misc: remove options about read access (#7946)

2015-08-30 14:03:35 +02:00 · 2015-08-30 14:03:35 +02:00 · f93cc0a90e
parent 6da1ab4f20
commit f93cc0a90e
7 changed files with 13 additions and 237 deletions
--- a/tests/test_acl_read.py
+++ b/tests/test_acl_read.py
@ -1,146 +0,0 @@
-import sys
-import shutil
-
-from quixote import cleanup
-from wcs.qommon.http_request import HTTPRequest
-from wcs import formdef
-from wcs.formdef import FormDef
-
-from utilities import create_temporary_pub
-
-users = {}
-
-def setup_module(module):
-    cleanup()
-
-    global users
-    global pub
-
-    pub = create_temporary_pub()
-
-    req = HTTPRequest(None, {})
-    pub._set_request(req)
-
-    user = pub.user_class(name='user')
-    user.id = 'user'
-    users[user.id] = user
-
-    user = pub.user_class(name='user-one-role')
-    user.id = 'user-one-role'
-    user.roles = ['role-1']
-    users[user.id] = user
-
-    user = pub.user_class(name='user-same-role')
-    user.id = 'user-same-role'
-    user.roles = ['role-1']
-    users[user.id] = user
-
-    user = pub.user_class(name='user-other-role')
-    user.id = 'user-other-role'
-    user.roles = ['role-2']
-    users[user.id] = user
-
-    user = pub.user_class(name='user-admin')
-    user.id = 'user-admin'
-    user.is_admin = True
-    users[user.id] = user
-
-
-def teardown_module(module):
-    shutil.rmtree(pub.APP_DIR)
-
-
-def create_objects():
-    formdef = FormDef()
-    formdef.url_name = 'foobar'
-    formdef.workflow_roles = {}
-    formdata = formdef.data_class()()
-    formdata._formdef = formdef
-    formdata.status = 'wf-new'
-    return formdef, formdata
-
-
-def check_acl(formdata, access_user_id):
-    return formdata.formdef.is_user_allowed_read(users.get(access_user_id), formdata)
-
-
-def test_acl_all():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'all'
-
-    assert check_acl(formdata, None)
-    assert check_acl(formdata, 'user')
-
-
-def test_acl_owner():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'owner'
-    formdata.user_id = 'user'
-
-    assert not check_acl(formdata, None)
-    assert check_acl(formdata, 'user')
-    assert not check_acl(formdata, 'user-one-role')
-    assert check_acl(formdata, 'user-admin')
-
-    formdata.user_id = 'user-one-role'
-    assert not check_acl(formdata, 'user')
-
-
-def test_acl_roles_basics():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'roles'
-    formdef.user_id = 'user-one-role'
-    formdef.roles = ['role-1']
-
-    assert not check_acl(formdata, None)
-    assert not check_acl(formdata, 'user')
-    assert check_acl(formdata, 'user-admin')
-
-
-def test_acl_roles_submitter_role():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'roles'
-    formdef.user_id = 'user-one-role'
-    formdef.roles = ['role-1']
-
-    assert check_acl(formdata, 'user-one-role')
-    assert check_acl(formdata, 'user-same-role')
-    assert not check_acl(formdata, 'user-other-role')
-
-
-def test_acl_roles_receiver_role():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'roles'
-    formdef.user_id = 'user-one-role'
-    formdef.workflow_roles['_receiver'] = 'role-1'
-
-    assert check_acl(formdata, 'user-one-role')
-    assert check_acl(formdata, 'user-same-role')
-    assert not check_acl(formdata, 'user-other-role')
-
-
-def test_acl_none_basics():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'none'
-    formdef.user_id = 'user'
-    formdef.workflow_roles['_receiver'] = 'role-1'
-
-    assert not check_acl(formdata, None)
-    assert not check_acl(formdata, 'user')
-    assert check_acl(formdata, 'user-admin')
-    assert check_acl(formdata, 'user-one-role')
-    assert not check_acl(formdata, 'user-other-role')
-
-
-def test_acl_none_finished():
-    formdef, formdata = create_objects()
-    formdef.acl_read = 'none'
-    formdef.user_id = 'user'
-    formdef.workflow_roles['_receiver'] = 'role-1'
-    formdata.status = 'wf-finished'
-
-    assert not check_acl(formdata, None)
-    assert not check_acl(formdata, 'user')
-    assert check_acl(formdata, 'user-admin')
-    assert check_acl(formdata, 'user-one-role')
-    assert not check_acl(formdata, 'user-other-role')
--- a/tests/test_admin_pages.py
+++ b/tests/test_admin_pages.py
@ -520,27 +520,6 @@ def test_form_workflow_variables():
    resp = resp.forms[0].submit('cancel')
    assert resp.location == 'http://example.net/backoffice/forms/1/'

