def test_registered_higher_deselections_on_change_status(self): self.login_registrar() # Make a RR so the registrar can change status items = [self.item1.id, self.item2.id] self.create_review_request(items) # Register item1 as candidate models.Status.objects.create(concept=self.item1, registrationAuthority=self.ra, registrationDate=timezone.now(), state=STATES.standard) # Register item2 as standard models.Status.objects.create(concept=self.item2, registrationAuthority=self.ra, registrationDate=timezone.now(), state=STATES.preferred) self.assertTrue(perms.user_can_add_status(self.registrar, self.item1)) self.assertTrue(perms.user_can_add_status(self.registrar, self.item2)) response = self.review_changes(items, STATES.standard) self.assertTrue(response.context['deselections']) form = response.context['form'] extra_info = form.fields['selected_list'].widget.extra_info self.assertTrue(extra_info[self.item1.id]['perm']) self.assertFalse(extra_info[self.item1.id]['checked']) self.assertTrue(extra_info[self.item2.id]['perm']) self.assertFalse(extra_info[self.item2.id]['checked'])
def test_bulk_status_change_on_forbidden_items(self): self.login_registrar() self.make_review_request(self.item1, self.registrar) self.assertTrue(perms.user_can_add_status(self.registrar, self.item1)) self.assertFalse(perms.user_can_add_status(self.registrar, self.item4)) self.assertFalse(self.item1.is_registered) self.assertFalse(self.item2.is_registered) self.assertFalse(self.item4.is_registered) reg_date = datetime.date(2014, 10, 27) new_state = self.ra.locked_state items = [self.item1.id, self.item2.id, self.item4.id] action_response = self.client.post( reverse('aristotle:bulk_action'), { 'bulkaction': 'aristotle_mdr.forms.bulk_actions.ChangeStateForm', 'items': items, }) self.assertRedirects(action_response, reverse('aristotle:change_state_bulk_action')) get_response = self.client.get( reverse('aristotle:change_state_bulk_action')) self.assertEqual(get_response.context['form'].initial['items'], [str(a) for a in items]) response = self.client.post( reverse('aristotle:change_state_bulk_action'), { 'change_state-state': new_state, 'change_state-items': [str(a) for a in items], 'change_state-registrationDate': reg_date, 'change_state-cascadeRegistration': 0, 'change_state-changeDetails': "Because", 'change_state-registrationAuthorities': [self.ra.id], 'change_state-confirmed': 'confirmed', 'submit_skip': 'value', 'change_status_bulk_action_view-current_step': 'change_state', }, follow=True) self.assertEqual(200, response.status_code) self.assertTrue(self.item1.is_registered) self.assertFalse(self.item2.is_registered) self.assertFalse(self.item4.is_registered) self.assertTrue( self.item1.current_statuses().first().registrationDate == reg_date) self.assertTrue( self.item1.current_statuses().first().state == new_state) self.assertTrue(self.item1.current_statuses().first(). registrationAuthority == self.ra) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302)
def make_review_request(self, item, user, requester=None, check_perms=True): if not requester: requester = self.su if check_perms: self.assertFalse(perms.user_can_view(user, item)) item.save() item = item.__class__.objects.get(pk=item.pk) review = ReviewRequest.objects.create( requester=requester, registration_authority=self.ra, target_registration_state=self.ra.public_state, due_date=datetime.date(2010, 1, 1), registration_date=datetime.date(2010, 1, 1)) review.concepts.add(item) if check_perms: self.assertTrue(perms.user_can_view(user, item)) self.assertTrue(perms.user_can_add_status(user, item)) return review
def build_extra_info(self, queryset, ra, user, static_content): (extra_info, deselections) = get_status_change_details(queryset, ra, static_content['new_state']) for key, item in extra_info.items(): item['checked'] = not item['has_higher_status'] item['perm'] = perms.user_can_add_status(user, item['concept']) return (extra_info, deselections)
def dispatch(self, request, *args, **kwargs): # Check for keyError here self.item = get_object_or_404(MDR._concept, pk=kwargs['iid']).item if not user_can_add_status(request.user, self.item): if request.user.is_anonymous: return redirect(reverse('friendly_login') + '?next=%s' % request.path) else: raise PermissionDenied return super().dispatch(request, *args, **kwargs)
def can_add_status(item, user): """ A filter that acts as a wrapper around ``aristotle_mdr.perms.user_can_add_status``. Returns true if the user has permission to change status the item, otherwise it returns False. If calling ``user_can_add_status`` throws an exception it safely returns False. For example:: {% if myItem|can_add_status:request.user %} {{ item }} {% endif %} """ # try: return perms.user_can_add_status(user, item)
