def test_registered_higher_deselections_on_change_status(self):
        self.login_registrar()
        # Make a RR so the registrar can change status
        items = [self.item1.id, self.item2.id]
        self.create_review_request(items)

        # Register item1 as candidate
        models.Status.objects.create(concept=self.item1,
                                     registrationAuthority=self.ra,
                                     registrationDate=timezone.now(),
                                     state=STATES.standard)

        # Register item2 as standard
        models.Status.objects.create(concept=self.item2,
                                     registrationAuthority=self.ra,
                                     registrationDate=timezone.now(),
                                     state=STATES.preferred)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item2))

        response = self.review_changes(items, STATES.standard)
        self.assertTrue(response.context['deselections'])

        form = response.context['form']
        extra_info = form.fields['selected_list'].widget.extra_info
        self.assertTrue(extra_info[self.item1.id]['perm'])
        self.assertFalse(extra_info[self.item1.id]['checked'])
        self.assertTrue(extra_info[self.item2.id]['perm'])
        self.assertFalse(extra_info[self.item2.id]['checked'])
    def test_registered_higher_deselections_on_change_status(self):
        self.login_registrar()
        # Make a RR so the registrar can change status
        items = [self.item1.id, self.item2.id]
        self.create_review_request(items)

        # Register item1 as candidate
        models.Status.objects.create(
            concept=self.item1,
            registrationAuthority=self.ra,
            registrationDate=timezone.now(),
            state=STATES.standard
        )

        # Register item2 as standard
        models.Status.objects.create(
            concept=self.item2,
            registrationAuthority=self.ra,
            registrationDate=timezone.now(),
            state=STATES.preferred
        )

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar, self.item2))

        response = self.review_changes(items, STATES.standard)
        self.assertTrue(response.context['deselections'])

        form = response.context['form']
        extra_info = form.fields['selected_list'].widget.extra_info
        self.assertTrue(extra_info[self.item1.id]['perm'])
        self.assertFalse(extra_info[self.item1.id]['checked'])
        self.assertTrue(extra_info[self.item2.id]['perm'])
        self.assertFalse(extra_info[self.item2.id]['checked'])
    def test_bulk_status_change_on_permitted_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(
            requester=self.su, registration_authority=self.ra)
        review.concepts.add(self.item1)
        review.concepts.add(self.item2)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item2))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        response = self.client.post(
            reverse('aristotle:bulk_action'), {
                'bulkaction': 'change_state',
                'state': 1,
                'items': [self.item1.id, self.item2.id],
                'registrationDate': "2014-10-27",
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            })
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item2.is_registered)
Example #4
0
    def test_bulk_status_change_on_forbidden_items(self):
        self.login_registrar()
        self.make_review_request(self.item1, self.registrar)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(
            perms.user_can_change_status(self.registrar, self.item4))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        reg_date = datetime.date(2014, 10, 27)
        new_state = self.ra.locked_state
        items = [self.item1.id, self.item2.id, self.item4.id]

        action_response = self.client.post(
            reverse('aristotle:bulk_action'), {
                'bulkaction':
                'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
                'items': items,
            })

        self.assertRedirects(action_response,
                             reverse('aristotle:change_state_bulk_action'))

        get_response = self.client.get(
            reverse('aristotle:change_state_bulk_action'))
        self.assertEqual(get_response.context['form'].initial['items'],
                         [str(a) for a in items])

        response = self.client.post(
            reverse('aristotle:change_state_bulk_action'), {
                'change_state-state': new_state,
                'change_state-items': [str(a) for a in items],
                'change_state-registrationDate': reg_date,
                'change_state-cascadeRegistration': 0,
                'change_state-registrationAuthorities': [self.ra.id],
                'change_state-confirmed': 'confirmed',
                'submit_skip': 'value',
                'change_status_bulk_action_view-current_step': 'change_state',
            },
            follow=True)

        self.assertEqual(200, response.status_code)
        self.assertTrue(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        self.assertTrue(
            self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(
            self.item1.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().
                        registrationAuthority == self.ra)

        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)
    def test_bulk_status_change_on_forbidden_items(self):
        self.login_registrar()
        self.make_review_request(self.item1, self.registrar)

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(perms.user_can_change_status(self.registrar, self.item4))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        reg_date = datetime.date(2014,10,27)
        new_state = self.ra.locked_state
        items = [self.item1.id, self.item2.id, self.item4.id]

        action_response = self.client.post(
            reverse('aristotle:bulk_action'),
            {
                'bulkaction': 'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
                'items': items,
            }
        )

        self.assertRedirects(action_response, reverse('aristotle:change_state_bulk_action'))

        get_response = self.client.get(reverse('aristotle:change_state_bulk_action'))
        self.assertEqual(get_response.context['form'].initial['items'], [str(a) for a in items])

        response = self.client.post(
            reverse('aristotle:change_state_bulk_action'),
            {
                'change_state-state': new_state,
                'change_state-items': [str(a) for a in items],
                'change_state-registrationDate': reg_date,
                'change_state-cascadeRegistration': 0,
                'change_state-registrationAuthorities': [self.ra.id],
                'change_state-confirmed': 'confirmed',
                'submit_skip': 'value',
                'change_status_bulk_action_view-current_step': 'change_state',
            },
            follow=True
        )

        self.assertEqual(200, response.status_code)
        self.assertTrue(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        self.assertTrue(self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(self.item1.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().registrationAuthority == self.ra)

