mirror of
https://github.com/logos-co/open-law.git
synced 2025-01-23 21:29:45 +00:00
Merge branch 'develop' into kostia/fix/Dnd_ui
This commit is contained in:
commit
4ee87d3021
@ -43,7 +43,11 @@ def check_permissions(
|
||||
if type(entity) == m.Comment:
|
||||
log(log.INFO, "Entity is Comment. Replace it by entity.interpretation")
|
||||
entity = entity.interpretation
|
||||
elif type(entity) == m.Interpretation and entity.user_id == current_user.id:
|
||||
elif (
|
||||
type(entity) == m.Interpretation
|
||||
and entity.user_id == current_user.id
|
||||
and m.Permission.Access.A not in access
|
||||
):
|
||||
log(log.INFO, "User [%s] is interpretation creator [%s]", current_user, entity)
|
||||
return None
|
||||
|
||||
|
@ -10,7 +10,7 @@ from tests.utils import (
|
||||
|
||||
|
||||
def test_approve_interpretation(client: FlaskClient):
|
||||
_, user = login(client)
|
||||
login(client)
|
||||
|
||||
book = create_book(client)
|
||||
|
||||
|
@ -11,10 +11,11 @@ from tests.utils import (
|
||||
create_section,
|
||||
create_interpretation,
|
||||
create_comment,
|
||||
create_sub_collection,
|
||||
)
|
||||
|
||||
|
||||
def test_editor_access_to_entire_book(client):
|
||||
def test_editor_permissions_entire_and_local(client):
|
||||
login(client)
|
||||
book = create_book(client)
|
||||
|
||||
@ -159,15 +160,135 @@ def test_editor_access_to_entire_book(client):
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# set local permissions
|
||||
logout(client)
|
||||
login(client)
|
||||
|
||||
def test_moderator_access_to_entire_book(client):
|
||||
collection_1, response = create_collection(client, book.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
collection_2, response = create_collection(client, book.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
json_string = json.dumps({"collection": [collection_1.id]})
|
||||
response: Response = client.post(
|
||||
"/permission/set",
|
||||
data=dict(
|
||||
book_id=book.id,
|
||||
user_id=editor.id,
|
||||
permissions=json_string,
|
||||
),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"Success!" in response.data
|
||||
logout(client)
|
||||
|
||||
login(client, "editor", "editor")
|
||||
|
||||
# access to settings page
|
||||
response: Response = client.get(f"/book/{book.id}/settings", follow_redirects=True)
|
||||
assert b"You do not have permission" in response.data
|
||||
|
||||
# access to edit book
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/edit",
|
||||
data=dict(book_id=book.id, label="BookEdited"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" in response.data
|
||||
|
||||
# dont have access to delete
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/delete",
|
||||
data=dict(book_id=book.id),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" in response.data
|
||||
|
||||
# access to create collection
|
||||
_, response = create_collection(client, book.id)
|
||||
assert b"You do not have permission" in response.data
|
||||
|
||||
# access to edit collection
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{collection.id}/edit",
|
||||
data=dict(label="NewLabel"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" in response.data
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{collection_2.id}/edit",
|
||||
data=dict(label="NewLabel"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" in response.data
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{collection_1.id}/edit",
|
||||
data=dict(label="NewLabel-LocalPermission"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success" in response.data
|
||||
|
||||
# access to create sub collection
|
||||
_, response = create_sub_collection(client, book.id, collection_2.id)
|
||||
assert b"You do not have permission" in response.data
|
||||
sub_collection, response = create_sub_collection(client, book.id, collection_1.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success" in response.data
|
||||
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{sub_collection.id}/edit",
|
||||
data=dict(label="NewSubLabel-LocalPermission"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success" in response.data
|
||||
|
||||
logout(client)
|
||||
login(client)
|
||||
json_string = json.dumps(
|
||||
{"collection": [collection_1.id, collection_2.id, sub_collection.id]}
|
||||
)
|
||||
response: Response = client.post(
|
||||
"/permission/set",
|
||||
data=dict(
|
||||
book_id=book.id,
|
||||
user_id=editor.id,
|
||||
permissions=json_string,
|
||||
),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"Success!" in response.data
|
||||
logout(client)
|
||||
login(client, "editor", "editor")
|
||||
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{sub_collection.id}/delete",
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert b"Success!" in response.data
|
||||
assert sub_collection.is_deleted
|
||||
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{collection_2.id}/edit",
|
||||
data=dict(label="NewSLabel"),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success" in response.data
|
||||
|
||||
|
||||
def test_moderator_permissions_entire_and_local(client):
|
||||
login(client)
|
||||
book = create_book(client)
|
||||
|
||||
editor = m.User(username="moderator", password="moderator").save()
|
||||
moderator = m.User(username="moderator", password="moderator").save()
