def test_no_root_view_permissions(po_directory, nobody, default, admin, view, no_permission_sets, no_projects, project_foo, project_bar): """Tests user-accessible projects when there are no permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # By setting explicit `view` permissions for `foo_user` in `project_foo`, # only `foo_user` will be able to access that project _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) assert items_equal(Project.accessible_by_user(bar_user), []) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) # Now let's allow showing `project_bar` to all registered users, but keep # `project_foo` visible only to `foo_user`. _require_permission_set(default, project_bar.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal( Project.accessible_by_user(bar_user), [project_bar.code]) assert items_equal(Project.accessible_by_user(default), [project_bar.code]) assert items_equal(Project.accessible_by_user(nobody), [])
def test_no_root_view_permissions(po_directory, nobody, default, admin, view, no_permission_sets, no_projects, project_foo, project_bar): """Tests user-accessible projects when there are no permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # By setting explicit `view` permissions for `foo_user` in `project_foo`, # only `foo_user` will be able to access that project _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) assert items_equal(Project.accessible_by_user(bar_user), []) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) # Now let's allow showing `project_bar` to all registered users, but keep # `project_foo` visible only to `foo_user`. _require_permission_set(default, project_bar.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal( Project.accessible_by_user(bar_user), [project_bar.code]) assert items_equal(Project.accessible_by_user(default), [project_bar.code]) assert items_equal(Project.accessible_by_user(nobody), [])
def get_for_user(self, user, include_disabled=False): """Filters units for a specific user. - Admins always get all non-obsolete units, optionally filtered to include units from disabled projects too. - Regular users only get units from enabled projects accessible to them. :param user: The user for whom units need to be retrieved for. :param include_disabled: whether to include units from disabled projects or not. This only affects superusers. :return: A filtered queryset with `Unit`s for `user`. """ from pootle_project.models import Project if user.is_superuser: if include_disabled: return self.live() return self.live().filter( store__translation_project__project__disabled=False) user_projects = Project.accessible_by_user(user) filter_by = { "store__translation_project__project__disabled": False, "store__translation_project__project__code__in": user_projects, } return self.live().filter(**filter_by)
def wrapped(request, *args, **kwargs): language_code = kwargs.pop('language_code', None) project_code = kwargs.pop('project_code', None) pootle_path = request.GET.get('path', None) if pootle_path is not None: language_code, project_code, dir_path, filename = \ split_pootle_path(pootle_path) kwargs['dir_path'] = dir_path kwargs['filename'] = filename if language_code and project_code: try: path_obj = TranslationProject.objects.enabled().get( language__code=language_code, project__code=project_code, project__disabled=False ) except TranslationProject.DoesNotExist: path_obj = None if path_obj is None and not request.is_ajax(): # Explicit selection via the UI: redirect either to # ``/language_code/`` or ``/projects/project_code/``. user_choice = request.COOKIES.get('user-choice', None) if user_choice and user_choice in ('language', 'project',): url = { 'language': reverse('pootle-language-overview', args=[language_code]), 'project': reverse('pootle-project-overview', args=[project_code, '', '']), } response = redirect(url[user_choice]) response.delete_cookie('user-choice') return response raise Http404 elif language_code: path_obj = get_object_or_404(Language, code=language_code) elif project_code: path_obj = get_object_or_404(Project, code=project_code, disabled=False) else: # No arguments: all user-accessible projects user_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.enabled() \ .filter(code__in=user_projects) path_obj = ProjectSet(user_projects, '/projects/') # HACKISH: inject directory so that permissions can be # queried directory = Directory.objects.get(pootle_path='/projects/') setattr(path_obj, 'directory', directory) request.ctx_obj = path_obj request.ctx_path = path_obj.pootle_path request.resource_obj = path_obj request.pootle_path = path_obj.pootle_path return func(request, path_obj, *args, **kwargs)