def test_deslections_on_first_registration(self): self.login_registrar() # Make a RR so the registrar can change status items = [self.item1.id] self.create_review_request(items) self.assertTrue(perms.user_can_add_status(self.registrar, self.item1)) response = self.review_changes(items, STATES.standard) self.assertFalse(response.context['deselections']) form = response.context['form'] extra_info = form.fields['selected_list'].widget.extra_info self.assertTrue(extra_info[self.item1.id]['perm']) self.assertTrue(extra_info[self.item1.id]['checked'])
def get_context_data(self, *args, **kwargs): context = super().get_context_data(*args, **kwargs) if self.request.user.is_anonymous: context['isFavourite'] = False else: context['isFavourite'] = self.request.user.profile.is_favourite(self.item) aristotle_settings = fetch_aristotle_settings() links_from, links_to = self.get_links() context.update({ 'last_edit': Version.objects.get_for_object(self.item).first(), # Only display viewable slots 'slots': Slot.objects.get_item_allowed(self.item, self.user), 'item': self.item, 'statuses': self.item.current_statuses, 'discussions': self.item.relatedDiscussions.all(), 'activetab': 'item', 'has_links': links_from or links_to, 'links_from': links_from, 'links_to': links_to, 'custom_values': self.get_custom_values(), 'submitting_organizations': self.item.submitting_organizations, 'responsible_organizations': self.item.responsible_organizations, 'infobox_identifier_name': aristotle_settings['INFOBOX_IDENTIFIER_NAME'] }) # Add a list of viewable concept ids for fast visibility checks in # templates # Since its lazy we can do this every time :) lazy_viewable_ids = SimpleLazyObject( lambda: list(MDR._concept.objects.visible(self.user).values_list('id', flat=True)) ) context['viewable_ids'] = lazy_viewable_ids # Permissions (so they are looked up once) context.update({ 'can_edit': user_can_edit(self.user, self.item), 'can_publish': user_can_publish_object(self.user, self.item), 'can_supersede': user_can_supersede(self.user, self.item), 'can_add_status': user_can_add_status(self.user, self.item) }) return context
def bulk_status_change_on_permitted_items(self, review_changes): self.login_registrar() self.create_review_request([self.item1, self.item2]) self.assertTrue(perms.user_can_add_status(self.registrar, self.item1)) self.assertTrue(perms.user_can_add_status(self.registrar, self.item2)) self.assertFalse(self.item1.is_registered) self.assertFalse(self.item2.is_registered) reg_date = datetime.date(2014, 10, 27) new_state = self.ra.locked_state items = [self.item1.id, self.item2.id] response = self.client.post( reverse('aristotle:bulk_action'), { 'bulkaction': 'aristotle_mdr.forms.bulk_actions.ChangeStateForm', 'items': items, }) self.assertRedirects(response, reverse('aristotle:change_state_bulk_action')) change_state_get_response = self.client.get( reverse('aristotle:change_state_bulk_action')) self.assertEqual( change_state_get_response.context['form'].initial['items'], [str(a) for a in items]) postdata = { 'change_state-state': new_state, 'change_state-items': [str(a) for a in items], 'change_state-registrationDate': reg_date, 'change_state-cascadeRegistration': 0, 'change_state-changeDetails': "Because", 'change_state-registrationAuthorities': [self.ra.id], 'submit_skip': 'value', 'change_status_bulk_action_view-current_step': 'change_state', } if review_changes: selected_list = [str(self.item1.id)] change_state_response = self.perform_state_review( postdata, selected_list) else: change_state_response = self.client.post( reverse('aristotle:change_state_bulk_action'), postdata, ) self.assertEqual(change_state_response.status_code, 302) item2_changed = not review_changes self.assertTrue(self.item1.is_registered) self.assertEqual(self.item2.is_registered, item2_changed) self.assertTrue( self.item1.current_statuses().first().registrationDate == reg_date) self.assertTrue( self.item1.current_statuses().first().state == new_state) self.assertTrue(self.item1.current_statuses().first(). registrationAuthority == self.ra) if item2_changed: self.assertTrue(self.item2.current_statuses().first(). registrationDate == reg_date) self.assertTrue( self.item2.current_statuses().first().state == new_state) self.assertTrue(self.item2.current_statuses().first(). registrationAuthority == self.ra) else: self.assertEqual(len(self.item2.current_statuses()), 0)
def has_change_permission(self, request, obj=None): if obj is not None: return perms.user_can_add_status(request.user, obj) return super().has_change_permission(request, obj=None)
def test_can_change_status(self): self.assertTrue(perms.user_can_add_status(self.su,None))