        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)
Example #6
0
    def test_bulk_status_change_on_forbidden_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(
            requester=self.su,
            registration_authority=self.ra,
            registration_date=datetime.date(2010, 1, 1),
            state=self.ra.locked_state)
        review.concepts.add(self.item1)
        # review.concepts.add(self.item4)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(
            perms.user_can_change_status(self.registrar, self.item4))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        reg_date = datetime.date(2014, 10, 27)
        new_state = self.ra.locked_state
        response = self.client.post(
            reverse('aristotle:bulk_action'), {
                'bulkaction':
                'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
                'state': new_state,
                'items': [self.item1.id, self.item2.id, self.item4.id],
                'registrationDate': reg_date,
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            },
            follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTrue(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        self.assertTrue(
            self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(
            self.item1.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().
                        registrationAuthority == self.ra)

        from django.utils.html import escape
        err1 = "Some items failed"
        err2 = "s: %s" % ','.join(
            sorted([str(self.item2.id), str(self.item4.id)]))

        self.assertContains(response, err1)
        self.assertContains(response, err2)
        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)
Example #7
0
    def test_registrar_can_change_status(self):
        self.login_registrar()

        self.assertFalse(perms.user_can_view(self.registrar,self.item1))
        self.item1.readyToReview = True
        self.item1.save()
        self.item1 = self.itemType.objects.get(pk=self.item1.pk)

        self.assertTrue(perms.user_can_view(self.registrar,self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar,self.item1))

        response = self.client.get(reverse('aristotle:changeStatus',args=[self.item1.id]))
        self.assertEqual(response.status_code,200)

        self.assertEqual(self.item1.statuses.count(),0)
        response = self.client.post(
            reverse('aristotle:changeStatus',args=[self.item1.id]),
            {
                'registrationAuthorities': [str(self.ra.id)],
                'state': self.ra.public_state,
                'changeDetails': "testing",
                'cascadeRegistration': 0, # no
            }
        )
        self.assertRedirects(response,url_slugify_concept(self.item1))

        self.item1 = self.itemType.objects.get(pk=self.item1.pk)
        self.assertEqual(self.item1.statuses.count(),1)
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item1.is_public())
Example #8
0
    def cascaded_register(self, item, state, user, **kwargs):

        all_items = [item] + item.registry_cascade_items

        if not perms.user_can_change_status(user, item):
            # Return a failure as this item isn't allowed
            return {'success': [], 'failed': all_items}

        revision_message = _(
            "Cascade registration of item '%(name)s' (id:%(iid)s)\n") % {
                'name': item.name,
                'iid': item.id
            }

        if 'change_details' in kwargs:
            revision_message += kwargs['change_details']

        seen_items = {'success': [], 'failed': []}

        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)

            for child_item in all_items:
                self._register(child_item, state, **kwargs)
                seen_items['success'] += [child_item]
        return seen_items
def changeStatus(request, iid):
    item = get_object_or_404(MDR._concept,pk=iid)
    item = MDR._concept.objects.get_subclass(pk=iid)
    if not (item and user_can_change_status(request.user,item)):
        if request.user.is_anonymous():
            return redirect('/accounts/login?next=%s' % request.path)
        else:
            raise PermissionDenied
    # There would be an else here, but both branches above return,
    # so we've chopped it out to prevent an arrow anti-pattern.
    ras=request.user.profile.registrarAuthorities
    if request.method == 'POST': # If the form has been submitted...
        form = MDRForms.ChangeStatusForm(request.POST,ras=ras) # A form bound to the POST data
        if form.is_valid():
            # process the data in form.cleaned_data as required
            ras = form.cleaned_data['registrationAuthorities']
            state = form.cleaned_data['state']
            regDate = form.cleaned_data['registrationDate']
            cascade = form.cleaned_data['cascadeRegistration']
            if regDate is None:
                regDate = timezone.now().date()
            for ra in ras:
                ra = MDR.RegistrationAuthority.objects.get(id=int(ra))
                ra.register(item,state,request.user,regDate,cascade)
            return HttpResponseRedirect(reverse("aristotle:%s"%item.url_name(),args=[item.id]))
    else:
        form = MDRForms.ChangeStatusForm(ras=ras)
    return render(request,"aristotle_mdr/actions/changeStatus.html",
            {"item":item,
             "form":form,
                }
            )
    def build_extra_info(self, queryset, ra, user, static_content):
        (extra_info, deselections) = get_status_change_details(queryset, ra, static_content['new_state'])
        for key, item in extra_info.items():
            item['checked'] = not item['has_higher_status']
            item['perm'] = perms.user_can_change_status(user, item['concept'])

        return (extra_info, deselections)
    def test_registrar_can_change_status(self):
        self.login_registrar()

        self.assertFalse(perms.user_can_view(self.registrar,self.item1))
        self.item1.readyToReview = True
        self.item1.save()
        self.item1 = self.itemType.objects.get(pk=self.item1.pk)

        self.assertTrue(perms.user_can_view(self.registrar,self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar,self.item1))

        response = self.client.get(reverse('aristotle:changeStatus',args=[self.item1.id]))
        self.assertEqual(response.status_code,200)

        self.assertEqual(self.item1.statuses.count(),0)
        response = self.client.post(reverse('aristotle:changeStatus',args=[self.item1.id]),
                    {   'registrationAuthorities': [str(self.ra.id)],
                        'state': self.ra.public_state,
                        'changeDetails': "testing",
                        'cascadeRegistration': 0, #no
                    }
                )
        self.assertRedirects(response,url_slugify_concept(self.item1))

        self.item1 = self.itemType.objects.get(pk=self.item1.pk)
        self.assertEqual(self.item1.statuses.count(),1)
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item1.is_public())
    def test_registrar_cannot_use_faulty_statuses(self):
        self.login_registrar()

        self.assertFalse(perms.user_can_view(self.registrar,self.item1))
        self.item1.readyToReview = True
        self.item1.save()
        self.item1 = self.itemType.objects.get(pk=self.item1.pk)

        self.assertTrue(perms.user_can_view(self.registrar,self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar,self.item1))

        response = self.client.get(reverse('aristotle:changeStatus',args=[self.item1.id]))
        self.assertEqual(response.status_code,200)

        self.assertEqual(self.item1.statuses.count(),0)
        response = self.client.post(reverse('aristotle:changeStatus',args=[self.item1.id]),
                    {   'registrationAuthorities': [str(self.ra.id)],
                        'state': "Not a number",#obviously wrong
                        'changeDetails': "testing",
                        'cascadeRegistration': 0, #no
                    }
                )
        self.assertFormError(response, 'form', 'state', 'Select a valid choice. Not a number is not one of the available choices.')

