backoffice: do not allow agents to define default custom views (#77192) #314
|
@ -669,7 +669,7 @@ def test_backoffice_custom_view_is_default(pub):
|
|||
formdef.workflow_roles = {'_receiver': 1}
|
||||
formdef.store()
|
||||
|
||||
# private custom view
|
||||
# private custom view (agent)
|
||||
agent = pub.user_class(name='agent')
|
||||
agent.roles = [formdef.workflow_roles['_receiver']]
|
||||
agent.store()
|
||||
|
@ -681,10 +681,10 @@ def test_backoffice_custom_view_is_default(pub):
|
|||
resp = app.get('/backoffice/management/form-title/')
|
||||
resp = resp.forms['listing-settings'].submit()
|
||||
resp.forms['save-custom-view']['title'] = 'view 1'
|
||||
resp.forms['save-custom-view']['is_default'] = True
|
||||
assert 'is_default' not in resp.forms['save-custom-view'].fields
|
||||
resp = resp.forms['save-custom-view'].submit()
|
||||
|
||||
# other private custom view
|
||||
# other private custom view (admin)
|
||||
app = login(get_app(pub))
|
||||
resp = app.get('/backoffice/management/form-title/')
|
||||
resp = resp.forms['listing-settings'].submit()
|
||||
|
@ -702,7 +702,7 @@ def test_backoffice_custom_view_is_default(pub):
|
|||
resp = resp.forms['save-custom-view'].submit()
|
||||
|
||||
assert pub.custom_view_class.count() == 3
|
||||
assert pub.custom_view_class.get(1).is_default is True # simple user - private
|
||||
assert pub.custom_view_class.get(1).is_default is False # simple user - private
|
||||
assert pub.custom_view_class.get(2).is_default is True # super user - private
|
||||
assert pub.custom_view_class.get(3).is_default is True # super user - shared
|
||||
|
||||
|
@ -714,7 +714,7 @@ def test_backoffice_custom_view_is_default(pub):
|
|||
resp.forms['save-custom-view']['is_default'] = True
|
||||
resp = resp.forms['save-custom-view'].submit()
|
||||
assert pub.custom_view_class.count() == 4
|
||||
assert pub.custom_view_class.get(1).is_default is True # simple user - private
|
||||
assert pub.custom_view_class.get(1).is_default is False # simple user - private
|
||||
assert pub.custom_view_class.get(2).is_default is False # super user - private
|
||||
assert pub.custom_view_class.get(3).is_default is True # super user - shared
|
||||
assert pub.custom_view_class.get(4).is_default is True # super user - private 2
|
||||
|
@ -727,7 +727,7 @@ def test_backoffice_custom_view_is_default(pub):
|
|||
resp.forms['save-custom-view']['is_default'] = True
|
||||
resp = resp.forms['save-custom-view'].submit()
|
||||
assert pub.custom_view_class.count() == 5
|
||||
assert pub.custom_view_class.get(1).is_default is True # simple user - private
|
||||
assert pub.custom_view_class.get(1).is_default is False # simple user - private
|
||||
assert pub.custom_view_class.get(2).is_default is False # super user - private
|
||||
assert pub.custom_view_class.get(3).is_default is False # super user - shared
|
||||
assert pub.custom_view_class.get(4).is_default is True # super user - private 2
|
||||
|
|
|
@ -1489,7 +1489,7 @@ class FormPage(FormdefDirectoryBase):
|
|||
required=True,
|
||||
value=self.view.title if self.view else None,
|
||||
)
|
||||
if get_publisher().get_backoffice_root().is_accessible(self.admin_permission):
|
||||
if self.formdef.has_admin_access(get_request().user):
|
||||
# admins can create views accessible to everyone
|
||||
options = [
|
||||
('owner', _('to me only'), 'owner'),
|
||||
|
@ -1534,16 +1534,8 @@ class FormPage(FormdefDirectoryBase):
|
|||
'data-dynamic-display-value-in': 'datasource|any',
|
||||
},
|
||||
)
|
||||
else:
|
||||
form.add(
|
||||
CheckboxWidget,
|
||||
'is_default',
|
||||
title=_('Set as default view'),
|
||||
value=self.view.is_default if self.view else False,
|
||||
)
|
||||
if self.view and (
|
||||
self.view.user_id == get_request().user.id
|
||||
or get_publisher().get_backoffice_root().is_accessible(self.admin_permission)
|
||||
self.view.user_id == get_request().user.id or self.formdef.has_admin_access(get_request().user)
|
||||
):
|
||||
form.add(CheckboxWidget, 'update', title=_('Update existing view settings'), value=True)
|
||||
form.add_submit('submit', _('Save View'))
|
||||
|
|
Loading…
Reference in New Issue