def test_submitter_cannot_change_workgroup_via_edit_page(self): # based on the idea that 'submitter' is not set in ARISTOTLE_SETTINGS.WORKGROUP self.wg_other = models.Workgroup.objects.create(name="Test WG to move to") self.wg_other.submitters.add(self.editor) self.login_editor() response = self.client.get(reverse('aristotle:edit_item',args=[self.item1.id])) self.assertEqual(response.status_code,200) updated_item = utils.modeL_to_dict_with_change_time(response.context['item']) updated_item['workgroup'] = str(self.wg_other.pk) response = self.client.post(reverse('aristotle:edit_item',args=[self.item1.id]), updated_item) self.assertEqual(response.status_code,200) form = response.context['form'] self.assertTrue('workgroup' in form.errors.keys()) self.assertTrue(len(form.errors['workgroup'])==1) # Submitter is logged in, tries to move item - fails because self.assertFalse(perms.user_can_remove_from_workgroup(self.editor,self.item1.workgroup)) self.assertTrue(form.errors['workgroup'][0] == WorkgroupVerificationMixin.cant_move_any_permission_error) updated_item['workgroup'] = str(self.wg2.pk) response = self.client.post(reverse('aristotle:edit_item',args=[self.item1.id]), updated_item) self.assertEqual(response.status_code,200) form = response.context['form'] self.assertTrue('workgroup' in form.errors.keys()) self.assertTrue(len(form.errors['workgroup'])==1) self.assertTrue('Select a valid choice.' in form.errors['workgroup'][0])
def clean_workgroup(self): # raise a permission denied before cleaning if possible. # This gives us a 'clearer' error # cleaning before checking gives a "invalid selection" even if a user isn't allowed to change workgroups. if self.instance.pk is not None: if 'workgroup' in self.data.keys() and str( self.data['workgroup']) is not None: old_wg_pk = None if self.instance.workgroup: old_wg_pk = str(self.instance.workgroup.pk) if str(self.data['workgroup']) != str(old_wg_pk) and not (str( self.data['workgroup']) == "" and old_wg_pk is None): if not user_can_move_any_workgroup(self.user): raise forms.ValidationError( WorkgroupVerificationMixin. cant_move_any_permission_error) if not user_can_remove_from_workgroup( self.user, self.instance.workgroup): raise forms.ValidationError( WorkgroupVerificationMixin. cant_move_from_permission_error) new_workgroup = self.cleaned_data['workgroup'] if self.instance.pk is not None: if 'workgroup' in self.cleaned_data.keys( ) and self.instance.workgroup != new_workgroup: if not user_can_move_between_workgroups( self.user, self.instance.workgroup, new_workgroup): self.data = self.data.copy( ) # need to make a mutable version of the POST querydict. self.data['workgroup'] = self.instance.workgroup.pk raise forms.ValidationError(WorkgroupVerificationMixin. cant_move_to_permission_error) return new_workgroup
def clean_workgroup(self): new_workgroup = self.cleaned_data['workgroup'] old_workgroup = self.instance.workgroup # If new item return if self.instance.pk is None: return new_workgroup # If old workgroup is None return if old_workgroup is None: return new_workgroup # If workgroup didnt change return if old_workgroup == new_workgroup: return new_workgroup # Check user can remove from old wg if not user_can_remove_from_workgroup(self.user, old_workgroup): raise forms.ValidationError(self.cant_move_from_permission_error) # Check user can move to new wg if not user_can_move_to_workgroup(self.user, new_workgroup): raise forms.ValidationError(self.cant_move_to_permission_error) return new_workgroup
def make_changes(self): import reversion from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup new_workgroup = self.cleaned_data['workgroup'] changeDetails = self.cleaned_data['changeDetails'] items = self.cleaned_data['items'] if not user_can_move_to_workgroup(self.user, new_workgroup): raise PermissionDenied move_from_checks = { } # Cache workgroup permissions as we check them to speed things up failed = [] success = [] with transaction.atomic(), reversion.revisions.create_revision(): reversion.revisions.set_user(self.user) for item in items: if item.workgroup: can_move = move_from_checks.get(item.workgroup.pk, None) if can_move is None: can_move = user_can_remove_from_workgroup( self.user, item.workgroup) move_from_checks[item.workgroup.pk] = can_move else: # There is no workgroup, the user can move their own item can_move = True if not can_move: failed.append(item) else: success.append(item) item.workgroup = new_workgroup item.save() failed = list(set(failed)) success = list(set(success)) bad_items = sorted([str(i.id) for i in failed]) if not bad_items: message = _( "%(num_items)s items moved into the workgroup '%(new_wg)s'. \n" ) % { 'new_wg': new_workgroup.name, 'num_items': len(success), } else: message = _( "%(num_items)s items moved into the workgroup '%(new_wg)s'. \n" "Some items failed, they had the id's: %(bad_ids)s") % { 'new_wg': new_workgroup.name, 'num_items': len(success), 'bad_ids': ",".join(bad_items) } reversion.revisions.set_comment(changeDetails + "\n\n" + message) return message