        response = self.client.post(reverse('aristotle:changeStatus',args=[self.item1.id]),
                    {   'registrationAuthorities': [str(self.ra.id)],
                        'state': "343434", #also wrong
                        'changeDetails': "testing",
                        'cascadeRegistration': 0, #no
                    }
                )
        self.assertFormError(response, 'form', 'state', 'Select a valid choice. 343434 is not one of the available choices.')
Example #13
0
    def test_bulk_status_change_on_permitted_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(
            requester=self.su,
            registration_authority=self.ra,
            state=self.ra.locked_state,
            registration_date=datetime.date(2013, 4, 2))
        review.concepts.add(self.item1)
        review.concepts.add(self.item2)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item2))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)

        reg_date = datetime.date(2014, 10, 27)
        new_state = self.ra.locked_state
        response = self.client.post(reverse('aristotle:bulk_action'), {
            'bulkaction': 'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
            'state': new_state,
            'items': [self.item1.id, self.item2.id],
            'registrationDate': reg_date,
            'cascadeRegistration': 0,
            'registrationAuthorities': [self.ra.id],
            'confirmed': 'confirmed',
        },
                                    follow=True)
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item2.is_registered)

        self.assertTrue(
            self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(
            self.item2.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(
            self.item1.current_statuses().first().state == new_state)
        self.assertTrue(
            self.item2.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().
                        registrationAuthority == self.ra)
        self.assertTrue(self.item2.current_statuses().first().
                        registrationAuthority == self.ra)

        self.assertNotContains(response, "Some items failed")
Example #14
0
    def build_extra_info(self, queryset, ra, user, static_content):
        (extra_info,
         deselections) = get_status_change_details(queryset, ra,
                                                   static_content['new_state'])
        for key, item in extra_info.items():
            item['checked'] = not item['has_higher_status']
            item['perm'] = perms.user_can_change_status(user, item['concept'])

        return (extra_info, deselections)
    def build_extra_info(self, queryset, ra, user, static_content):

        extra_info = {}
        subclassed_queryset = queryset.select_subclasses()
        statuses = Status.objects.filter(
            concept__in=queryset,
            registrationAuthority=ra).select_related('concept')
        statuses = status_filter(statuses).order_by("-registrationDate",
                                                    "-created")

        new_state_num = static_content['new_state']
        new_state = str(STATES[new_state_num])

        # Build a dict mapping concepts to their status data
        # So that no additional status queries need to be made
        states_dict = {}
        for status in statuses:
            state_name = str(STATES[status.state])
            reg_date = status.registrationDate
            if status.concept.id not in states_dict:
                states_dict[status.concept.id] = {
                    'name': state_name,
                    'reg_date': reg_date,
                    'state': status.state
                }

        deselections = False
        for concept in subclassed_queryset:
            url = reverse('aristotle:registrationHistory',
                          kwargs={'iid': concept.id})

            innerdict = {}
            # Get class name
            innerdict['type'] = concept.__class__.get_verbose_name()
            innerdict['checked'] = True

            try:
                state_info = states_dict[concept.id]
            except KeyError:
                state_info = None

            if state_info:
                innerdict['old'] = {
                    'url': url,
                    'text': state_info['name'],
                    'old_reg_date': state_info['reg_date']
                }
                if state_info['state'] >= new_state_num:
                    innerdict['checked'] = False
                    deselections = True

            innerdict['perm'] = perms.user_can_change_status(user, concept)
            innerdict['new_state'] = {'url': url, 'text': new_state}

            extra_info[concept.id] = innerdict

        return (extra_info, deselections)
Example #16
0
    def build_extra_info(self, queryset, ra, user, static_content):

        extra_info = {}
        subclassed_queryset = queryset.select_subclasses()
        statuses = MDR.Status.objects.filter(
            concept__in=queryset,
            registrationAuthority=ra).select_related('concept')
        statuses = status_filter(statuses).order_by("-registrationDate",
                                                    "-created")

        # Build a dict mapping concepts to their status data
        # So that no additional status queries need to be made
        states_dict = {}
        for status in statuses:
            state_name = str(MDR.STATES[status.state])
            reg_date = status.registrationDate
            if status.concept.id not in states_dict:
                states_dict[status.concept.id] = {
                    'name': state_name,
                    'reg_date': reg_date
                }

        for concept in subclassed_queryset:
            url = reverse('aristotle:registrationHistory',
                          kwargs={'iid': concept.id})

            innerdict = {}
            # Get class name
            innerdict.update({'type': concept.__class__.get_verbose_name()})

            try:
                state_info = states_dict[concept.id]
            except KeyError:
                state_info = None

            if state_info:
                innerdict.update({
                    'old': {
                        'url': url,
                        'text': state_info['name']
                    },
                    'old_reg_date': state_info['reg_date']
                })

            innerdict.update(
                {'perm': perms.user_can_change_status(user, concept)})
            innerdict.update({
                'new_state': {
                    'url': url,
                    'text': static_content['new_state']
                }
            })

            extra_info.update({concept.id: innerdict})

