misc: always hide status in front (#37517)

2019-11-07 11:22:40 +01:00 · 2019-11-07 11:22:40 +01:00 · fc73508917
parent 5749ec05bf
commit fc73508917
3 changed files with 19 additions and 10 deletions
--- a/tests/test_form_pages.py
+++ b/tests/test_form_pages.py
@ -3727,7 +3727,6 @@ def test_formdata_generated_document_in_private_history(pub):
    wf = Workflow(name='status')
    st0 = wf.add_status('Status0', 'st0')
    st1 = wf.add_status('Status1', 'st1')
-    st1.visibility = ['_receiver']
    export_to = ExportToModel()
    export_to.label = 'create doc'
    upload = QuixoteUpload('/foo/test.rtf', content_type='application/rtf')
@ -3783,21 +3782,22 @@ def test_formdata_generated_document_in_private_history(pub):
    resp = resp.form.submit('button_export_to')
    resp = resp.follow()
    assert 'Form exported in a model' in resp.body
-    assert 'visibility-off' in resp.body

    resp = resp.form.submit('button_jump2')
    resp = resp.follow()

+    # limit visibility of status with document
+    st1.visibility = ['_receiver']
+    wf.store()

-    # change formdef receiver so the hidden status should not longer be visible
-    role2 = Role(name='yyy')
-    role2.store()
-    formdef.workflow_roles = {'_receiver': role2.id}
-    formdef.store()
-
-    resp = login(get_app(pub), username='foo', password='foo').get(resp.request.url)
+    formdata = formdef.data_class().select()[0]
+    resp = login(get_app(pub), username='foo', password='foo').get(formdata.get_url())
    assert not 'Form exported in a model' in resp.body
-    assert 'visibility-off' not in resp.body
+
+    # check status is visible in backoffice
+    resp = login(get_app(pub), username='foo', password='foo').get(formdata.get_url(backoffice=True))
+    assert 'visibility-off' in resp.body
+    assert 'Form exported in a model' in resp.body

 def test_formdata_form_file_download(pub):
    create_user(pub)
--- a/wcs/qommon/http_request.py
+++ b/wcs/qommon/http_request.py
@ -175,6 +175,12 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
    def is_in_backoffice(self):
        return self.get_path().startswith('/backoffice/')

+    def is_api_url(self):
+        return self.get_path().startswith('/api/')
+
+    def is_in_frontoffice(self):
+        return not (self.is_in_backoffice() or self.is_api_url())
+
    @property
    def META(self):
        return self.environ
--- a/wcs/workflows.py
+++ b/wcs/workflows.py
@ -1553,6 +1553,9 @@ class WorkflowStatus(object):
    def is_visible(self, formdata, user):
        if not self.visibility: # no restriction -> visible
            return True
+        if get_request() and get_request().is_in_frontoffice():
+            # always hide in front
+            return False
        if user and user.is_admin:
            return True