def test_no_root_hide_permissions( po_directory, nobody, default, admin, hide, view, no_projects, no_permission_sets, project_foo, project_bar, root, ): """Tests user-accessible projects when there are no `hide` permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username="******") bar_user = UserFactory.create(username="******") # By default everyone has access to projects _require_permission_set(default, root, [view]) _require_permission_set(nobody, root, [view]) # At the same time, `project_foo` is inaccessible registered users... _require_permission_set(default, project_foo.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), [project_bar.code]) assert items_equal(Project.accessible_by_user(nobody), [project_bar.code]) assert items_equal(Project.accessible_by_user(foo_user), [project_bar.code]) assert items_equal(Project.accessible_by_user(bar_user), [project_bar.code]) # ...and anonymous users as well _require_permission_set(nobody, project_foo.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(nobody), [project_bar.code]) # Let's make `project_foo` accessible for `foo_user` _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) # `project_bar` is now inaccessible for anonymous users _require_permission_set(nobody, project_bar.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(nobody), [])
def wrapped(request, *args, **kwargs): language_code = kwargs.pop('language_code', None) project_code = kwargs.pop('project_code', None) if request.is_ajax(): pootle_path = request.GET.get('path', None) if pootle_path is not None: language_code, project_code, dir_path, filename = \ split_pootle_path(pootle_path) kwargs['dir_path'] = dir_path kwargs['filename'] = filename if language_code and project_code: try: path_obj = TranslationProject.objects.enabled().get( language__code=language_code, project__code=project_code, project__disabled=False ) except TranslationProject.DoesNotExist: path_obj = None if path_obj is None and not request.is_ajax(): # Explicit selection via the UI: redirect either to # ``/language_code/`` or ``/projects/project_code/``. user_choice = request.COOKIES.get('user-choice', None) if user_choice and user_choice in ('language', 'project',): url = { 'language': reverse('pootle-language-overview', args=[language_code]), 'project': reverse('pootle-project-overview', args=[project_code, '', '']), } response = redirect(url[user_choice]) response.delete_cookie('user-choice') return response raise Http404 elif language_code: path_obj = get_object_or_404(Language, code=language_code) elif project_code: path_obj = get_object_or_404(Project, code=project_code, disabled=False) else: # No arguments: all user-accessible projects user_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.filter(code__in=user_projects) path_obj = ProjectSet(user_projects, '/projects/') # HACKISH: inject directory so that permissions can be # queried directory = Directory.objects.get(pootle_path='/projects/') setattr(path_obj, 'directory', directory) request.ctx_obj = path_obj request.ctx_path = path_obj.pootle_path request.resource_obj = path_obj request.pootle_path = path_obj.pootle_path return func(request, path_obj, *args, **kwargs)
def is_accessible_by(self, user): """Returns `True` if the current unit is accessible by `user`.""" if user.is_superuser: return True from pootle_project.models import Project user_projects = Project.accessible_by_user(user) return self.store.translation_project.project.code in user_projects
def is_accessible_by(self, user): """Returns `True` if the current translation project is accessible by `user`. """ if user.is_superuser: return True return self.project.code in Project.accessible_by_user(user)
def is_accessible_by(self, user): """Returns `True` if the current unit is accessible by `user`.""" if user.is_superuser: return True from pootle_project.models import Project user_projects = Project.accessible_by_user(user) return self.store.translation_project.project.code in user_projects
def is_accessible_by(self, user): """Returns `True` if the current translation project is accessible by `user`. """ if user.is_superuser: return True return self.project.code in Project.accessible_by_user(user)
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login( username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) obj = ProjectSet(user_projects) items = [ make_project_list_item(project) for project in obj.children] items.sort(lambda x, y: locale.strcoll(x['title'], y['title'])) table_fields = [ 'name', 'progress', 'total', 'need-translation', 'suggestions', 'critical', 'last-updated', 'activity'] table = { 'id': 'projects', 'fields': table_fields, 'headings': get_table_headings(table_fields), 'items': items} if request.user.is_superuser: url_action_continue = obj.get_translate_url(state='incomplete') url_action_fixcritical = obj.get_critical_url() url_action_review = obj.get_translate_url(state='suggestions') url_action_view_all = obj.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 User = get_user_model() top_scorers = User.top_scorers(limit=10) assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=obj, table=table, browser_extends="projects/all/base.html", stats=obj.data_tool.get_stats(user=request.user), checks=get_qualitycheck_list(obj), top_scorers=top_scorers, top_scorers_data=get_top_scorers_data(top_scorers, 10), translation_states=get_translation_states(obj), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all) view_context_test(ctx, **assertions)
