def login_as_baker(self):
# Create group with access to admin and Chooser permission on one Collection, but not another.
bakers_group = Group.objects.create(name="Bakers")
access_admin_perm = Permission.objects.get(
content_type__app_label="wagtailadmin", codename="access_admin")
bakers_group.permissions.add(access_admin_perm)
# Create the "Bakery" Collection and grant "choose" permission to the Bakers group.
root = Collection.objects.get(id=get_root_collection_id())
bakery_collection = root.add_child(instance=Collection(name="Bakery"))
GroupCollectionPermission.objects.create(
group=bakers_group,
collection=bakery_collection,
permission=Permission.objects.get(
content_type__app_label="wagtaildocs",
codename="choose_document"),
)
# Create the "Office" Collection and _don't_ grant any permissions to the Bakers group.
root.add_child(instance=Collection(name="Office"))
# Create a Baker user.
user = self.create_user(username="******", password="******")
user.groups.add(bakers_group)
# Log in as the baker.
self.login(user)
def setUp(self):
# Create some user accounts for testing permissions
self.user = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.owner = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.editor = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.editor.groups.add(Group.objects.get(name="Editors"))
self.administrator = self.create_superuser(
username="******",
email="*****@*****.**",
password="******",
)
# Owner user must have the add_document permission
self.adders_group = Group.objects.create(name="Document adders")
GroupCollectionPermission.objects.create(
group=self.adders_group,
collection=Collection.get_first_root_node(),
permission=Permission.objects.get(codename="add_document"),
)
self.owner.groups.add(self.adders_group)
# Create a document for running tests on
self.document = models.Document.objects.create(
title="Test document", uploaded_by_user=self.owner)
def setUp(self):
"""
Common setup for testing collection views with per-instance permissions
"""
collection_content_type = ContentType.objects.get_for_model(Collection)
self.add_permission = Permission.objects.get(
content_type=collection_content_type, codename="add_collection"
)
self.change_permission = Permission.objects.get(
content_type=collection_content_type, codename="change_collection"
)
self.delete_permission = Permission.objects.get(
content_type=collection_content_type, codename="delete_collection"
)
admin_permission = Permission.objects.get(codename="access_admin")
self.root_collection = Collection.get_first_root_node()
self.finance_collection = self.root_collection.add_child(name="Finance")
self.marketing_collection = self.root_collection.add_child(name="Marketing")
self.marketing_sub_collection = self.marketing_collection.add_child(
name="Digital Marketing"
)
self.marketing_sub_collection_2 = self.marketing_collection.add_child(
name="Direct Mail Marketing"
)
self.marketing_group = Group.objects.create(name="Marketing Group")
self.marketing_group.permissions.add(admin_permission)
self.marketing_user = self.create_user("marketing", password="******")
self.marketing_user.groups.add(self.marketing_group)
def test_get_collection_with_descendent(self):
self.collection.add_child(instance=Collection(name="Test collection"))
response = self.get()
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(
response, "wagtailadmin/collections/delete_not_empty.html")
def setUp(self):
# Create some user accounts for testing permissions
self.user = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.owner = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.editor = self.create_user(username="******",
email="*****@*****.**",
password="******")
self.editor.groups.add(Group.objects.get(name="Editors"))
self.administrator = self.create_superuser(
username="******",
email="*****@*****.**",
password="******",
)
# Owner user must have the add_image permission
image_adders_group = Group.objects.create(name="Image adders")
GroupCollectionPermission.objects.create(
group=image_adders_group,
collection=Collection.get_first_root_node(),
permission=Permission.objects.get(codename="add_image"),
)
self.owner.groups.add(image_adders_group)
# Create an image for running tests on
self.image = Image.objects.create(
title="Test image",
uploaded_by_user=self.owner,
file=get_test_image_file(),
)
def test_fixes_depth(self):
# Get homepage and save old value
homepage = Page.objects.get(url_path="/home/")
old_depth = homepage.depth
# Break it
homepage.depth = 12345
