backoffice: consider multiple roles attribution in mass action buttons (#55633)

2021-07-16 13:54:07 +02:00 · 2021-07-16 13:54:07 +02:00 · a18639ae6d
parent 228a25bf8e
commit a18639ae6d
2 changed files with 10 additions and 2 deletions
--- a/tests/backoffice_pages/test_all.py
+++ b/tests/backoffice_pages/test_all.py
@ -1651,11 +1651,12 @@ def test_backoffice_multi_actions(pub):
    stable_ids = []
    for checkbox in resp.forms[0].fields['select[]'][1:6]:
        formdata = formdef.data_class().get(checkbox._value)
-        formdata.workflow_roles = {'_foobar': formdef.workflow_roles['_receiver']}
+        formdata.workflow_roles = {'_foobar': [formdef.workflow_roles['_receiver']]}
        formdata.store()
        stable_ids.append(formdata.id)

    resp = app.get('/backoffice/management/form-title/')
+    assert resp.pyquery('[data-link="%s/"] input' % stable_ids[0]).attr['data-is__foobar'] == 'true'
    assert 'OTHER ACTION' in resp.text

    resp.forms[0].fields['select[]'][0].checked = True  # _all
--- a/wcs/forms/backoffice.py
+++ b/wcs/forms/backoffice.py
@ -244,6 +244,7 @@ class FormDefUI:
        else:
            url_action = ''
        user = get_request().user
+        user_roles = set(user.get_roles())
        visited_objects = get_session().get_visited_objects(exclude_user=user.id)
        include_criticality_level = bool(self.formdef.workflow.criticality_levels)
        for i, filled in enumerate(items):
@ -286,7 +287,13 @@ class FormDefUI:
                if filled.workflow_roles:
                    workflow_roles.update(filled.workflow_roles)
                for function_key, function_value in workflow_roles.items():
-                    if function_value in user.get_roles():
+                    if isinstance(function_value, str):
+                        # single role, defined at formdef level
+                        function_values = {function_value}
+                    else:
+                        # list of roles (or none), defined at formdata level
+                        function_values = set(function_value or [])
+                    if user_roles.intersection(function_values):
                        # dashes are replaced by underscores to prevent HTML5
                        # normalization to CamelCase.
                        r += htmltext(' data-is_%s="true" ' % function_key.replace('-', '_'))