        return extra_info
 def has_change_permission(self, request,obj=None):
     if obj is None:
         return True
     else:
         if perms.user_can_edit(request.user,obj):
             return True
         if perms.user_can_change_status(request.user,obj):
             return True
         else:
             return super(ConceptAdmin, self).has_change_permission(request,obj=None)
    def dispatch(self, request, *args, **kwargs):
        # Check for keyError here
        self.item = get_object_or_404(MDR._concept, pk=kwargs['iid']).item

        if not (self.item and user_can_change_status(request.user, self.item)):
            if request.user.is_anonymous():
                return redirect(reverse('friendly_login') + '?next=%s' % request.path)
            else:
                raise PermissionDenied

        return super().dispatch(request, *args, **kwargs)
    def dispatch(self, request, *args, **kwargs):
        # Check for keyError here
        self.item = get_object_or_404(MDR._concept, pk=kwargs['iid']).item

        if not (self.item and user_can_change_status(request.user, self.item)):
            if request.user.is_anonymous():
                return redirect(reverse('friendly_login') + '?next=%s' % request.path)
            else:
                raise PermissionDenied

        return super().dispatch(request, *args, **kwargs)
    def register(self, item, state, user, *args, **kwargs):
        if not perms.user_can_change_status(user, item):
            # Return a failure as this item isn't allowed
            return {'success': [], 'failed': [item]}

        revision_message = kwargs.get('changeDetails', "")
        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)
            self._register(item, state, user, *args, **kwargs)

        return {'success': [item], 'failed': []}
Example #21
0
    def register(self, item, state, user, *args, **kwargs):
        if not perms.user_can_change_status(user, item):
            # Return a failure as this item isn't allowed
            return {'success': [], 'failed': [item]}

        revision_message = kwargs.get('changeDetails', "")
        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)
            self._register(item, state, user, *args, **kwargs)

        return {'success': [item], 'failed': []}
Example #22
0
def can_change_status(item, user):
    """
    A filter that acts as a wrapper around ``aristotle_mdr.perms.user_can_supersede``.
    Returns true if the user has permission to supersede the item, otherwise it returns False.
    If calling ``user_can_supersede`` throws an exception it safely returns False.

    For example::

      {% if myItem|can_supersede:request.user %}
        {{ item }}
      {% endif %}
    """
    return perms.user_can_change_status(user, item)
    def test_bulk_status_change_on_forbidden_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(
            requester=self.su, registration_authority=self.ra)
        review.concepts.add(self.item1)
        # review.concepts.add(self.item4)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(
            perms.user_can_change_status(self.registrar, self.item4))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)
        response = self.client.post(
            reverse('aristotle:bulk_action'), {
                'bulkaction': 'change_state',
                'state': 1,
                'items': [self.item1.id, self.item2.id, self.item4.id],
                'registrationDate': "2014-10-27",
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            },
            follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTrue(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        from django.utils.html import escape
        err1 = "Some items failed"
        err2 = "s: %s" % ','.join(
            sorted([str(self.item2.id), str(self.item4.id)]))

        self.assertTrue(err1 in response.content)
        self.assertTrue(err2 in response.content)
        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)
 def register(self,item,state,user,registrationDate=timezone.now(),cascade=False,changeDetails=""):
     if not perms.user_can_change_status(user,item):
         # Should raise something here instead of quietly failing
         return None
     reg,created = Status.objects.get_or_create(
             concept=item,
             registrationAuthority=self,
             defaults ={
                 "registrationDate" : registrationDate,
                 "state" : state,
                 "changeDetails":changeDetails
                 }
             )
     if not created:
         reg.changeDetails = changeDetails
         reg.state = state
         reg.registrationDate = registrationDate
         reg.save()
     if cascade:
         for i in item.registry_cascade_items:
             if i is not None and perms.user_can_change_status(user,i):
                self.register(i,state,user,registrationDate=registrationDate,cascade=cascade,changeDetails=changeDetails)
     return reg
Example #25
0
    def test_bulk_status_change_on_forbidden_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(requester=self.su,registration_authority=self.ra)
        review.concepts.add(self.item1)
        # review.concepts.add(self.item4)

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(perms.user_can_change_status(self.registrar, self.item4))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)
        response = self.client.post(
            reverse('aristotle:bulk_action'),
            {
                'bulkaction': 'change_state',
                'state': 1,
                'items': [self.item1.id, self.item2.id, self.item4.id],
                'registrationDate': "2014-10-27",
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            },
            follow=True
        )
        self.assertEqual(200, response.status_code)
        self.assertTrue(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        self.assertFalse(self.item4.is_registered)

        from django.utils.html import escape
        err1 = "Some items failed"
        err2 = "s: %s" % ','.join(sorted([str(self.item2.id), str(self.item4.id)]))

        self.assertTrue(err1 in response.content)
        self.assertTrue(err2 in response.content)
        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)
    def test_deslections_on_first_registration(self):
        self.login_registrar()
        # Make a RR so the registrar can change status
        items = [self.item1.id]
        self.create_review_request(items)

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))

        response = self.review_changes(items, STATES.standard)
        self.assertFalse(response.context['deselections'])

        form = response.context['form']
        extra_info = form.fields['selected_list'].widget.extra_info
        self.assertTrue(extra_info[self.item1.id]['perm'])
        self.assertTrue(extra_info[self.item1.id]['checked'])
Example #27
0
    def test_bulk_status_change_on_permitted_items(self):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(requester=self.su,registration_authority=self.ra)
        review.concepts.add(self.item1)
        review.concepts.add(self.item2)