homepage.save()
# also break the root collection's depth
root_collection = Collection.get_first_root_node()
root_collection.depth = 42
root_collection.save()
# Check that its broken
self.assertEqual(Page.objects.get(url_path="/home/").depth, 12345)
self.assertEqual(
Collection.objects.get(id=root_collection.id).depth, 42)
# Call command
self.run_command()
# Check if its fixed
self.assertEqual(Page.objects.get(url_path="/home/").depth, old_depth)
self.assertEqual(
Collection.objects.get(id=root_collection.id).depth, 1)
def test_objects_api_with_tree_model(self):
root_collection = Collection.objects.get()
collection = root_collection.add_child(instance=Collection(
name="Test collection"))
collection_uid = uuid.uuid4()
collection_content_type = ContentType.objects.get_for_model(Collection)
IDMapping.objects.create(
content_type=collection_content_type,
local_id=collection.id,
uid=collection_uid,
)
response = self.get({'wagtailcore.collection': [collection.id]})
self.assertEqual(response.status_code, 200)
data = json.loads(response.content)
self.assertEqual(data['ids_for_import'], [])
self.assertEqual(data['objects'][0]['model'], 'wagtailcore.collection')
self.assertEqual(data['objects'][0]['fields']['name'],
"Test collection")
# mappings should contain entries for the requested collection and its parent
self.assertIn(
['wagtailcore.collection', collection.id,
str(collection_uid)], data['mappings'])
root_collection_uid = IDMapping.objects.get(
content_type=collection_content_type,
local_id=root_collection.id).uid
self.assertIn([
'wagtailcore.collection', root_collection.id,
str(root_collection_uid)
], data['mappings'])
def setUp(self):
self.user = self.login()
self.root_collection = Collection.get_first_root_node()
self.collection = self.root_collection.add_child(name="Holiday snaps")
self.l1 = self.root_collection.add_child(name="Level 1")
self.l2 = self.l1.add_child(name="Level 2")
self.l3 = self.l2.add_child(name="Level 3")
def test_cannot_delete_collection_with_descendants(self):
self.marketing_sub_collection.add_child(instance=Collection(
name="Another collection"))
response = self.get(self.marketing_sub_collection.id)
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(
response, "wagtailadmin/collections/delete_not_empty.html")
def test_post_collection_with_descendant(self):
self.collection.add_child(instance=Collection(name="Test collection"))
response = self.post()
self.assertEqual(response.status_code, 403)
# Check that the collection was not deleted
self.assertTrue(Collection.objects.get(id=self.collection.id))
def test_cannot_delete_collection_with_descendants_post(self):
self.marketing_sub_collection.add_child(
instance=Collection(name="Another collection")
)
response = self.post(self.marketing_sub_collection.id)
self.assertEqual(response.status_code, 403)
# Check that the collection was not deleted
self.assertTrue(Collection.objects.get(id=self.marketing_sub_collection.id))
def setUp(self):
self.root_collection = Collection.get_first_root_node()
self.holiday_photos_collection = self.root_collection.add_child(
name="Holiday photos")
self.evil_plans_collection = self.root_collection.add_child(
name="Evil plans")
# self.holiday_photos_collection's path has been updated out from under it by the addition of a sibling with
# an alphabetically earlier name (due to Collection.node_order_by = ['name']), so we need to refresh it from
# the DB to get the new path.
self.holiday_photos_collection.refresh_from_db()
def test_ordering(self):
root_collection = Collection.get_first_root_node()
root_collection.add_child(name="Milk")
root_collection.add_child(name="Bread")
root_collection.add_child(name="Avocado")
response = self.get()
# Note that the Collections have been automatically sorted by name.
self.assertEqual(
[collection.name for collection in response.context["object_list"]],
["Avocado", "Bread", "Milk"],
)
def test_simple(self):
response = self.get()
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "wagtailadmin/collections/index.html")
# Initially there should be no collections listed
# (Root should not be shown)
self.assertContains(response, "No collections have been created.")
root_collection = Collection.get_first_root_node()
self.collection = root_collection.add_child(name="Holiday snaps")
# Now the listing should contain our collection
response = self.get()
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "wagtailadmin/collections/index.html")
self.assertNotContains(response, "No collections have been created.")