-def test_form_acl_read():
-    create_superuser()
-    create_role()
-
-    FormDef.wipe()
-    formdef = FormDef()
-    formdef.name = 'form title'
-    formdef.fields = []
-    formdef.store()
-
-    app = login(get_app(pub))
-    resp = app.get('/backoffice/forms/1/')
-    resp = resp.click(href='acl-read')
-    resp = resp.forms[0].submit('cancel')
-
-    resp = app.get('/backoffice/forms/1/')
-    resp = resp.click(href='acl-read')
-    resp.forms[0]['acl_read'] = 'Everybody'
-    resp = resp.forms[0].submit('submit')
-    assert FormDef.get(1).acl_read == 'all'
-
 def test_form_roles():
    create_superuser()
    role = create_role()
--- a/wcs/admin/forms.py
+++ b/wcs/admin/forms.py
@ -91,7 +91,7 @@ class FormDefUI(object):
            form.get_widget('name').set_error(_('This name is already used'))
            raise ValueError()

-        for f in ('name', 'confirmation', 'acl_read',
+        for f in ('name', 'confirmation',
                    'only_allow_one', 'category_id', 'disabled',
                    'enable_tracking_codes', 'workflow_id', 'private_status_and_history',
                    'disabled_redirection', 'always_advertise',
@ -288,7 +288,7 @@ class FormDefPage(Directory):
                  'role', ('workflow-options', 'workflow_options'),
                  ('workflow-variables', 'workflow_variables'),
                  ('workflow-status-remapping', 'workflow_status_remapping'),
-                  'roles', 'title', 'options', ('acl-read', 'acl_read'),
+                  'roles', 'title', 'options',
                  'overwrite', 'qrcode', 'information',
                  ('public-url', 'public_url'),
                  ('backoffice-submission-roles', 'backoffice_submission_roles'),]
@ -406,11 +406,6 @@ class FormDefPage(Directory):
                _('Backoffice Submission Role'),
                self._get_roles_label('backoffice_submission_roles'))

-        r += add_option_line('acl-read', _('Read Access'),
-                {'none': _('None'),
-                 'owner': _('Owner'),
-                 'roles': _('Roles'),
-                 'all': _('Everybody')}.get(self.formdef.acl_read, 'none'))
        r += htmltext('</ul>')
        r += htmltext('</div>')
        r += htmltext('</div>')
@ -636,33 +631,6 @@ class FormDefPage(Directory):
        r += form.render()
        return r.getvalue()

-    def acl_read(self):
-        form = Form(enctype='multipart/form-data')
-        form.add(SingleSelectWidget, 'acl_read', title=_('Read Access'),
-                options=[
-                    (str('none'), _('None')),
-                    (str('owner'), _('Owner')),
-                    (str('roles'), _('Roles')),
-                    (str('all'), _('Everybody'))],
-                value=self.formdef.acl_read)
-        form.add_submit('submit', _('Submit'))
-        form.add_submit('cancel', _('Cancel'))
-        if form.get_widget('cancel').parse():
-            return redirect('.')
-
-        if form.is_submitted() and not form.has_errors():
-            self.formdef.acl_read = form.get_widget('acl_read').parse()
-            self.formdef.store()
-            return redirect('.')
-
-        get_response().breadcrumb.append( ('acl-read', _('Read Access')) )
-        self.html_top(title=self.formdef.name)
-        r = TemplateIO(html=True)
-        r += htmltext('<h2>%s</h2>') % _('Roles')
-        r += htmltext('<p>%s</p>') % _('Select who is granted a read access.')
-        r += form.render()
-        return r.getvalue()
-
    def workflow(self):
        form = Form(enctype='multipart/form-data')
        workflows = get_workflows(condition=lambda x: x.possible_status)
--- a/wcs/backoffice/management.py
+++ b/wcs/backoffice/management.py
@ -71,7 +71,7 @@ class ManagementDirectory(Directory):
                pending_forms.extend(formdef_data_class.get_ids_with_indexed_value(
                                        'status', status))