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login(username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = (Project.objects.for_user( request.user).filter(code__in=user_projects)) obj = ProjectSet(user_projects) items = [make_project_list_item(project) for project in obj.children] items.sort(lambda x, y: locale.strcoll(x['title'], y['title'])) stats = obj.data_tool.get_stats(user=request.user) for item in items: if item["code"] in stats["children"]: item["stats"] = stats["children"][item["code"]] table_fields = [ 'name', 'progress', 'total', 'need-translation', 'suggestions', 'critical', 'last-updated', 'activity' ] table = { 'id': 'projects', 'fields': table_fields, 'headings': get_table_headings(table_fields), 'items': items } if request.user.is_superuser: url_action_continue = obj.get_translate_url(state='incomplete') url_action_fixcritical = obj.get_critical_url() url_action_review = obj.get_translate_url(state='suggestions') url_action_view_all = obj.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 checks = ChecksDisplay(obj).checks_by_category stats = StatsDisplay(obj, stats=stats).stats del stats["children"] User = get_user_model() top_scorers = User.top_scorers(limit=10) assertions = dict(page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=obj, table=table, browser_extends="projects/all/base.html", top_scorers=top_scorers, top_scorers_data=get_top_scorers_data(top_scorers, 10), translation_states=get_translation_states(obj), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all, checks=checks, stats=stats) view_context_test(ctx, **assertions)
def test_view_projects_translate(client, settings, request_users): user = request_users["user"] client.login( username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-translate")) if not user.is_superuser: assert response.status_code == 403 return ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) obj = ProjectSet(user_projects) checks = get_qualitychecks() schema = {sc["code"]: sc for sc in get_qualitycheck_schema()} check_data = obj.data_tool.get_checks() _checks = {} for check, checkid in checks.items(): if check not in check_data: continue _checkid = schema[checkid]["name"] _checks[_checkid] = _checks.get( _checkid, dict(checks=[], title=schema[checkid]["title"])) _checks[_checkid]["checks"].append( dict( code=check, title=check_names[check], count=check_data[check])) _checks = OrderedDict( (k, _checks[k]) for k in CATEGORY_IDS.keys() if _checks.get(k)) assertions = dict( page="translate", has_admin_access=user.is_superuser, language=None, project=None, pootle_path="/projects/", ctx_path="/projects/", resource_path="", resource_path_parts=[], editor_extends="projects/all/base.html", checks=_checks, previous_url=get_previous_url(request), display_priority=False, cantranslate=check_permission("translate", request), cansuggest=check_permission("suggest", request), canreview=check_permission("review", request), search_form=make_search_form(request=request), current_vfolder_pk="", POOTLE_MT_BACKENDS=settings.POOTLE_MT_BACKENDS, AMAGAMA_URL=settings.AMAGAMA_URL) view_context_test(ctx, **assertions)
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login( username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) obj = ProjectSet(user_projects) stats = obj.data_tool.get_stats(user=request.user) if request.user.is_superuser: url_action_continue = obj.get_translate_url(state='incomplete') url_action_fixcritical = obj.get_critical_url() url_action_review = obj.get_translate_url(state='suggestions') url_action_view_all = obj.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 checks = ChecksDisplay(obj).checks_by_category stats = StatsDisplay(obj, stats=stats).stats del stats["children"] chunk_size = TOP_CONTRIBUTORS_CHUNK_SIZE score_data = scores.get(ProjectSet)(obj) def scores_to_json(score): score["user"] = score["user"].to_dict() return score top_scorers = score_data.display( limit=chunk_size, formatter=scores_to_json) top_scorer_data = dict( items=list(top_scorers), has_more_items=len(score_data.top_scorers) > chunk_size) assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=obj, browser_extends="projects/all/base.html", top_scorers=top_scorer_data, translation_states=get_translation_states(obj), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all, checks=checks, stats=stats) view_context_test(ctx, **assertions)