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/add_contributor",
|
||||
data=dict(user_id=editor.id, role=m.BookContributor.Roles.MODERATOR),
|
||||
data=dict(user_id=moderator.id, role=m.BookContributor.Roles.MODERATOR),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response.status_code == 200
|
||||
@ -260,6 +381,156 @@ def test_moderator_access_to_entire_book(client):
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# set local permissions
|
||||
logout(client)
|
||||
login(client)
|
||||
|
||||
collection_1, response = create_collection(client, book.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
section_1, response = create_section(client, book.id, collection_1.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
collection_2, response = create_collection(client, book.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
section_2, response = create_section(client, book.id, collection_2.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
json_string = json.dumps(
|
||||
{"collection": [collection_1.id], "section": [section_1.id]}
|
||||
)
|
||||
response: Response = client.post(
|
||||
"/permission/set",
|
||||
data=dict(
|
||||
book_id=book.id,
|
||||
user_id=moderator.id,
|
||||
permissions=json_string,
|
||||
),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"Success!" in response.data
|
||||
logout(client)
|
||||
login(client, "moderator", "moderator")
|
||||
|
||||
#
|
||||
#
|
||||
#
|
||||
#
|
||||
|
||||
# access to create interpretation
|
||||
interpretation_1, response = create_interpretation(client, book.id, section_1.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# access to approve interpretation
|
||||
response: Response = client.post(
|
||||
f"/approve/interpretation/{interpretation_1.id}",
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
assert response
|
||||
assert response.json["message"] == "success"
|
||||
assert response.json["approve"]
|
||||
assert interpretation_1.approved
|
||||
|
||||
# access to delete interpretation
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{interpretation_1.id}/delete_interpretation",
|
||||
data=dict(interpretation_id=interpretation_1.id),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# restore interpretation
|
||||
interpretation_1.is_deleted = False
|
||||
interpretation_1.save()
|
||||
|
||||
# access to create comment
|
||||
comment, response = create_comment(client, book.id, interpretation_1.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# access to approve comment
|
||||
response: Response = client.post(
|
||||
f"/approve/comment/{comment.id}",
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
assert response
|
||||
assert response.json["message"] == "success"
|
||||
assert response.json["approve"]
|
||||
assert interpretation_1.approved
|
||||
|
||||
# access to delete comment
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{interpretation_1.id}/comment_delete",
|
||||
data=dict(
|
||||
text=comment.text,
|
||||
interpretation_1=interpretation_1.id,
|
||||
comment_id=comment.id,
|
||||
),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# access to create interpretation
|
||||
interpretation_2, response = create_interpretation(client, book.id, section_2.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# access to approve interpretation
|
||||
response: Response = client.post(
|
||||
f"/approve/interpretation/{interpretation_2.id}",
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response
|
||||
assert b"You do not have permission" in response.data
|
||||
assert not interpretation_2.approved
|
||||
|
||||
# access to delete interpretation
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{interpretation_2.id}/delete_interpretation",
|
||||
data=dict(interpretation_id=interpretation_2.id),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# restore interpretation
|
||||
interpretation_2.is_deleted = False
|
||||
interpretation_2.save()
|
||||
|
||||
# access to create comment
|
||||
comment, response = create_comment(client, book.id, interpretation_2.id)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
# access to approve comment
|
||||
response: Response = client.post(
|
||||
f"/approve/comment/{comment.id}",
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert response
|
||||
assert b"You do not have permission" in response.data
|
||||
assert not comment.approved
|
||||
|
||||
# access to delete comment
|
||||
response: Response = client.post(
|
||||
f"/book/{book.id}/{interpretation_2.id}/comment_delete",
|
||||
data=dict(
|
||||
text=comment.text,
|
||||
interpretation_2=interpretation_2.id,
|
||||
comment_id=comment.id,
|
||||
),
|
||||
follow_redirects=True,
|
||||
)
|
||||
assert b"You do not have permission" not in response.data
|
||||
assert b"Success!" in response.data
|
||||
|
||||
|
||||
def test_editor_access_tree_entire_book(client):
|
||||
login(client)
|
||||
@ -295,7 +566,6 @@ def test_set_access_level(client):
|
||||
login(client)
|
||||
book = create_book(client)
|
||||
collection_1, _ = create_collection(client, book.id)
|
||||
collection_2, _ = create_collection(client, book.id)
|
||||
|
||||
editor = m.User(username="editor", password="editor").save()
|
||||
response: Response = client.post(
|
||||
|
Loading…
x
Reference in New Issue
Block a user