-            if formdef.acl_read != 'all' and pending_forms:
+            if pending_forms:
                concerned_ids = set()
                formdata_class = formdef.data_class()
                user_roles = set(user.roles or [])
--- a/wcs/formdef.py
+++ b/wcs/formdef.py
@ -80,7 +80,6 @@ class FormDef(StorableObject):
    expiration_date = None
    has_captcha = False

-    acl_read = 'owner'  # one of ('none', 'owner', 'roles', 'all')
    private_status_and_history = False

    last_modification_time = None
@ -142,8 +141,6 @@ class FormDef(StorableObject):
            self.fields = [x.real_field for x in self.fields]

        if self.__dict__.has_key('public'):
-            if self.__dict__.get('public'):
-                self.acl_read = 'all'
            del self.__dict__['public']
            changed = True

@ -876,10 +873,8 @@ class FormDef(StorableObject):
        return False

    def is_user_allowed_read(self, user, formdata=None):
-        if self.acl_read == 'all':
-            return True
        if not user:
-            if self.acl_read == 'owner' and formdata and get_session() and \
+            if formdata and get_session() and \
                    get_session().is_anonymous_submitter(formdata):
                return True
            return False
@ -899,25 +894,11 @@ class FormDef(StorableObject):

        user_roles = ensure_role_are_strings(user_roles)

-        if self.acl_read == 'roles':
-            form_roles = (self.roles or [])
-            if formdata:
-                from wcs.workflows import get_role_translation
-                form_roles.extend([get_role_translation(formdata, x)
-                                   for x in self.workflow_roles.keys() if x])
-            form_roles = ensure_role_are_strings(form_roles)
-            if user_roles.intersection(form_roles):
+        if formdata and formdata.is_submitter(user):
+            return True
+        if self.is_of_concern_for_user(user):
+            if not formdata:
                return True
-        elif self.acl_read == 'owner':
-            if formdata and formdata.is_submitter(user):
-                return True
-            if self.is_of_concern_for_user(user):
-                if not formdata:
-                    return True
-        elif self.acl_read == 'none':
-            # no special permission for anybody, but the form will be viewable
-            # to users with a workflow action available.
-            pass

        if formdata:
            # current status
--- a/wcs/forms/backoffice.py
+++ b/wcs/forms/backoffice.py
@ -158,12 +158,10 @@ class FormDefUI(object):
            select_ids = [x.id for x in formdata_class.select(clause=criterias)]
            item_ids = list(set(item_ids).intersection(select_ids))

-        if self.formdef.acl_read != 'all' and item_ids:
-            # if the formdef has some ACL defined, we don't go the full way of
-            # supporting all the cases but assume that as we are in the
-            # backoffice, we don't have to care about the situation where the
-            # user is the submitter, and may limit ourselves to consider
-            # treating roles.
+        if item_ids:
+            # as we are in the backoffice, we don't have to care about the
+            # situation where the user is the submitter, and we limit ourselves
+            # to consider treating roles.
            user = user or get_request().user
            if not user.is_admin:
                user_roles = set(user.roles or [])
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@ -864,8 +864,7 @@ class FormPage(Directory):

    def tempfile(self):
        self.check_role()
-        if not self.formdef.acl_read == 'all' and (
-                self.user and not self.user.id == get_session().user):
+        if self.user and not self.user.id == get_session().user:
            self.check_receiver()
        try:
            t = get_request().form['t']
@ -1207,9 +1206,6 @@ class RootDirectory(AccessControlled, Directory):
                r += htmltext('<li><a class="%s" href="%s%s/">%s</a>') % (
                        ' '.join(classes), url_prefix, formdef.url_name, formdef.name)

-            if formdef.acl_read == 'all':
-                r += htmltext(' <a class="listing" href="%s%s/listing">%s</a>') % (
-                        url_prefix, formdef.url_name, _('(listing)'))
            if formdef.description:
                r += htmltext('<div class="description">%s</div>' % formdef.description)
            r += htmltext('</li>')