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login( username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) ob = ProjectSet(user_projects) items = [ make_project_list_item(project) for project in ob.children] items.sort(lambda x, y: locale.strcoll(x['title'], y['title'])) table_fields = [ 'name', 'progress', 'total', 'need-translation', 'suggestions', 'critical', 'last-updated', 'activity'] table = { 'id': 'projects', 'fields': table_fields, 'headings': get_table_headings(table_fields), 'items': items} if request.user.is_superuser: url_action_continue = ob.get_translate_url(state='incomplete') url_action_fixcritical = ob.get_critical_url() url_action_review = ob.get_translate_url(state='suggestions') url_action_view_all = ob.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=ob, table=table, browser_extends="projects/all/base.html", stats=jsonify(ob.get_stats()), check_categories=get_qualitycheck_schema(ob), translation_states=get_translation_states(ob), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all) view_context_test(ctx, **assertions)
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login(username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = (Project.objects.for_user( request.user).filter(code__in=user_projects)) obj = ProjectSet(user_projects) stats = obj.data_tool.get_stats(user=request.user) if request.user.is_superuser: url_action_continue = obj.get_translate_url(state='incomplete') url_action_fixcritical = obj.get_critical_url() url_action_review = obj.get_translate_url(state='suggestions') url_action_view_all = obj.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 checks = ChecksDisplay(obj).checks_by_category stats = StatsDisplay(obj, stats=stats).stats del stats["children"] chunk_size = TOP_CONTRIBUTORS_CHUNK_SIZE score_data = scores.get(ProjectSet)(obj) def scores_to_json(score): score["user"] = score["user"].to_dict() return score top_scorers = score_data.display(limit=chunk_size, formatter=scores_to_json) top_scorer_data = dict( items=list(top_scorers), has_more_items=len(score_data.top_scorers) > chunk_size) assertions = dict(page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=obj, browser_extends="projects/all/base.html", top_scorers=top_scorer_data, translation_states=get_translation_states(obj), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all, checks=checks, stats=stats) view_context_test(ctx, **assertions)
def test_view_projects_translate(client, settings, request_users): user = request_users["user"] client.login(username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-translate")) if not user.is_superuser: assert response.status_code == 403 return ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = (Project.objects.for_user( request.user).filter(code__in=user_projects)) obj = ProjectSet(user_projects) checks = get_qualitychecks() schema = {sc["code"]: sc for sc in get_qualitycheck_schema()} check_data = obj.data_tool.get_checks() _checks = {} for check, checkid in checks.items(): if check not in check_data: continue _checkid = schema[checkid]["name"] _checks[_checkid] = _checks.get( _checkid, dict(checks=[], title=schema[checkid]["title"])) _checks[_checkid]["checks"].append( dict(code=check, title=check_names[check], count=check_data[check])) _checks = OrderedDict( (k, _checks[k]) for k in CATEGORY_IDS.keys() if _checks.get(k)) assertions = dict(page="translate", has_admin_access=user.is_superuser, language=None, project=None, pootle_path="/projects/", ctx_path="/projects/", resource_path="", resource_path_parts=[], editor_extends="projects/all/base.html", checks=_checks, previous_url=get_previous_url(request), display_priority=False, cantranslate=check_permission("translate", request), cansuggest=check_permission("suggest", request), canreview=check_permission("review", request), search_form=make_search_form(request=request), current_vfolder_pk="", POOTLE_MT_BACKENDS=settings.POOTLE_MT_BACKENDS, AMAGAMA_URL=settings.AMAGAMA_URL) view_context_test(ctx, **assertions)
def test_no_root_hide_permissions(po_directory, nobody, default, admin, hide, view, no_projects, no_permission_sets, project_foo, project_bar, root): """Tests user-accessible projects when there are no `hide` permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # By default everyone has access to projects _require_permission_set(default, root, [view]) _require_permission_set(nobody, root, [view]) # At the same time, `project_foo` is inaccessible registered users... _require_permission_set(default, project_foo.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), [project_bar.code]) assert items_equal(Project.accessible_by_user(nobody), [project_bar.code]) assert items_equal( Project.accessible_by_user(foo_user), [project_bar.code]) assert items_equal( Project.accessible_by_user(bar_user), [project_bar.code]) # ...and anonymous users as well _require_permission_set(nobody, project_foo.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(nobody), [project_bar.code]) # Let's make `project_foo` accessible for `foo_user` _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) # `project_bar` is now inaccessible for anonymous users _require_permission_set(nobody, project_bar.directory, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(nobody), [])