self.assertContains(response, "Holiday snaps")
def test_results_no_collection_docs_upload_forbidden(self):
# given an editor with access to admin panel
self.login_as_editor()
# and a document in a collection
root_id = get_root_collection_id()
root = Collection.objects.get(id=root_id)
empty_collection = Collection(name="Nothing to see here")
root.add_child(instance=empty_collection)
Document.objects.create(collection=root)
# when searching for documents in another collection at chooser panel
response = self.get({"q": "", "collection_id": empty_collection.id})
# then results template is used
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "wagtaildocs/chooser/results.html")
# and hint "You haven't uploaded any documents in this collection." is displayed
self.assertContains(response, self._NO_COLLECTION_DOCS_TEXT)
self.assertNotContains(response, self._UPLOAD_ONE_TEXT)
def test_nested_ordering(self):
root_collection = Collection.get_first_root_node()
vegetables = root_collection.add_child(name="Vegetable")
vegetables.add_child(name="Spinach")
vegetables.add_child(name="Cucumber")
animals = root_collection.add_child(name="Animal")
animals.add_child(name="Dog")
animals.add_child(name="Cat")
response = self.get()
# Note that while we added the collections at level 1 in reverse-alpha order, they come back out in alpha order.
# And we added the Collections at level 2 in reverse-alpha order as well, but they were also alphabetized
# within their respective trees. This is the result of setting Collection.node_order_by = ['name'].
self.assertEqual(
[collection.name for collection in response.context["object_list"]],
["Animal", "Cat", "Dog", "Vegetable", "Cucumber", "Spinach"],
)
def setUp(self):
self.user = self.login()
self.root_collection = Collection.get_first_root_node()
self.dest_collection = self.root_collection.add_child(
name="Destination")
self.images = [
Image.objects.create(title=f"Test image - {i}", file=test_file)
for i in range(1, 6)
]
self.url = (reverse(
"wagtail_bulk_action",
args=(
"wagtailimages",
"image",
"add_to_collection",
),
) + "?")
for image in self.images:
self.url += f"id={image.id}&"
self.post_data = {"collection": str(self.dest_collection.id)}
def setUp(self):
self.user = self.login()
self.root_collection = Collection.get_first_root_node()
self.dest_collection = self.root_collection.add_child(
name="Destination")
self.documents = [
Document.objects.create(title=f"Test document - {i}")
for i in range(1, 6)
]
self.url = (reverse(
"wagtail_bulk_action",
args=(
"wagtaildocs",
"document",
"add_to_collection",
),
) + "?")
for document in self.documents:
self.url += f"id={document.id}&"
self.post_data = {"collection": str(self.dest_collection.id)}
def test_results_no_collection_docs_upload_allowed(self):
# given a superuser
self.login_as_superuser()
# and a document in a collection
root_id = get_root_collection_id()
root = Collection.objects.get(id=root_id)
empty_collection = Collection(name="Nothing to see here")
root.add_child(instance=empty_collection)
doc_title = "document.pdf"
Document.objects.create(title=doc_title, collection=root)
# when searching for documents in another collection at chooser panel
response = self.get({"q": "", "collection_id": empty_collection.id})
# then results template is used
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, "wagtaildocs/chooser/results.html")
# and the following hint is displayed:
# "You haven't uploaded any documents in this collection. Why not upload one now?"
self.assertContains(response, self._NO_COLLECTION_DOCS_TEXT)
self.assertContains(response, self._UPLOAD_ONE_TEXT)
def setUp(self):
self.login()
self.root_collection = Collection.get_first_root_node()
def apply_collection_ordering(apps, schema_editor):
Collection.fix_tree(fix_paths=True)
def setUp(self):
self.login()
self.root_collection = Collection.get_first_root_node()
self.collection = self.root_collection.add_child(name="Holiday snaps")
def setUp(self):
self.policy = CollectionMangementPermissionPolicy(Collection)
# Permissions
collection_content_type = ContentType.objects.get_for_model(Collection)
add_collection_permission = Permission.objects.get(
content_type=collection_content_type, codename="add_collection"
)
change_collection_permission = Permission.objects.get(
content_type=collection_content_type, codename="change_collection"
)
delete_collection_permission = Permission.objects.get(
content_type=collection_content_type, codename="delete_collection"
)
# Collections
self.root_collection = Collection.get_first_root_node()
self.reports_collection = self.root_collection.add_child(name="Reports")
self.reports_2020_collection = self.reports_collection.add_child(
name="Reports 2020"
)
# Users with their groups/permissions
self.superuser = self.create_superuser(
"superuser", "*****@*****.**", "password"
)
self.inactive_superuser = self.create_superuser(
"inactivesuperuser", "*****@*****.**", "password"
)
