def test_submitter_cannot_change_workgroup_via_edit_page(self):
# based on the idea that 'submitter' is not set in ARISTOTLE_SETTINGS.WORKGROUP
self.wg_other = models.Workgroup.objects.create(name="Test WG to move to")
self.wg_other.submitters.add(self.editor)
self.login_editor()
response = self.client.get(reverse('aristotle:edit_item',args=[self.item1.id]))
self.assertEqual(response.status_code,200)
updated_item = utils.modeL_to_dict_with_change_time(response.context['item'])
updated_item['workgroup'] = str(self.wg_other.pk)
response = self.client.post(reverse('aristotle:edit_item',args=[self.item1.id]), updated_item)
self.assertEqual(response.status_code,200)
form = response.context['form']
self.assertTrue('workgroup' in form.errors.keys())
self.assertTrue(len(form.errors['workgroup'])==1)
# Submitter is logged in, tries to move item - fails because
self.assertFalse(perms.user_can_remove_from_workgroup(self.editor,self.item1.workgroup))
self.assertTrue(form.errors['workgroup'][0] == WorkgroupVerificationMixin.cant_move_any_permission_error)
updated_item['workgroup'] = str(self.wg2.pk)
response = self.client.post(reverse('aristotle:edit_item',args=[self.item1.id]), updated_item)
self.assertEqual(response.status_code,200)
form = response.context['form']
self.assertTrue('workgroup' in form.errors.keys())
self.assertTrue(len(form.errors['workgroup'])==1)
self.assertTrue('Select a valid choice.' in form.errors['workgroup'][0])
def clean_workgroup(self):
# raise a permission denied before cleaning if possible.
# This gives us a 'clearer' error
# cleaning before checking gives a "invalid selection" even if a user isn't allowed to change workgroups.
if self.instance.pk is not None:
if 'workgroup' in self.data.keys() and str(
self.data['workgroup']) is not None:
old_wg_pk = None
if self.instance.workgroup:
old_wg_pk = str(self.instance.workgroup.pk)
if str(self.data['workgroup']) != str(old_wg_pk) and not (str(
self.data['workgroup']) == "" and old_wg_pk is None):
if not user_can_move_any_workgroup(self.user):
raise forms.ValidationError(
WorkgroupVerificationMixin.
cant_move_any_permission_error)
if not user_can_remove_from_workgroup(
self.user, self.instance.workgroup):
raise forms.ValidationError(
WorkgroupVerificationMixin.
cant_move_from_permission_error)
new_workgroup = self.cleaned_data['workgroup']
if self.instance.pk is not None:
if 'workgroup' in self.cleaned_data.keys(
) and self.instance.workgroup != new_workgroup:
if not user_can_move_between_workgroups(
self.user, self.instance.workgroup, new_workgroup):
self.data = self.data.copy(
) # need to make a mutable version of the POST querydict.
self.data['workgroup'] = self.instance.workgroup.pk
raise forms.ValidationError(WorkgroupVerificationMixin.
cant_move_to_permission_error)
return new_workgroup
def clean_workgroup(self):
new_workgroup = self.cleaned_data['workgroup']
old_workgroup = self.instance.workgroup
# If new item return
if self.instance.pk is None:
return new_workgroup
# If old workgroup is None return
if old_workgroup is None:
return new_workgroup
# If workgroup didnt change return
if old_workgroup == new_workgroup:
return new_workgroup
# Check user can remove from old wg
if not user_can_remove_from_workgroup(self.user, old_workgroup):
raise forms.ValidationError(self.cant_move_from_permission_error)
# Check user can move to new wg
if not user_can_move_to_workgroup(self.user, new_workgroup):
raise forms.ValidationError(self.cant_move_to_permission_error)
return new_workgroup
def make_changes(self):
import reversion
from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup
new_workgroup = self.cleaned_data['workgroup']
changeDetails = self.cleaned_data['changeDetails']
items = self.cleaned_data['items']
if not user_can_move_to_workgroup(self.user, new_workgroup):
raise PermissionDenied
move_from_checks = {
} # Cache workgroup permissions as we check them to speed things up
failed = []
success = []
with transaction.atomic(), reversion.revisions.create_revision():
reversion.revisions.set_user(self.user)
for item in items:
if item.workgroup:
can_move = move_from_checks.get(item.workgroup.pk, None)
if can_move is None:
can_move = user_can_remove_from_workgroup(
self.user, item.workgroup)
move_from_checks[item.workgroup.pk] = can_move
else:
# There is no workgroup, the user can move their own item
can_move = True
if not can_move:
failed.append(item)
else:
success.append(item)