def test_view_projects_browse(client, request_users): user = request_users["user"] client.login( username=user.username, password=request_users["password"]) response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) obj = ProjectSet(user_projects) stats = obj.data_tool.get_stats(user=request.user) if request.user.is_superuser: url_action_continue = obj.get_translate_url(state='incomplete') url_action_fixcritical = obj.get_critical_url() url_action_review = obj.get_translate_url(state='suggestions') url_action_view_all = obj.get_translate_url(state='all') else: (url_action_continue, url_action_fixcritical, url_action_review, url_action_view_all) = [None] * 4 checks = ChecksDisplay(obj).checks_by_category stats = StatsDisplay(obj, stats=stats).stats del stats["children"] User = get_user_model() top_scorers = User.top_scorers(limit=10) assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=obj, browser_extends="projects/all/base.html", top_scorers=top_scorers, top_scorers_data=get_top_scorers_data(top_scorers, 10), translation_states=get_translation_states(obj), url_action_continue=url_action_continue, url_action_fixcritical=url_action_fixcritical, url_action_review=url_action_review, url_action_view_all=url_action_view_all, checks=checks, stats=stats) view_context_test(ctx, **assertions)
def projects_index(request, root): """Page listing all projects.""" user_accessible_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.filter(code__in=user_accessible_projects) items = [make_project_list_item(project) for project in user_projects] table_fields = ['name'] ctx = { 'table': { 'id': 'projects', 'fields': table_fields, 'headings': get_table_headings(table_fields), 'items': items, }, } return render(request, "projects/list.html", ctx)
def projects_index(request, root): """Page listing all projects.""" user_accessible_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.filter(code__in=user_accessible_projects) items = [make_project_list_item(project) for project in user_projects] table_fields = ["name"] ctx = { "table": { "id": "projects", "fields": table_fields, "headings": get_table_headings(table_fields), "items": items, } } return render(request, "projects/list.html", ctx)
def for_user(self, user, select_related=None): """Filters translation projects for a specific user. - Admins always get all translation projects. - Regular users only get enabled translation projects accessible to them. :param user: The user for whom the translation projects need to be retrieved for. :return: A filtered queryset with `TranslationProject`s for `user`. """ qs = self.live() if select_related is not None: qs = qs.select_related(*select_related) if user.is_superuser: return qs return qs.filter(project__disabled=False, project__code__in=Project.accessible_by_user(user))
def get_for_user(self, user): """Filters units for a specific user. - Admins always get all non-obsolete units - Regular users only get units from enabled projects accessible to them. :param user: The user for whom units need to be retrieved for. :return: A filtered queryset with `Unit`s for `user`. """ from pootle_project.models import Project if user.is_superuser: return self.live() user_projects = Project.accessible_by_user(user) filter_by = { "store__translation_project__project__disabled": False, "store__translation_project__project__code__in": user_projects } return self.live().filter(**filter_by)
def test_get_contributors_projects(client, request_users): user = request_users["user"] if user.username != "nobody": client.login( username=user.username, password=request_users["password"]) directory = Directory.objects.projects response = client.get( "/xhr/stats/contributors/?path=%s" % directory.pootle_path, HTTP_X_REQUESTED_WITH='XMLHttpRequest') assert response.status_code == 200 result = json.loads(response.content) user_projects = Project.accessible_by_user(user) user_projects = ( Project.objects.for_user(user) .filter(code__in=user_projects)) top_scorers_data = get_top_scorers_test_data(ProjectSet(user_projects)) for k, v in result.items(): assert json.loads(json.dumps(top_scorers_data[k])) == v
def pootle_context(request): """Exposes settings to templates.""" # FIXME: maybe we should expose relevant settings only? return { 'settings': { 'POOTLE_TITLE': settings.POOTLE_TITLE, 'POOTLE_INSTANCE_ID': settings.POOTLE_INSTANCE_ID, 'POOTLE_CONTACT_ENABLED': (settings.POOTLE_CONTACT_ENABLED and settings.POOTLE_CONTACT_EMAIL), 'POOTLE_MARKUP_FILTER': get_markup_filter_name(), 'POOTLE_SIGNUP_ENABLED': settings.POOTLE_SIGNUP_ENABLED, 'SCRIPT_NAME': settings.SCRIPT_NAME, 'POOTLE_CACHE_TIMEOUT': settings.POOTLE_CACHE_TIMEOUT, 'DEBUG': settings.DEBUG, }, 'custom': settings.POOTLE_CUSTOM_TEMPLATE_CONTEXT, 'ALL_LANGUAGES': Language.live.cached_dict(translation.get_language()), 'ALL_PROJECTS': Project.accessible_by_user(request.user), 'SOCIAL_AUTH_PROVIDERS': jsonify(_get_social_auth_providers(request)), 'display_agreement': _agreement_context(request), }
