Changed permission system for config pages.

Config pages are now only available for users with permission 'config.can_manage'. Fixed #1159.
2014-05-12 21:59:20 +02:00 · 2014-05-12 21:59:20 +02:00 · c747f09ad0
commit c747f09ad0
parent 8b2723e846
11 changed files with 10 additions and 47 deletions
--- a/2
+++ b/2
@ -36,7 +36,7 @@ Other:
 - Changed widget api. Used new metaclass.
 - Changed api for main menu entries. Used new metaclass.
 - Inserted api for the personal info widget. Used new metaclass.
- Renamed config api classes.
+- Renamed config api classes. Changed permission system for config pages.
 - Regrouped config collections and pages.
 - Renamed some classes of the poll api.
 - Added api for absolute urls in models.
--- a/openslides/agenda/signals.py
+++ b/openslides/agenda/signals.py
@ -86,7 +86,6 @@ def setup_agenda_config(sender, **kwargs):

    return ConfigCollection(title=ugettext_noop('Agenda'),
                            url='agenda',
-                            required_permission='config.can_manage',
                            weight=20,
                            variables=(agenda_start_event_date_time,
                                       agenda_show_last_speakers,
--- a/openslides/assignment/signals.py
+++ b/openslides/assignment/signals.py
@ -92,6 +92,5 @@ def setup_assignment_config(sender, **kwargs):
    return ConfigGroupedCollection(
        title=ugettext_noop('Elections'),
        url='assignment',
-        required_permission='config.can_manage',
        weight=40,
        groups=(group_ballot, group_pdf))
--- a/openslides/config/api.py
+++ b/openslides/config/api.py
@ -94,16 +94,13 @@ class ConfigBaseCollection(object):
    """
    An abstract base class for simple and grouped config collections. The
    attributes title and url are required for collections that should be
-    shown as a view. The attribute required_permission is used to set which
-    users can control the view showing the colletion. The attribute weight
-    is used for the order of the links in the submenu of the views. The
-    attribute extra_context can be used to insert extra css and js files
-    into the template.
+    shown as a view. The attribute weight is used for the order of the
+    links in the submenu of the views. The attribute extra_context can be
+    used to insert extra css and js files into the template.
    """
-    def __init__(self, title=None, url=None, required_permission=None, weight=0, extra_context={}):
+    def __init__(self, title=None, url=None, weight=0, extra_context={}):
        self.title = title
        self.url = url
-        self.required_permission = required_permission
        self.weight = weight
        self.extra_context = extra_context

--- a/openslides/config/main_menu.py
+++ b/openslides/config/main_menu.py
@ -4,27 +4,13 @@ from django.utils.translation import ugettext_lazy

 from openslides.utils.main_menu import MainMenuEntry

-from .signals import config_signal
-

 class ConfigMainMenuEntry(MainMenuEntry):
    """
    Main menu entry for the config app.
    """
    verbose_name = ugettext_lazy('Configuration')
+    permission_required = 'config.can_manage'
    default_weight = 70
    pattern_name = 'config_first_config_collection_view'
    icon_css_class = 'icon-cog'
-
-    def check_permission(self):
-        """
-        Checks against all permissions of all config collections.
-        """
-        for receiver, config_collection in config_signal.send(sender=self):
-            if config_collection.is_shown():
-                if self.request.user.has_perm(config_collection.required_permission):
-                    return_value = True
-                    break
-        else:
-            return_value = False
-        return return_value
--- a/openslides/config/views.py
+++ b/openslides/config/views.py
@ -15,17 +15,11 @@ class ConfigView(FormView):
    """
    The view for a config collection.
    """
+    permission_required = 'config.can_manage'
    template_name = 'config/config_form.html'
    config_collection = None
    form_class = forms.Form

-    def has_permission(self, *args, **kwargs):
-        """
-        Ensures that only users with permission can see this view.
-        """
-        self.permission_required = self.config_collection.required_permission
-        return super(ConfigView, self).has_permission(*args, **kwargs)
-
    def get_form(self, *args):
        """
        Gets the form for the view. Includes all form fields given by the
--- a/openslides/core/signals.py
+++ b/openslides/core/signals.py
@ -148,6 +148,5 @@ def setup_general_config(sender, **kwargs):
    return ConfigGroupedCollection(
        title=ugettext_noop('General'),
        url='general',
-        required_permission='config.can_manage',
        weight=10,
        groups=(group_event, group_projector, group_welcome_widget, group_system))
--- a/openslides/motion/signals.py
+++ b/openslides/motion/signals.py
@ -147,7 +147,6 @@ def setup_motion_config(sender, **kwargs):
    return ConfigGroupedCollection(
        title=ugettext_noop('Motion'),
        url='motion',
-        required_permission='config.can_manage',
        weight=30,
        groups=(group_general, group_supporters, group_ballot_papers, group_pdf))