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar, self.item2))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)
        response = self.client.post(
            reverse('aristotle:bulk_action'),
            {
                'bulkaction': 'change_state',
                'state': 1,
                'items': [self.item1.id, self.item2.id],
                'registrationDate': "2014-10-27",
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            }
        )
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item2.is_registered)
Example #28
0
def changeStatus(request, iid):
    item = get_object_or_404(MDR._concept, pk=iid).item
    if not (item and user_can_change_status(request.user, item)):
        if request.user.is_anonymous():
            return redirect(reverse('friendly_login') + '?next=%s' % request.path)
        else:
            raise PermissionDenied
    # There would be an else here, but both branches above return,
    # so we've chopped it out to prevent an arrow anti-pattern.
    if request.method == 'POST':  # If the form has been submitted...
        form = MDRForms.ChangeStatusForm(request.POST, user=request.user)  # A form bound to the POST data
        if form.is_valid():
            # process the data in form.cleaned_data as required
            ras = form.cleaned_data['registrationAuthorities']
            state = form.cleaned_data['state']
            regDate = form.cleaned_data['registrationDate']
            cascade = form.cleaned_data['cascadeRegistration']
            changeDetails = form.cleaned_data['changeDetails']
            with transaction.atomic(), reversion.revisions.create_revision():
                reversion.revisions.set_user(request.user)
                for ra in ras:
                    if cascade:
                        register_method = ra.cascaded_register
                    else:
                        register_method = ra.register

                    register_method(
                        item,
                        state,
                        request.user,
                        changeDetails=changeDetails,
                        registrationDate=regDate,
                    )
                    # TODO: notification and message on success/failure
            return HttpResponseRedirect(url_slugify_concept(item))
    else:
        form = MDRForms.ChangeStatusForm(user=request.user)
    import json

    return render(
        request,
        "aristotle_mdr/actions/changeStatus.html",
        {
            "item": item,
            "form": form,
            "status_matrix": json.dumps(generate_visibility_matrix(request.user)),
        }
    )
    def test_deslections_on_first_registration(self):
        self.login_registrar()
        # Make a RR so the registrar can change status
        items = [self.item1.id]
        self.create_review_request(items)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))

        response = self.review_changes(items, STATES.standard)
        self.assertFalse(response.context['deselections'])

        form = response.context['form']
        extra_info = form.fields['selected_list'].widget.extra_info
        self.assertTrue(extra_info[self.item1.id]['perm'])
        self.assertTrue(extra_info[self.item1.id]['checked'])
Example #30
0
def can_change_status(item, user):
    """
    A filter that acts as a wrapper around ``aristotle_mdr.perms.can_change_status``.
    Returns true if the user has permission to change status the item, otherwise it returns False.
    If calling ``user_can_change_status`` throws an exception it safely returns False.

    For example::

      {% if myItem|can_change_status:request.user %}
        {{ item }}
      {% endif %}
    """
    # return perms.can_change_status(user, item)
    try:
        return perms.user_can_change_status(user, item)
    except:  # pragma: no cover -- passing a bad item or user is the template authors fault
        return None
def can_change_status(item, user):
    """
    A filter that acts as a wrapper around ``aristotle_mdr.perms.can_change_status``.
    Returns true if the user has permission to change status the item, otherwise it returns False.
    If calling ``user_can_change_status`` throws an exception it safely returns False.

    For example::

      {% if myItem|can_change_status:request.user %}
        {{ item }}
      {% endif %}
    """
    # return perms.can_change_status(user, item)
    try:
        return perms.user_can_change_status(user, item)
    except:  # pragma: no cover -- passing a bad item or user is the template authors fault
        return None
    def _register(self,item,state,user,*args,**kwargs):
        changeDetails=kwargs.get('changeDetails',"")
        # If registrationDate is None (like from a form), override it with todays date
        registrationDate= kwargs.get('registrationDate',None) or timezone.now().date()
        until_date=kwargs.get('until_date',None)

        if not perms.user_can_change_status(user,item):
            # Return a failure as this item isn't allowed
            return False
        Status.objects.create(
                concept=item,
                registrationAuthority=self,
                registrationDate=registrationDate,
                state=state,
                changeDetails=changeDetails,
                until_date=until_date
                )
        return True
 def register(self,item,state,user,regDate=timezone.now(),cascade=False):
     reg,created = Status.objects.get_or_create(
             concept=item,
             registrationAuthority=self,
             defaults ={
                 "registrationDate" : regDate,
                 "state" : state
                 }
             )
     if not created:
         reg.state = state
         reg.registrationDate = regDate
         reg.save()
     if cascade:
         for i in item.registryCascadeItems:
             if i is not None and perms.user_can_change_status(user,i):
                self.register(i,state,user,regDate,cascade)
     return reg
    def make_review_request(self, item, user, requester=None):
        if not requester:
            requester = self.su
        self.assertFalse(perms.user_can_view(user, item))
        item.save()
        item = item.__class__.objects.get(pk=item.pk)

        review = ReviewRequest.objects.create(
            requester=requester,
            registration_authority=self.ra,
            target_registration_state=self.ra.public_state,
            due_date=datetime.date(2010, 1, 1),
            registration_date=datetime.date(2010, 1, 1))

        review.concepts.add(item)

        self.assertTrue(perms.user_can_view(user, item))
        self.assertTrue(perms.user_can_change_status(user, item))
        return review
    def make_review_request(self, item, user, requester=None):
        if not requester:
            requester = self.su
        self.assertFalse(perms.user_can_view(user,item))
        item.save()
        item = item.__class__.objects.get(pk=item.pk)

        review = ReviewRequest.objects.create(
            requester=requester,registration_authority=self.ra,
            target_registration_state=self.ra.public_state,
            due_date=datetime.date(2010,1,1),
            registration_date=datetime.date(2010,1,1)
        )

        review.concepts.add(item)

        self.assertTrue(perms.user_can_view(user,item))
        self.assertTrue(perms.user_can_change_status(user,item))
        return review
Example #36
0
    def register(self, item, state, user, **kwargs):
        if not perms.user_can_change_status(user, item):
            # Return a failure as this item isn't allowed
            return {'success': [], 'failed': [item]}

        revision_message = _(
            "Registration of item '%(name)s' (id:%(iid)s)\n") % {
                'name': item.name,
                'iid': item.id
            }

        if 'change_details' in kwargs:
            revision_message = kwargs['change_details']