def for_user(self, user, select_related=None): """Filters translation projects for a specific user. - Admins always get all translation projects. - Regular users only get enabled translation projects accessible to them. :param user: The user for whom the translation projects need to be retrieved for. :return: A filtered queryset with `TranslationProject`s for `user`. """ qs = self.live() if select_related is not None: qs = qs.select_related(*select_related) if user.is_superuser: return qs return qs.filter( project__disabled=False, project__code__in=Project.accessible_by_user(user))
def test_view_projects_browse(site_permissions, site_matrix_with_vfolders, site_matrix_with_announcements, client, nobody, default): response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = ( Project.objects.for_user(request.user) .filter(code__in=user_projects)) ob = ProjectSet(user_projects) items = [ make_project_list_item(project) for project in ob.children] items.sort(lambda x, y: locale.strcoll(x['title'], y['title'])) table_fields = [ 'name', 'progress', 'total', 'need-translation', 'suggestions', 'critical', 'last-updated', 'activity'] table = { 'id': 'projects', 'fields': table_fields, 'headings': get_table_headings(table_fields), 'items': items} assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], object=ob, table=table, browser_extends="projects/all/base.html", stats=jsonify(ob.get_stats()), check_categories=get_qualitycheck_schema(ob), translation_states=get_translation_states(ob), url_action_continue=ob.get_translate_url(state='incomplete'), url_action_fixcritical=ob.get_critical_url(), url_action_review=ob.get_translate_url(state='suggestions'), url_action_view_all=ob.get_translate_url(state='all')) view_context_test(ctx, **assertions)
def test_view_projects_browse( site_permissions, site_matrix_with_vfolders, site_matrix_with_announcements, client, nobody, default ): response = client.get(reverse("pootle-projects-browse")) assert response.cookies["pootle-language"].value == "projects" ctx = response.context request = response.wsgi_request user_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.for_user(request.user).filter(code__in=user_projects) ob = ProjectSet(user_projects) items = [make_project_list_item(project) for project in ob.children] items.sort(lambda x, y: locale.strcoll(x["title"], y["title"])) table_fields = [ "name", "progress", "total", "need-translation", "suggestions", "critical", "last-updated", "activity", ] table = {"id": "projects", "fields": table_fields, "headings": get_table_headings(table_fields), "items": items} assertions = dict( page="browse", pootle_path="/projects/", resource_path="", resource_path_parts=[], resource_obj=ob, table=table, browser_extends="projects/all/base.html", stats=jsonify(ob.get_stats()), check_categories=get_qualitycheck_schema(ob), translation_states=get_translation_states(ob), url_action_continue=ob.get_translate_url(state="incomplete"), url_action_fixcritical=ob.get_critical_url(), url_action_review=ob.get_translate_url(state="suggestions"), url_action_view_all=ob.get_translate_url(state="all"), ) view_context_test(ctx, **assertions)
def test_root_hide_permissions(po_directory, nobody, default, admin, hide, view, no_permission_sets, no_projects, project_foo, project_bar, root): """Tests user-accessible projects when there are `hide` permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # By default all projects are not accessible _require_permission_set(default, root, negative_permissions=[hide]) _require_permission_set(nobody, root, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) assert items_equal(Project.accessible_by_user(foo_user), []) assert items_equal(Project.accessible_by_user(bar_user), []) # Now let's make `project_foo` accessible to `foo_user`. _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) assert items_equal(Project.accessible_by_user(bar_user), []) # Making projects accessible for anonymous users should open the door for # everyone _require_permission_set(nobody, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
def test_root_view_permissions(po_directory, nobody, default, admin, view, no_projects, no_permission_sets, project_foo, project_bar, root): """Tests user-accessible projects with view permissions at the root.""" ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # We'll only give `bar_user` access to all projects server-wide _require_permission_set(bar_user, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), []) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) # Now we'll also allow `foo_user` access `project_foo` _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) # Let's change server-wide defaults: all registered users have access to # all projects. `foo_user`, albeit having explicit access for # `project_foo`, will be able to access any project because they fall back # and extend with the defaults. _require_permission_set(default, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(nobody), []) # Let's give anonymous users access to all projects too _require_permission_set(nobody, root, [view]) assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)
def project_set(self): user_projects = Project.accessible_by_user(self.request.user) user_projects = ( Project.objects.for_user(self.request.user) .filter(code__in=user_projects)) return ProjectSet(user_projects)
