From c747f09ad076665689ccac7e00ededed4846942a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Norman=20J=C3=A4ckel?= Date: Mon, 12 May 2014 21:59:20 +0200 Subject: [PATCH] Changed permission system for config pages. Config pages are now only available for users with permission 'config.can_manage'. Fixed #1159. --- CHANGELOG | 2 +- openslides/agenda/signals.py | 1 - openslides/assignment/signals.py | 1 - openslides/config/api.py | 11 ++++------- openslides/config/main_menu.py | 16 +--------------- openslides/config/views.py | 8 +------- openslides/core/signals.py | 1 - openslides/motion/signals.py | 1 - openslides/participant/signals.py | 1 - openslides/projector/signals.py | 2 +- tests/config/test_config.py | 13 ++----------- 11 files changed, 10 insertions(+), 47 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 38a8b6c16..5ec25703f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -36,7 +36,7 @@ Other: - Changed widget api. Used new metaclass. - Changed api for main menu entries. Used new metaclass. - Inserted api for the personal info widget. Used new metaclass. -- Renamed config api classes. +- Renamed config api classes. Changed permission system for config pages. - Regrouped config collections and pages. - Renamed some classes of the poll api. - Added api for absolute urls in models. diff --git a/openslides/agenda/signals.py b/openslides/agenda/signals.py index aa818ccf1..cb03c14ad 100644 --- a/openslides/agenda/signals.py +++ b/openslides/agenda/signals.py @@ -86,7 +86,6 @@ def setup_agenda_config(sender, **kwargs): return ConfigCollection(title=ugettext_noop('Agenda'), url='agenda', - required_permission='config.can_manage', weight=20, variables=(agenda_start_event_date_time, agenda_show_last_speakers, diff --git a/openslides/assignment/signals.py b/openslides/assignment/signals.py index 88b4c745f..03df83d45 100644 --- a/openslides/assignment/signals.py +++ b/openslides/assignment/signals.py @@ -92,6 +92,5 @@ def setup_assignment_config(sender, **kwargs): return ConfigGroupedCollection( title=ugettext_noop('Elections'), url='assignment', - required_permission='config.can_manage', weight=40, groups=(group_ballot, group_pdf)) diff --git a/openslides/config/api.py b/openslides/config/api.py index 58a4b4c7f..9e8e3a1f1 100644 --- a/openslides/config/api.py +++ b/openslides/config/api.py @@ -94,16 +94,13 @@ class ConfigBaseCollection(object): """ An abstract base class for simple and grouped config collections. The attributes title and url are required for collections that should be - shown as a view. The attribute required_permission is used to set which - users can control the view showing the colletion. The attribute weight - is used for the order of the links in the submenu of the views. The - attribute extra_context can be used to insert extra css and js files - into the template. + shown as a view. The attribute weight is used for the order of the + links in the submenu of the views. The attribute extra_context can be + used to insert extra css and js files into the template. """ - def __init__(self, title=None, url=None, required_permission=None, weight=0, extra_context={}): + def __init__(self, title=None, url=None, weight=0, extra_context={}): self.title = title self.url = url - self.required_permission = required_permission self.weight = weight self.extra_context = extra_context diff --git a/openslides/config/main_menu.py b/openslides/config/main_menu.py index b9249652d..220a26459 100644 --- a/openslides/config/main_menu.py +++ b/openslides/config/main_menu.py @@ -4,27 +4,13 @@ from django.utils.translation import ugettext_lazy from openslides.utils.main_menu import MainMenuEntry -from .signals import config_signal - class ConfigMainMenuEntry(MainMenuEntry): """ Main menu entry for the config app. """ verbose_name = ugettext_lazy('Configuration') + permission_required = 'config.can_manage' default_weight = 70 pattern_name = 'config_first_config_collection_view' icon_css_class = 'icon-cog' - - def check_permission(self): - """ - Checks against all permissions of all config collections. - """ - for receiver, config_collection in config_signal.send(sender=self): - if config_collection.is_shown(): - if self.request.user.has_perm(config_collection.required_permission): - return_value = True - break - else: - return_value = False - return return_value diff --git a/openslides/config/views.py b/openslides/config/views.py index 9680eb375..bfe0f9c05 100644 --- a/openslides/config/views.py +++ b/openslides/config/views.py @@ -15,17 +15,11 @@ class ConfigView(FormView): """ The view for a config collection. """ + permission_required = 'config.can_manage' template_name = 'config/config_form.html' config_collection = None form_class = forms.Form - def has_permission(self, *args, **kwargs): - """ - Ensures that only users with permission can see this view. - """ - self.permission_required = self.config_collection.required_permission - return