entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 41 Releases Activity

backoffice: do not allow agents to define default custom views (#77192) #314

Merged
fpeters merged 1 commits from wip/77192-default-custom-view-admin into main 2023-05-15 17:18:41 +02:00
Conversation 0 Commits 1 Files Changed 2 +8 -16
2 changed files with 8 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/backoffice_pages/test_custom_view.py
View File

@ -669,7 +669,7 @@ def test_backoffice_custom_view_is_default(pub):
formdef.workflow_roles = {'_receiver': 1}
formdef.store()
# private custom view
# private custom view (agent)
agent = pub.user_class(name='agent')
agent.roles = [formdef.workflow_roles['_receiver']]
agent.store()
@ -681,10 +681,10 @@ def test_backoffice_custom_view_is_default(pub):
resp = app.get('/backoffice/management/form-title/')
resp = resp.forms['listing-settings'].submit()
resp.forms['save-custom-view']['title'] = 'view 1'
resp.forms['save-custom-view']['is_default'] = True
assert 'is_default' not in resp.forms['save-custom-view'].fields
resp = resp.forms['save-custom-view'].submit()
# other private custom view
# other private custom view (admin)
app = login(get_app(pub))
resp = app.get('/backoffice/management/form-title/')
resp = resp.forms['listing-settings'].submit()
@ -702,7 +702,7 @@ def test_backoffice_custom_view_is_default(pub):
resp = resp.forms['save-custom-view'].submit()
assert pub.custom_view_class.count() == 3
assert pub.custom_view_class.get(1).is_default is True # simple user - private
assert pub.custom_view_class.get(1).is_default is False # simple user - private
assert pub.custom_view_class.get(2).is_default is True # super user - private
assert pub.custom_view_class.get(3).is_default is True # super user - shared
@ -714,7 +714,7 @@ def test_backoffice_custom_view_is_default(pub):
resp.forms['save-custom-view']['is_default'] = True
resp = resp.forms['save-custom-view'].submit()
assert pub.custom_view_class.count() == 4
assert pub.custom_view_class.get(1).is_default is True # simple user - private
assert pub.custom_view_class.get(1).is_default is False # simple user - private
assert pub.custom_view_class.get(2).is_default is False # super user - private
assert pub.custom_view_class.get(3).is_default is True # super user - shared
assert pub.custom_view_class.get(4).is_default is True # super user - private 2
@ -727,7 +727,7 @@ def test_backoffice_custom_view_is_default(pub):
resp.forms['save-custom-view']['is_default'] = True
resp = resp.forms['save-custom-view'].submit()
assert pub.custom_view_class.count() == 5
assert pub.custom_view_class.get(1).is_default is True # simple user - private
assert pub.custom_view_class.get(1).is_default is False # simple user - private
assert pub.custom_view_class.get(2).is_default is False # super user - private
assert pub.custom_view_class.get(3).is_default is False # super user - shared
assert pub.custom_view_class.get(4).is_default is True # super user - private 2

12
wcs/backoffice/management.py
View File

@ -1489,7 +1489,7 @@ class FormPage(FormdefDirectoryBase):
required=True,
value=self.view.title if self.view else None,
)
if get_publisher().get_backoffice_root().is_accessible(self.admin_permission):
if self.formdef.has_admin_access(get_request().user):
# admins can create views accessible to everyone
options = [
('owner', _('to me only'), 'owner'),
@ -1534,16 +1534,8 @@ class FormPage(FormdefDirectoryBase):
'data-dynamic-display-value-in': 'datasource|any',
},
)
else:
form.add(
CheckboxWidget,
'is_default',
title=_('Set as default view'),
value=self.view.is_default if self.view else False,
)
if self.view and (
self.view.user_id == get_request().user.id
or get_publisher().get_backoffice_root().is_accessible(self.admin_permission)
self.view.user_id == get_request().user.id or self.formdef.has_admin_access(get_request().user)
):
form.add(CheckboxWidget, 'update', title=_('Update existing view settings'), value=True)
form.add_submit('submit', _('Save View'))