def make_changes(self): import reversion from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup new_workgroup = self.cleaned_data['workgroup'] changeDetails = self.cleaned_data['changeDetails'] items = self.cleaned_data['items'] if not user_can_move_to_workgroup(self.user, new_workgroup): raise PermissionDenied move_from_checks = {} # Cache workgroup permissions as we check them to speed things up failed = [] success = [] with transaction.atomic(), reversion.revisions.create_revision(): reversion.revisions.set_user(self.user) for item in items: can_move = move_from_checks.get(item.workgroup.pk, None) if can_move is None: can_move = user_can_remove_from_workgroup(self.user, item.workgroup) move_from_checks[item.workgroup.pk] = can_move if not can_move: failed.append(item) else: success.append(item) item.workgroup = new_workgroup item.save() failed = list(set(failed)) success = list(set(success)) bad_items = sorted([str(i.id) for i in failed]) if not bad_items: message = _( "%(num_items)s items moved into the workgroup '%(new_wg)s'. \n" ) % { 'new_wg': new_workgroup.name, 'num_items': len(success), } else: message = _( "%(num_items)s items moved into the workgroup '%(new_wg)s'. \n" "Some items failed, they had the id's: %(bad_ids)s" ) % { 'new_wg': new_workgroup.name, 'num_items': len(success), 'bad_ids': ",".join(bad_items) } reversion.revisions.set_comment(changeDetails + "\n\n" + message) return message
def clean_workgroup(self): # raise a permission denied before cleaning if possible. # This gives us a 'clearer' error # cleaning before checking gives a "invalid selection" even if a user isn't allowed to change workgroups. if self.instance.pk is not None: if 'workgroup' in self.data.keys() and str(self.data['workgroup']) is not None: if str(self.data['workgroup']) != str(self.instance.workgroup.pk): if not user_can_move_any_workgroup(self.user): raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_any_permission_error) if not user_can_remove_from_workgroup(self.user, self.instance.workgroup): raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_from_permission_error) new_workgroup = self.cleaned_data['workgroup'] if self.instance.pk is not None: if 'workgroup' in self.cleaned_data.keys() and self.instance.workgroup != new_workgroup: if not user_can_move_between_workgroups(self.user, self.instance.workgroup, new_workgroup): self.data = self.data.copy() # need to make a mutable version of the POST querydict. self.data['workgroup'] = self.instance.workgroup.pk raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_to_permission_error) return new_workgroup
def make_changes(self): import reversion from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup new_workgroup = self.cleaned_data['workgroup'] changeDetails = self.cleaned_data['changeDetails'] items = self.cleaned_data['items'] if not user_can_move_to_workgroup(self.user, new_workgroup): raise PermissionDenied move_from_checks = { } # Cache workgroup permissions as we check them to speed things up failed = [] success = [] with transaction.atomic(), reversion.revisions.create_revision(): reversion.revisions.set_user(self.user) for item in items: if item.workgroup: can_move = move_from_checks.get(item.workgroup.pk, None) if can_move is None: can_move = user_can_remove_from_workgroup( self.user, item.workgroup) move_from_checks[item.workgroup.pk] = can_move else: # There is no workgroup, the user can move their own item can_move = True if not can_move: failed.append(item) else: success.append(item) item.workgroup = new_workgroup item.save() failed = list(set(failed)) success = list(set(success)) bad_items = sorted([str(i.id) for i in failed]) return self.generate_moving_message(new_workgroup.name, len(success), failed_items=bad_items)