--- a/openslides/participant/signals.py
+++ b/openslides/participant/signals.py
@ -105,7 +105,6 @@ def setup_participant_config(sender, **kwargs):
    return ConfigGroupedCollection(
        title=ugettext_noop('Participant'),
        url='participant',
-        required_permission='config.can_manage',
        weight=50,
        groups=(group_general, group_pdf))

--- a/openslides/projector/signals.py
+++ b/openslides/projector/signals.py
@ -68,7 +68,7 @@ def setup_projector_config(sender, **kwargs):
        default_value=False)

    return ConfigCollection(
-        required_permission=None, variables=(
+        variables=(
            projector, projector_message,
            countdown_time, countdown_start_stamp, countdown_pause_stamp,
            countdown_state, projector_scale, projector_scroll,
--- a/tests/config/test_config.py
+++ b/tests/config/test_config.py
@ -146,17 +146,13 @@ class ConfigFormTest(TestCase):
        self.assertRedirects(response=response, expected_url='/login/?next=/config/testgroupedpage1/',
                             status_code=302, target_status_code=200)

-    def test_get_config_form_testsimplepage1_other_clients(self):
-        response = self.client_normal_user.get('/config/testsimplepage1/')
+    def test_get_config_form_testsimplepage1_manager_client(self):
+        response = self.client_manager.get('/config/testsimplepage1/')
        self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200)
        self.assertTemplateUsed(response=response, template_name='base.html')
        self.assertTemplateUsed(response=response, template_name='config/config_form.html')
        self.assertTemplateUsed(response=response, template_name='form.html')
        self.assertTemplateUsed(response=response, template_name='formbuttons_save.html')
-        bad_client = Client()
-        response = bad_client.get('/config/testsimplepage1/')
-        self.assertEqual(response.status_code, 200)
-        self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200)

    def test_get_config_form_testgroupedpage1_initial(self):
        config['string_var'] = 'something unique AChie6eeiDie3Ieciy1bah4I'
@ -319,7 +315,6 @@ def set_grouped_config_view(sender, **kwargs):
    return ConfigGroupedCollection(
        title='Config vars for testing 1',
        url='testgroupedpage1',
-        required_permission='config.can_manage',
        weight=10000,
        groups=(group_1, group_2),
        extra_context={'extra_stylefiles': ['styles/test-config-sjNN56dFGDrg2.css'],
@ -335,7 +330,6 @@ def set_simple_config_view(sender, **kwargs):
    return ConfigCollection(
        title='Config vars for testing 2',
        url='testsimplepage1',
-        required_permission='No permission required',
        variables=(ConfigVariable(name='additional_config_var', default_value='BaeB0ahcMae3feem'),
                   ConfigVariable(name='additional_config_var_2', default_value='', form_field=forms.CharField()),
                   ConfigVariable(name='none_config_var', default_value=None)))
@ -349,7 +343,6 @@ def set_simple_config_view_multiple_vars(sender, **kwargs):
    return ConfigCollection(
        title='Config vars for testing 3',
        url='testsimplepage2',
-        required_permission='No permission required',
        variables=(ConfigVariable(name='multiple_config_var', default_value='foobar1'),
                   ConfigVariable(name='multiple_config_var', default_value='foobar2')))

@ -359,7 +352,6 @@ def set_simple_config_collection_disabled_view(sender, **kwargs):
    return ConfigCollection(
        title='Ho5iengaoon5Hoht',
        url='testsimplepage3',
-        required_permission='No permission required',
        variables=(ConfigVariable(name='hidden_config_var_2', default_value=''),))


@ -370,7 +362,6 @@ def set_simple_config_collection_with_callback(sender, **kwargs):
    return ConfigCollection(
        title='Hvndfhsbgkridfgdfg',
        url='testsimplepage4',
-        required_permission='No permission required',
        variables=(ConfigVariable(
            name='var_with_callback_ghvnfjd5768gdfkwg0hm2',
            default_value='',