        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)
            self._register(item, state, **kwargs)

        return {'success': [item], 'failed': []}
    def test_glossary_ajax_list(self):
        import json
        gitem = models.GlossaryItem(name="Glossary item",workgroup=self.wg1)
        response = self.client.get(reverse('aristotle:glossaryAjaxlist'))
        data = json.loads(str(response.content))
        self.assertEqual(data,[])

        gitem.readyToReview = True
        gitem.save()

        self.assertTrue(perms.user_can_change_status(self.registrar,gitem))

        self.ra.register(gitem,models.STATES.standard,self.registrar)

        self.assertTrue(gitem.is_public())

        response = self.client.get(reverse('aristotle:glossaryAjaxlist'))
        data = json.loads(str(response.content))
        self.assertEqual(len(data),1)
        self.assertEqual(data[0]['id'],gitem.id)
    def test_bulk_status_change_on_permitted_items(self):
        self.login_registrar()
        self.item1.readyToReview = True
        self.item2.readyToReview = True
        self.item1.save()
        self.item2.save()

        self.assertTrue(perms.user_can_change_status(self.registrar,self.item1))
        self.assertFalse(self.item1.is_registered)
        response = self.client.post(reverse('aristotle:bulk_action'),
                {   'bulkaction': 'change_state',
                    'state'     : 1,
                    'items'     : [self.item1.id,self.item2.id],
                    'registrationDate'   : "2014-10-27",
                    'cascadeRegistration': 0,
                    'registrationAuthorities'   : [self.ra.id],
                    'confirmed':'confirmed',
                }
            )
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item2.is_registered)
Example #39
0
    def test_glossary_ajax_list_public(self):
        self.logout()
        import json
        gitem = gmodels.GlossaryItem.objects.create(name="Glossary item",
                                                    workgroup=self.wg1)
        response = self.client.get(
            reverse('aristotle_glossary:json_list') + '?items=%s' % gitem.id)
        data = json.loads(str(response.content))['items']
        self.assertEqual(data, [])

        gitem.readyToReview = True

        self.assertTrue(perms.user_can_change_status(self.registrar, gitem))
        self.ra.register(gitem, models.STATES.standard, self.registrar)
        gitem = gmodels.GlossaryItem.objects.get(pk=gitem.pk)
        self.assertTrue(gitem.is_public())

        response = self.client.get(
            reverse('aristotle_glossary:json_list') + '?items=%s' % gitem.id)
        data = json.loads(str(response.content))['items']
        self.assertEqual(len(data), 1)
        self.assertEqual(data[0]['id'], gitem.pk)
Example #40
0
def changeStatus(request, iid):
    item = get_object_or_404(MDR._concept, pk=iid).item
    if not (item and user_can_change_status(request.user, item)):
        if request.user.is_anonymous():
            return redirect(reverse("friendly_login") + "?next=%s" % request.path)
        else:
            raise PermissionDenied
    # There would be an else here, but both branches above return,
    # so we've chopped it out to prevent an arrow anti-pattern.
    if request.method == "POST":  # If the form has been submitted...
        form = MDRForms.ChangeStatusForm(request.POST, user=request.user)  # A form bound to the POST data
        if form.is_valid():
            # process the data in form.cleaned_data as required
            ras = form.cleaned_data["registrationAuthorities"]
            state = form.cleaned_data["state"]
            regDate = form.cleaned_data["registrationDate"]
            cascade = form.cleaned_data["cascadeRegistration"]
            changeDetails = form.cleaned_data["changeDetails"]
            with transaction.atomic(), reversion.revisions.create_revision():
                reversion.revisions.set_user(request.user)
                for ra in ras:
                    if cascade:
                        register_method = ra.cascaded_register
                    else:
                        register_method = ra.register

                    register_method(item, state, request.user, changeDetails=changeDetails, registrationDate=regDate)
                    # TODO: notification and message on success/failure
            return HttpResponseRedirect(url_slugify_concept(item))
    else:
        form = MDRForms.ChangeStatusForm(user=request.user)
    import json

    return render(
        request,
        "aristotle_mdr/actions/changeStatus.html",
        {"item": item, "form": form, "status_matrix": json.dumps(generate_visibility_matrix(request.user))},
    )
Example #41
0
    def test_bulk_status_change_on_permitted_items(self):
        self.login_registrar()
        self.item1.readyToReview = True
        self.item2.readyToReview = True
        self.item1.save()
        self.item2.save()

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertFalse(self.item1.is_registered)
        response = self.client.post(
            reverse('aristotle:bulk_action'),
            {
                'bulkaction': 'change_state',
                'state': 1,
                'items': [self.item1.id, self.item2.id],
                'registrationDate': "2014-10-27",
                'cascadeRegistration': 0,
                'registrationAuthorities': [self.ra.id],
                'confirmed': 'confirmed',
            }
        )
        self.assertTrue(self.item1.is_registered)
        self.assertTrue(self.item2.is_registered)
def changeStatus(request, iid):
    item = get_object_or_404(MDR._concept,pk=iid).item
    if not (item and user_can_change_status(request.user,item)):
        if request.user.is_anonymous():
            return redirect(reverse('django.contrib.auth.views.login')+'?next=%s' % request.path)
        else:
            raise PermissionDenied
    # There would be an else here, but both branches above return,
    # so we've chopped it out to prevent an arrow anti-pattern.
    if request.method == 'POST': # If the form has been submitted...
        form = MDRForms.ChangeStatusForm(request.POST,user=request.user) # A form bound to the POST data
        if form.is_valid():
            # process the data in form.cleaned_data as required
            ras = form.cleaned_data['registrationAuthorities']
            state = form.cleaned_data['state']
            regDate = form.cleaned_data['registrationDate']
            cascade = form.cleaned_data['cascadeRegistration']
            changeDetails = form.cleaned_data['changeDetails']
            for ra in ras:
                if cascade:
                    register_method = ra.cascaded_register
                else:
                    register_method = ra.register