def wrapped(request, *args, **kwargs): if request.is_ajax(): pootle_path = request.GET.get('path', None) if pootle_path is None: raise Http400(_('Arguments missing.')) language_code, project_code, dir_path, filename = \ split_pootle_path(pootle_path) kwargs['dir_path'] = dir_path kwargs['filename'] = filename # Remove potentially present but unwanted args try: del kwargs['language_code'] del kwargs['project_code'] except KeyError: pass else: language_code = kwargs.pop('language_code', None) project_code = kwargs.pop('project_code', None) if language_code and project_code: try: path_obj = TranslationProject.objects.get_for_user( user=request.user, language_code=language_code, project_code=project_code, ) except TranslationProject.DoesNotExist: path_obj = None if path_obj is None: if not request.is_ajax(): # Explicit selection via the UI: redirect either to # ``/language_code/`` or ``/projects/project_code/`` user_choice = request.COOKIES.get('user-choice', None) if user_choice and user_choice in ('language', 'project',): url = { 'language': reverse('pootle-language-browse', args=[language_code]), 'project': reverse('pootle-project-browse', args=[project_code, '', '']), } response = redirect(url[user_choice]) response.delete_cookie('user-choice') return response raise Http404 elif language_code: user_projects = Project.accessible_by_user(request.user) language = get_object_or_404(Language, code=language_code) children = language.children \ .filter(project__code__in=user_projects) language.set_children(children) path_obj = language elif project_code: try: path_obj = Project.objects.get_for_user(project_code, request.user) except Project.DoesNotExist: raise Http404 else: # No arguments: all user-accessible projects user_projects = Project.accessible_by_user(request.user) user_projects = Project.objects.for_user(request.user) \ .filter(code__in=user_projects) path_obj = ProjectSet(user_projects) request.ctx_obj = path_obj request.ctx_path = path_obj.pootle_path request.resource_obj = path_obj request.pootle_path = path_obj.pootle_path return func(request, path_obj, *args, **kwargs)
def test_root_hide_permissions(po_directory, nobody, default, admin, hide, view, no_permission_sets, no_projects, project_foo, project_bar, root): """Tests user-accessible projects when there are `hide` permissions set at the root. """ ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # By default all projects are not accessible _require_permission_set(default, root, negative_permissions=[hide]) _require_permission_set(nobody, root, negative_permissions=[hide]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) assert items_equal(Project.accessible_by_user(foo_user), []) assert items_equal(Project.accessible_by_user(bar_user), []) # Now let's make `project_foo` accessible to `foo_user`. _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) assert items_equal(Project.accessible_by_user(bar_user), []) # Making projects accessible for anonymous users should open the door for # everyone _require_permission_set(nobody, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS)
def project_set(self): user_projects = Project.accessible_by_user(self.request.user) user_projects = ( Project.objects.for_user(self.request.user) .filter(code__in=user_projects)) return ProjectSet(user_projects)
def test_root_view_permissions(po_directory, nobody, default, admin, view, no_projects, no_permission_sets, project_foo, project_bar, root): """Tests user-accessible projects with view permissions at the root.""" ALL_PROJECTS = [project_foo.code, project_bar.code] foo_user = UserFactory.create(username='******') bar_user = UserFactory.create(username='******') # We'll only give `bar_user` access to all projects server-wide _require_permission_set(bar_user, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), []) assert items_equal(Project.accessible_by_user(default), []) assert items_equal(Project.accessible_by_user(nobody), []) # Now we'll also allow `foo_user` access `project_foo` _require_permission_set(foo_user, project_foo.directory, [view]) assert items_equal( Project.accessible_by_user(foo_user), [project_foo.code]) # Let's change server-wide defaults: all registered users have access to # all projects. `foo_user`, albeit having explicit access for # `project_foo`, will be able to access any project because they fall back # and extend with the defaults. _require_permission_set(default, root, [view]) assert items_equal(Project.accessible_by_user(admin), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(foo_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(bar_user), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(default), ALL_PROJECTS) assert items_equal(Project.accessible_by_user(nobody), []) # Let's give anonymous users access to all projects too _require_permission_set(nobody, root, [view]) assert items_equal(Project.accessible_by_user(nobody), ALL_PROJECTS)