def test_who_can_see_review(self):
from aristotle_mdr.perms import user_can_view_review
review = models.ReviewRequest.objects.create(
requester=self.editor,
registration_authority=self.ra,
state=self.ra.public_state,
registration_date=datetime.date(2010, 1, 1))
review.concepts.add(self.item1)
self.assertTrue(user_can_view_review(self.editor, review))
self.assertTrue(user_can_view_review(self.registrar, review))
self.assertTrue(user_can_view_review(self.su, review))
self.assertFalse(user_can_view_review(self.viewer, review))
review.status = models.REVIEW_STATES.cancelled
review.save()
review = models.ReviewRequest.objects.get(pk=review.pk) #decache
self.assertTrue(user_can_view_review(self.editor, review))
self.assertFalse(user_can_view_review(self.registrar, review))
self.assertTrue(user_can_view_review(self.su, review))
self.assertFalse(user_can_view_review(self.viewer, review))
def dispatch(self, *args, **kwargs):
review = self.get_review()
if not perms.user_can_view_review(self.request.user, review):
raise PermissionDenied
# if review.status != models.REVIEW_STATES.open:
# return HttpResponseRedirect(reverse('aristotle_reviews:userReviewDetails', args=[review.pk]))
return super().dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
review = self.get_review()
if not perms.user_can_view_review(self.request.user, review):
raise PermissionDenied
if review.status != MDR.REVIEW_STATES.submitted:
return HttpResponseRedirect(reverse('aristotle_mdr:userReviewDetails', args=[review.pk]))
return super(ReviewActionMixin, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
review = self.get_review()
if not perms.user_can_view_review(self.request.user, review):
raise PermissionDenied
if review.status != MDR.REVIEW_STATES.submitted:
return HttpResponseRedirect(reverse('aristotle_mdr:userReviewDetails', args=[review.pk]))
return super(ReviewActionMixin, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
review = self.get_review()
if not perms.user_can_view_review(self.request.user, review):
raise PermissionDenied
# if review.status != models.REVIEW_STATES.open:
# return HttpResponseRedirect(reverse('aristotle_reviews:userReviewDetails', args=[review.pk]))
return super().dispatch(*args, **kwargs)
def dispatch(self, request, *args, **kwargs):
review = self.get_review()
if not self.ra_active_check(review):
return HttpResponseNotFound('Registration Authority is not active')
if not perms.user_can_view_review(self.request.user, review):
raise PermissionDenied
if review.status != MDR.REVIEW_STATES.submitted:
return HttpResponseRedirect(reverse('aristotle_mdr:userReviewDetails', args=[review.pk]))
return super().dispatch(request, *args, **kwargs)
def test_who_can_see_review(self):
from aristotle_mdr.perms import user_can_view_review
review = models.ReviewRequest.objects.create(requester=self.editor, registration_authority=self.ra)
review.concepts.add(self.item1)
self.assertTrue(user_can_view_review(self.editor, review))
self.assertTrue(user_can_view_review(self.registrar, review))
self.assertTrue(user_can_view_review(self.su, review))
self.assertFalse(user_can_view_review(self.viewer, review))
review.status = models.REVIEW_STATES.cancelled
review.save()
review = models.ReviewRequest.objects.get(pk=review.pk) # decache
self.assertTrue(user_can_view_review(self.editor, review))
self.assertFalse(user_can_view_review(self.registrar, review))
self.assertTrue(user_can_view_review(self.su, review))
self.assertFalse(user_can_view_review(self.viewer, review))
def can_view(self, user):
return perms.user_can_view_review(user, self)
def can_view(self, user):
return perms.user_can_view_review(user, self)