                register_method(item,state,request.user,
                        changeDetails=changeDetails,
                        registrationDate=regDate,
                    )
                # TODO: notification and message on success/failure
            return HttpResponseRedirect(url_slugify_concept(item))
    else:
        form = MDRForms.ChangeStatusForm(user=request.user)
    return render(request,"aristotle_mdr/actions/changeStatus.html",
            {"item":item,
             "form":form,
                }
            )
Example #43
0
    def test_registrar_cannot_use_faulty_statuses(self):
        self.login_registrar()

        self.assertFalse(perms.user_can_view(self.registrar,self.item1))
        self.item1.readyToReview = True
        self.item1.save()
        self.item1 = self.itemType.objects.get(pk=self.item1.pk)

        self.assertTrue(perms.user_can_view(self.registrar,self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar,self.item1))

        response = self.client.get(reverse('aristotle:changeStatus',args=[self.item1.id]))
        self.assertEqual(response.status_code,200)

        self.assertEqual(self.item1.statuses.count(),0)
        response = self.client.post(
            reverse('aristotle:changeStatus', args=[self.item1.id]),
            {
                'registrationAuthorities': [str(self.ra.id)],
                'state': "Not a number", # obviously wrong
                'changeDetails': "testing",
                'cascadeRegistration': 0, # no
            }
        )
        self.assertFormError(response, 'form', 'state', 'Select a valid choice. Not a number is not one of the available choices.')

        response = self.client.post(
            reverse('aristotle:changeStatus',args=[self.item1.id]),
            {
                'registrationAuthorities': [str(self.ra.id)],
                'state': "343434", # also wrong
                'changeDetails': "testing",
                'cascadeRegistration': 0, # no
            }
        )
        self.assertFormError(response, 'form', 'state', 'Select a valid choice. 343434 is not one of the available choices.')
Example #44
0
    def cascaded_register(self, item, state, user, *args, **kwargs):
        if not perms.user_can_change_status(user, item):
            # Return a failure as this item isn't allowed
            return {'success': [], 'failed': [item] + item.registry_cascade_items}

        revision_message = _(
            "Cascade registration of item '%(name)s' (id:%(iid)s)\n"
        ) % {
            'name': item.name,
            'iid': item.id
        }
        revision_message = revision_message + kwargs.get('changeDetails', "")
        seen_items = {'success': [], 'failed': []}

        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)

            for child_item in [item] + item.registry_cascade_items:
                self._register(
                    child_item, state, user, *args, **kwargs
                )
                seen_items['success'] = seen_items['success'] + [child_item]
        return seen_items
    def register_many(self, items, state, user, *args, **kwargs):
        # Change the registration status of many items
        # the items argument should be a queryset

        revision_message = _("Bulk registration of %i items\n") % (items.count())

        revision_message = revision_message + kwargs.get('changeDetails', "")
        seen_items = {'success': [], 'failed': []}

        with transaction.atomic(), reversion.revisions.create_revision():
            reversion.revisions.set_user(user)
            reversion.revisions.set_comment(revision_message)

            # can use bulk_create here when background reindex is setup
            for child_item in items:
                if perms.user_can_change_status(user, child_item):
                    self._register(
                        child_item, state, user, *args, **kwargs
                    )
                    seen_items['success'].append(child_item.id)
                else:
                    seen_items['failed'].append(child_item.id)

        return seen_items
 def test_can_change_status(self):
     self.assertTrue(perms.user_can_change_status(self.su,None))
Example #47
0
 def has_change_permission(self, request, obj=None):
     if obj is not None:
         return perms.user_can_change_status(request.user, obj)
     return super().has_change_permission(request, obj=None)
    def bulk_status_change_on_permitted_items(self, review_changes):
        self.login_registrar()
        review = models.ReviewRequest.objects.create(
            requester=self.su,
            registration_authority=self.ra,
            state=self.ra.locked_state,
            registration_date=datetime.date(2013, 4, 2))
        review.concepts.add(self.item1)
        review.concepts.add(self.item2)

        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(
            perms.user_can_change_status(self.registrar, self.item2))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)

        reg_date = datetime.date(2014, 10, 27)
        new_state = self.ra.locked_state
        items = [self.item1.id, self.item2.id]
        response = self.client.post(
            reverse('aristotle:bulk_action'), {
                'bulkaction':
                'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
                'items': items,
            })

        self.assertRedirects(response,
                             reverse('aristotle:change_state_bulk_action'))

        change_state_get_response = self.client.get(
            reverse('aristotle:change_state_bulk_action'))
        self.assertEqual(
            change_state_get_response.context['form'].initial['items'],
            [str(a) for a in items])

        postdata = {
            'change_state-state': new_state,
            'change_state-items': [str(a) for a in items],
            'change_state-registrationDate': reg_date,
            'change_state-cascadeRegistration': 0,
            'change_state-registrationAuthorities': [self.ra.id],
            'submit_skip': 'value',
            'change_status_bulk_action_view-current_step': 'change_state',
        }

        if review_changes:
            selected_list = [str(self.item1.id)]
            change_state_response = self.perform_state_review(
                postdata, selected_list)
        else:
            change_state_response = self.client.post(
                reverse('aristotle:change_state_bulk_action'),
                postdata,
            )

        self.assertEqual(change_state_response.status_code, 302)