self.inactive_superuser.is_active = False
self.inactive_superuser.save()
# a user with change collection permission on reports via the report_changers group
report_changers_group = Group.objects.create(name="Report changers")
GroupCollectionPermission.objects.create(
group=report_changers_group,
collection=self.reports_collection,
permission=change_collection_permission,
)
self.report_changer = self.create_user(
"reportchanger", "*****@*****.**", "password"
)
self.report_changer.groups.add(report_changers_group)
# a user with add collection permission on reports via the report_adders group
report_adders_group = Group.objects.create(name="Report adders")
GroupCollectionPermission.objects.create(
group=report_adders_group,
collection=self.reports_collection,
permission=add_collection_permission,
)
self.report_adder = self.create_user(
"reportadder", "*****@*****.**", "password"
)
self.report_adder.groups.add(report_adders_group)
# a user with delete collection permission on reports via the report_deleters group
report_deleters_group = Group.objects.create(name="Report deleters")
GroupCollectionPermission.objects.create(
group=report_deleters_group,
collection=self.reports_collection,
permission=delete_collection_permission,
)
self.report_deleter = self.create_user(
"reportdeleter", "*****@*****.**", "password"
)
self.report_deleter.groups.add(report_deleters_group)
# a user with no permissions
self.useless_user = self.create_user(
"uselessuser", "*****@*****.**", "password"
)
self.anonymous_user = AnonymousUser()
def setUp(self):
# Permissions
document_content_type = ContentType.objects.get_for_model(Document)
add_doc_permission = Permission.objects.get(
content_type=document_content_type, codename="add_document"
)
change_doc_permission = Permission.objects.get(
content_type=document_content_type, codename="change_document"
)
# Collections
self.root_collection = Collection.get_first_root_node()
self.reports_collection = self.root_collection.add_child(name="Reports")
# Groups
doc_changers_group = Group.objects.create(name="Document changers")
GroupCollectionPermission.objects.create(
group=doc_changers_group,
collection=self.root_collection,
permission=change_doc_permission,
)
report_changers_group = Group.objects.create(name="Report changers")
GroupCollectionPermission.objects.create(
group=report_changers_group,
collection=self.reports_collection,
permission=change_doc_permission,
)
report_adders_group = Group.objects.create(name="Report adders")
GroupCollectionPermission.objects.create(
group=report_adders_group,
collection=self.reports_collection,
permission=add_doc_permission,
)
# Users
self.superuser = self.create_superuser(
"superuser", "*****@*****.**", "password"
)
self.inactive_superuser = self.create_superuser(
"inactivesuperuser", "*****@*****.**", "password"
)
self.inactive_superuser.is_active = False
self.inactive_superuser.save()
# a user with change_document permission through the 'Document changers' group
self.doc_changer = self.create_user(
"docchanger", "*****@*****.**", "password"
)
self.doc_changer.groups.add(doc_changers_group)
# a user that has change_document permission, but is inactive
self.inactive_doc_changer = self.create_user(
"inactivedocchanger", "*****@*****.**", "password"
)
self.inactive_doc_changer.groups.add(doc_changers_group)
self.inactive_doc_changer.is_active = False
self.inactive_doc_changer.save()
# a user with change_document permission on reports via the report_changers group
self.report_changer = self.create_user(
"reportchanger", "*****@*****.**", "password"
)
self.report_changer.groups.add(report_changers_group)
# a user with add_document permission on reports via the report_adders group
self.report_adder = self.create_user(
"reportadder", "*****@*****.**", "password"
)
self.report_adder.groups.add(report_adders_group)
# a user with no permissions
self.useless_user = self.create_user(
"uselessuser", "*****@*****.**", "password"
)
self.anonymous_user = AnonymousUser()
# Documents
# a document in the root owned by 'reportchanger'
self.changer_doc = Document.objects.create(
title="reportchanger's document",
collection=self.root_collection,
uploaded_by_user=self.report_changer,
)
# a document in reports owned by 'reportchanger'
self.changer_report = Document.objects.create(
title="reportchanger's report",
collection=self.reports_collection,
uploaded_by_user=self.report_changer,
)
# a document in reports owned by 'reportadder'
self.adder_report = Document.objects.create(
title="reportadder's report",
collection=self.reports_collection,
uploaded_by_user=self.report_adder,
)
# a document in reports owned by 'uselessuser'
self.useless_report = Document.objects.create(
title="uselessuser's report",
collection=self.reports_collection,
uploaded_by_user=self.useless_user,
)
# a document with no owner
self.anonymous_report = Document.objects.create(
title="anonymous report", collection=self.reports_collection
)