super(ConfigView, self).has_permission(*args, **kwargs) - def get_form(self, *args): """ Gets the form for the view. Includes all form fields given by the diff --git a/openslides/core/signals.py b/openslides/core/signals.py index 300687f65..bd0a1addd 100644 --- a/openslides/core/signals.py +++ b/openslides/core/signals.py @@ -148,6 +148,5 @@ def setup_general_config(sender, **kwargs): return ConfigGroupedCollection( title=ugettext_noop('General'), url='general', - required_permission='config.can_manage', weight=10, groups=(group_event, group_projector, group_welcome_widget, group_system)) diff --git a/openslides/motion/signals.py b/openslides/motion/signals.py index 99175398d..616de8e58 100644 --- a/openslides/motion/signals.py +++ b/openslides/motion/signals.py @@ -147,7 +147,6 @@ def setup_motion_config(sender, **kwargs): return ConfigGroupedCollection( title=ugettext_noop('Motion'), url='motion', - required_permission='config.can_manage', weight=30, groups=(group_general, group_supporters, group_ballot_papers, group_pdf)) diff --git a/openslides/participant/signals.py b/openslides/participant/signals.py index 01cb599a3..b21cfb7f9 100644 --- a/openslides/participant/signals.py +++ b/openslides/participant/signals.py @@ -105,7 +105,6 @@ def setup_participant_config(sender, **kwargs): return ConfigGroupedCollection( title=ugettext_noop('Participant'), url='participant', - required_permission='config.can_manage', weight=50, groups=(group_general, group_pdf)) diff --git a/openslides/projector/signals.py b/openslides/projector/signals.py index d142aa988..9a8bd325e 100644 --- a/openslides/projector/signals.py +++ b/openslides/projector/signals.py @@ -68,7 +68,7 @@ def setup_projector_config(sender, **kwargs): default_value=False) return ConfigCollection( - required_permission=None, variables=( + variables=( projector, projector_message, countdown_time, countdown_start_stamp, countdown_pause_stamp, countdown_state, projector_scale, projector_scroll, diff --git a/tests/config/test_config.py b/tests/config/test_config.py index 899550f6f..f4eaf0a0b 100644 --- a/tests/config/test_config.py +++ b/tests/config/test_config.py @@ -146,17 +146,13 @@ class ConfigFormTest(TestCase): self.assertRedirects(response=response, expected_url='/login/?next=/config/testgroupedpage1/', status_code=302, target_status_code=200) - def test_get_config_form_testsimplepage1_other_clients(self): - response = self.client_normal_user.get('/config/testsimplepage1/') + def test_get_config_form_testsimplepage1_manager_client(self): + response = self.client_manager.get('/config/testsimplepage1/') self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200) self.assertTemplateUsed(response=response, template_name='base.html') self.assertTemplateUsed(response=response, template_name='config/config_form.html') self.assertTemplateUsed(response=response, template_name='form.html') self.assertTemplateUsed(response=response, template_name='formbuttons_save.html') - bad_client = Client() - response = bad_client.get('/config/testsimplepage1/') - self.assertEqual(response.status_code, 200) - self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200) def test_get_config_form_testgroupedpage1_initial(self): config['string_var'] = 'something unique AChie6eeiDie3Ieciy1bah4I' @@ -319,7 +315,6 @@ def set_grouped_config_view(sender, **kwargs): return ConfigGroupedCollection( title='Config vars for testing 1', url='testgroupedpage1', - required_permission='config.can_manage', weight=10000, groups=(group_1, group_2), extra_context={'extra_stylefiles': ['styles/test-config-sjNN56dFGDrg2.css'], @@ -335,7 +330,6 @@ def set_simple_config_view(sender, **kwargs): return ConfigCollection( title='Config vars for testing 2', url='testsimplepage1', - required_permission='No permission required', variables=(ConfigVariable(name='additional_config_var', default_value='BaeB0ahcMae3feem'), ConfigVariable(name='additional_config_var_2', default_value='', form_field=forms.CharField()), ConfigVariable(name='none_config_var', default_value=None))) @@ -349,7 +343,6 @@ def set_simple_config_view_multiple_vars(sender, **kwargs): return ConfigCollection( title='Config vars for testing 3', url='testsimplepage2', - required_permission='No permission required', variables=(ConfigVariable(name='multiple_config_var', default_value='foobar1'), ConfigVariable(name='multiple_config_var', default_value='foobar2'))) @@ -359,7 +352,6 @@ def set_simple_config_collection_disabled_view(sender, **kwargs): return ConfigCollection( title='Ho5iengaoon5Hoht', url='testsimplepage3', - required_permission='No permission required', variables=(ConfigVariable(name='hidden_config_var_2', default_value=''),)) @@ -370,7 +362,6 @@ def set_simple_config_collection_with_callback(sender, **kwargs): return ConfigCollection( title='Hvndfhsbgkridfgdfg', url='testsimplepage4', - required_permission='No permission required', variables=(ConfigVariable( name='var_with_callback_ghvnfjd5768gdfkwg0hm2', default_value='',