        item2_changed = not review_changes

        self.assertTrue(self.item1.is_registered)
        self.assertEqual(self.item2.is_registered, item2_changed)

        self.assertTrue(
            self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(
            self.item1.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().
                        registrationAuthority == self.ra)

        if item2_changed:
            self.assertTrue(self.item2.current_statuses().first().
                            registrationDate == reg_date)
            self.assertTrue(
                self.item2.current_statuses().first().state == new_state)
            self.assertTrue(self.item2.current_statuses().first().
                            registrationAuthority == self.ra)
        else:
            self.assertEqual(len(self.item2.current_statuses()), 0)
 def has_change_permission(self, request, obj=None):
     if obj is not None:
         return perms.user_can_change_status(request.user, obj)
     return super(StatusInline, self).has_change_permission(request, obj=None)
def changeStatus(request, iid):
    item = get_object_or_404(MDR._concept, pk=iid).item
    if not (item and user_can_change_status(request.user, item)):
        if request.user.is_anonymous():
            return redirect(reverse('friendly_login') + '?next=%s' % request.path)
        else:
            raise PermissionDenied
    # There would be an else here, but both branches above return,
    # so we've chopped it out to prevent an arrow anti-pattern.
    if request.method == 'POST':  # If the form has been submitted...
        form = MDRForms.ChangeStatusForm(request.POST, user=request.user)  # A form bound to the POST data
        if form.is_valid():
            # process the data in form.cleaned_data as required
            ras = form.cleaned_data['registrationAuthorities']
            state = form.cleaned_data['state']
            regDate = form.cleaned_data['registrationDate']
            cascade = form.cleaned_data['cascadeRegistration']
            changeDetails = form.cleaned_data['changeDetails']
            with transaction.atomic(), reversion.revisions.create_revision():
                reversion.revisions.set_user(request.user)
                for ra in ras:
                    if cascade:
                        register_method = ra.cascaded_register
                    else:
                        register_method = ra.register

                    register_method(
                        item,
                        state,
                        request.user,
                        changeDetails=changeDetails,
                        registrationDate=regDate,
                    )
                    # TODO: notification and message on success/failure
            return HttpResponseRedirect(url_slugify_concept(item))
    else:
        form = MDRForms.ChangeStatusForm(user=request.user)
    matrix={}

    visibility = "hidden"
    if item._is_locked:
        visibility = "locked"
    if item._is_public:
        visibility = "public"

    from aristotle_mdr.models import WORKGROUP_OWNERSHIP, STATES
    import json

    for ra in request.user.profile.registrarAuthorities:
        if item.workgroup.ownership == WORKGROUP_OWNERSHIP.authority:
            owner = ra in item.workgroup.registrationAuthorities.all()
        elif item.workgroup.ownership == WORKGROUP_OWNERSHIP.registry:
            owner = True
        ra_matrix = {'name': ra.name, 'states': {}}
        for s, _ in STATES:
            if s > ra.public_state:
                ra_matrix['states'][s] = [visibility, "public"][owner]
            elif s > ra.locked_state:
                ra_matrix['states'][s] = [visibility, "locked"][owner]
            else:
                ra_matrix['states'][s] = [visibility, "hidden"][owner]
        matrix[ra.id] = ra_matrix

    return render(
        request,
        "aristotle_mdr/actions/changeStatus.html",
        {
            "item": item,
            "form": form,
            "status_matrix": json.dumps(matrix),
            "visibility": visibility
        }
    )
    def bulk_status_change_on_permitted_items(self, review_changes):
        self.login_registrar()
        self.create_review_request([self.item1, self.item2])

        self.assertTrue(perms.user_can_change_status(self.registrar, self.item1))
        self.assertTrue(perms.user_can_change_status(self.registrar, self.item2))
        self.assertFalse(self.item1.is_registered)
        self.assertFalse(self.item2.is_registered)

        reg_date = datetime.date(2014,10,27)
        new_state = self.ra.locked_state
        items = [self.item1.id, self.item2.id]
        response = self.client.post(
            reverse('aristotle:bulk_action'),
            {
                'bulkaction': 'aristotle_mdr.forms.bulk_actions.ChangeStateForm',
                'items': items,
            }
        )

        self.assertRedirects(response, reverse('aristotle:change_state_bulk_action'))

        change_state_get_response = self.client.get(reverse('aristotle:change_state_bulk_action'))
        self.assertEqual(change_state_get_response.context['form'].initial['items'], [str(a) for a in items])

        postdata = {
            'change_state-state': new_state,
            'change_state-items': [str(a) for a in items],
            'change_state-registrationDate': reg_date,
            'change_state-cascadeRegistration': 0,
            'change_state-registrationAuthorities': [self.ra.id],
            'submit_skip': 'value',
            'change_status_bulk_action_view-current_step': 'change_state',
        }

        if review_changes:
            selected_list = [str(self.item1.id)]
            change_state_response = self.perform_state_review(postdata, selected_list)
        else:
            change_state_response = self.client.post(
                reverse('aristotle:change_state_bulk_action'),
                postdata,
            )

        self.assertEqual(change_state_response.status_code, 302)

        item2_changed = not review_changes

        self.assertTrue(self.item1.is_registered)
        self.assertEqual(self.item2.is_registered, item2_changed)

        self.assertTrue(self.item1.current_statuses().first().registrationDate == reg_date)
        self.assertTrue(self.item1.current_statuses().first().state == new_state)
        self.assertTrue(self.item1.current_statuses().first().registrationAuthority == self.ra)

        if item2_changed:
            self.assertTrue(self.item2.current_statuses().first().registrationDate == reg_date)
            self.assertTrue(self.item2.current_statuses().first().state == new_state)
            self.assertTrue(self.item2.current_statuses().first().registrationAuthority == self.ra)
        else:
            self.assertEqual(len(self.item2.current_statuses()), 0)