item.workgroup = new_workgroup
item.save()
failed = list(set(failed))
success = list(set(success))
bad_items = sorted([str(i.id) for i in failed])
if not bad_items:
message = _(
"%(num_items)s items moved into the workgroup '%(new_wg)s'. \n"
) % {
'new_wg': new_workgroup.name,
'num_items': len(success),
}
else:
message = _(
"%(num_items)s items moved into the workgroup '%(new_wg)s'. \n"
"Some items failed, they had the id's: %(bad_ids)s") % {
'new_wg': new_workgroup.name,
'num_items': len(success),
'bad_ids': ",".join(bad_items)
}
reversion.revisions.set_comment(changeDetails + "\n\n" + message)
return message
def make_changes(self):
import reversion
from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup
new_workgroup = self.cleaned_data['workgroup']
changeDetails = self.cleaned_data['changeDetails']
items = self.cleaned_data['items']
if not user_can_move_to_workgroup(self.user, new_workgroup):
raise PermissionDenied
move_from_checks = {} # Cache workgroup permissions as we check them to speed things up
failed = []
success = []
with transaction.atomic(), reversion.revisions.create_revision():
reversion.revisions.set_user(self.user)
for item in items:
can_move = move_from_checks.get(item.workgroup.pk, None)
if can_move is None:
can_move = user_can_remove_from_workgroup(self.user, item.workgroup)
move_from_checks[item.workgroup.pk] = can_move
if not can_move:
failed.append(item)
else:
success.append(item)
item.workgroup = new_workgroup
item.save()
failed = list(set(failed))
success = list(set(success))
bad_items = sorted([str(i.id) for i in failed])
if not bad_items:
message = _(
"%(num_items)s items moved into the workgroup '%(new_wg)s'. \n"
) % {
'new_wg': new_workgroup.name,
'num_items': len(success),
}
else:
message = _(
"%(num_items)s items moved into the workgroup '%(new_wg)s'. \n"
"Some items failed, they had the id's: %(bad_ids)s"
) % {
'new_wg': new_workgroup.name,
'num_items': len(success),
'bad_ids': ",".join(bad_items)
}
reversion.revisions.set_comment(changeDetails + "\n\n" + message)
return message
def clean_workgroup(self):
# raise a permission denied before cleaning if possible.
# This gives us a 'clearer' error
# cleaning before checking gives a "invalid selection" even if a user isn't allowed to change workgroups.
if self.instance.pk is not None:
if 'workgroup' in self.data.keys() and str(self.data['workgroup']) is not None:
if str(self.data['workgroup']) != str(self.instance.workgroup.pk):
if not user_can_move_any_workgroup(self.user):
raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_any_permission_error)
if not user_can_remove_from_workgroup(self.user, self.instance.workgroup):
raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_from_permission_error)
new_workgroup = self.cleaned_data['workgroup']
if self.instance.pk is not None:
if 'workgroup' in self.cleaned_data.keys() and self.instance.workgroup != new_workgroup:
if not user_can_move_between_workgroups(self.user, self.instance.workgroup, new_workgroup):
self.data = self.data.copy() # need to make a mutable version of the POST querydict.
self.data['workgroup'] = self.instance.workgroup.pk
raise forms.ValidationError(WorkgroupVerificationMixin.cant_move_to_permission_error)
return new_workgroup
def make_changes(self):
import reversion
from aristotle_mdr.perms import user_can_remove_from_workgroup, user_can_move_to_workgroup
new_workgroup = self.cleaned_data['workgroup']
changeDetails = self.cleaned_data['changeDetails']
items = self.cleaned_data['items']
if not user_can_move_to_workgroup(self.user, new_workgroup):
raise PermissionDenied
move_from_checks = {
} # Cache workgroup permissions as we check them to speed things up
failed = []
success = []
with transaction.atomic(), reversion.revisions.create_revision():
reversion.revisions.set_user(self.user)
for item in items:
if item.workgroup:
can_move = move_from_checks.get(item.workgroup.pk, None)
if can_move is None:
can_move = user_can_remove_from_workgroup(
self.user, item.workgroup)
move_from_checks[item.workgroup.pk] = can_move
else:
# There is no workgroup, the user can move their own item
can_move = True
if not can_move:
failed.append(item)
else:
success.append(item)
item.workgroup = new_workgroup
item.save()
failed = list(set(failed))
success = list(set(success))
bad_items = sorted([str(i.id) for i in failed])
return self.generate_moving_message(new_workgroup.name,
len(success),
failed_items=bad_items)
