||
user_roles = set(user.roles or [])
|
||||
|
|
|
@ -80,7 +80,6 @@ class FormDef(StorableObject):
|
|||
expiration_date = None
|
||||
has_captcha = False
|
||||
|
||||
acl_read = 'owner' # one of ('none', 'owner', 'roles', 'all')
|
||||
private_status_and_history = False
|
||||
|
||||
last_modification_time = None
|
||||
|
@ -142,8 +141,6 @@ class FormDef(StorableObject):
|
|||
self.fields = [x.real_field for x in self.fields]
|
||||
|
||||
if self.__dict__.has_key('public'):
|
||||
if self.__dict__.get('public'):
|
||||
self.acl_read = 'all'
|
||||
del self.__dict__['public']
|
||||
changed = True
|
||||
|
||||
|
@ -876,10 +873,8 @@ class FormDef(StorableObject):
|
|||
return False
|
||||
|
||||
def is_user_allowed_read(self, user, formdata=None):
|
||||
if self.acl_read == 'all':
|
||||
return True
|
||||
if not user:
|
||||
if self.acl_read == 'owner' and formdata and get_session() and \
|
||||
if formdata and get_session() and \
|
||||
get_session().is_anonymous_submitter(formdata):
|
||||
return True
|
||||
return False
|
||||
|
@ -899,25 +894,11 @@ class FormDef(StorableObject):
|
|||
|
||||
user_roles = ensure_role_are_strings(user_roles)
|
||||
|
||||
if self.acl_read == 'roles':
|
||||
form_roles = (self.roles or [])
|
||||
if formdata:
|
||||
from wcs.workflows import get_role_translation
|
||||
form_roles.extend([get_role_translation(formdata, x)
|
||||
for x in self.workflow_roles.keys() if x])
|
||||
form_roles = ensure_role_are_strings(form_roles)
|
||||
if user_roles.intersection(form_roles):
|
||||
if formdata and formdata.is_submitter(user):
|
||||
return True
|
||||
if self.is_of_concern_for_user(user):
|
||||
if not formdata:
|
||||
return True
|
||||
elif self.acl_read == 'owner':
|
||||
if formdata and formdata.is_submitter(user):
|
||||
return True
|
||||
if self.is_of_concern_for_user(user):
|
||||
if not formdata:
|
||||
return True
|
||||
elif self.acl_read == 'none':
|
||||
# no special permission for anybody, but the form will be viewable
|
||||
# to users with a workflow action available.
|
||||
pass
|
||||
|
||||
if formdata:
|
||||
# current status
|
||||
|
|
|
@ -158,12 +158,10 @@ class FormDefUI(object):
|
|||
select_ids = [x.id for x in formdata_class.select(clause=criterias)]
|
||||
item_ids = list(set(item_ids).intersection(select_ids))
|
||||
|
||||
if self.formdef.acl_read != 'all' and item_ids:
|
||||
# if the formdef has some ACL defined, we don't go the full way of
|
||||
# supporting all the cases but assume that as we are in the
|
||||
# backoffice, we don't have to care about the situation where the
|
||||
# user is the submitter, and may limit ourselves to consider
|
||||
# treating roles.
|
||||
if item_ids:
|
||||
# as we are in the backoffice, we don't have to care about the
|
||||
# situation where the user is the submitter, and we limit ourselves
|
||||
# to consider treating roles.
|
||||
user = user or get_request().user
|
||||
if not user.is_admin:
|
||||
user_roles = set(user.roles or [])
|
||||
|
|
|
@ -864,8 +864,7 @@ class FormPage(Directory):
|
|||
|
||||
def tempfile(self):
|
||||
self.check_role()
|
||||
if not self.formdef.acl_read == 'all' and (
|
||||
self.user and not self.user.id == get_session().user):
|
||||
if self.user and not self.user.id == get_session().user:
|
||||
self.check_receiver()
|
||||
try:
|
||||
t = get_request().form['t']
|
||||
|
@ -1207,9 +1206,6 @@ class RootDirectory(AccessControlled, Directory):
|
|||
r += htmltext('<li><a class="%s" href="%s%s/">%s</a>') % (
|
||||
' '.join(classes), url_prefix, formdef.url_name, formdef.name)
|
||||
|
||||
if formdef.acl_read == 'all':
|
||||
r += htmltext(' <a class="listing" href="%s%s/listing">%s</a>') % (
|
||||
url_prefix, formdef.url_name, _('(listing)'))
|
||||
if formdef.description:
|
||||
r += htmltext('<div class="description">%s</div>' % formdef.description)
|
||||
r += htmltext('</li>')
|
||||
|
|
Loading…
Reference in New Issue