Changed permission system for config pages.
Config pages are now only available for users with permission 'config.can_manage'. Fixed #1159.
This commit is contained in:
parent
8b2723e846
commit
c747f09ad0
@ -36,7 +36,7 @@ Other:
|
||||
- Changed widget api. Used new metaclass.
|
||||
- Changed api for main menu entries. Used new metaclass.
|
||||
- Inserted api for the personal info widget. Used new metaclass.
|
||||
- Renamed config api classes.
|
||||
- Renamed config api classes. Changed permission system for config pages.
|
||||
- Regrouped config collections and pages.
|
||||
- Renamed some classes of the poll api.
|
||||
- Added api for absolute urls in models.
|
||||
|
@ -86,7 +86,6 @@ def setup_agenda_config(sender, **kwargs):
|
||||
|
||||
return ConfigCollection(title=ugettext_noop('Agenda'),
|
||||
url='agenda',
|
||||
required_permission='config.can_manage',
|
||||
weight=20,
|
||||
variables=(agenda_start_event_date_time,
|
||||
agenda_show_last_speakers,
|
||||
|
@ -92,6 +92,5 @@ def setup_assignment_config(sender, **kwargs):
|
||||
return ConfigGroupedCollection(
|
||||
title=ugettext_noop('Elections'),
|
||||
url='assignment',
|
||||
required_permission='config.can_manage',
|
||||
weight=40,
|
||||
groups=(group_ballot, group_pdf))
|
||||
|
@ -94,16 +94,13 @@ class ConfigBaseCollection(object):
|
||||
"""
|
||||
An abstract base class for simple and grouped config collections. The
|
||||
attributes title and url are required for collections that should be
|
||||
shown as a view. The attribute required_permission is used to set which
|
||||
users can control the view showing the colletion. The attribute weight
|
||||
is used for the order of the links in the submenu of the views. The
|
||||
attribute extra_context can be used to insert extra css and js files
|
||||
into the template.
|
||||
shown as a view. The attribute weight is used for the order of the
|
||||
links in the submenu of the views. The attribute extra_context can be
|
||||
used to insert extra css and js files into the template.
|
||||
"""
|
||||
def __init__(self, title=None, url=None, required_permission=None, weight=0, extra_context={}):
|
||||
def __init__(self, title=None, url=None, weight=0, extra_context={}):
|
||||
self.title = title
|
||||
self.url = url
|
||||
self.required_permission = required_permission
|
||||
self.weight = weight
|
||||
self.extra_context = extra_context
|
||||
|
||||
|
@ -4,27 +4,13 @@ from django.utils.translation import ugettext_lazy
|
||||
|
||||
from openslides.utils.main_menu import MainMenuEntry
|
||||
|
||||
from .signals import config_signal
|
||||
|
||||
|
||||
class ConfigMainMenuEntry(MainMenuEntry):
|
||||
"""
|
||||
Main menu entry for the config app.
|
||||
"""
|
||||
verbose_name = ugettext_lazy('Configuration')
|
||||
permission_required = 'config.can_manage'
|
||||
default_weight = 70
|
||||
pattern_name = 'config_first_config_collection_view'
|
||||
icon_css_class = 'icon-cog'
|
||||
|
||||
def check_permission(self):
|
||||
"""
|
||||
Checks against all permissions of all config collections.
|
||||
"""
|
||||
for receiver, config_collection in config_signal.send(sender=self):
|
||||
if config_collection.is_shown():
|
||||
if self.request.user.has_perm(config_collection.required_permission):
|
||||
return_value = True
|
||||
break
|
||||
else:
|
||||
return_value = False
|
||||
return return_value
|
||||
|
@ -15,17 +15,11 @@ class ConfigView(FormView):
|
||||
"""
|
||||
The view for a config collection.
|
||||
"""
|
||||
permission_required = 'config.can_manage'
|
||||
template_name = 'config/config_form.html'
|
||||
config_collection = None
|
||||
form_class = forms.Form
|
||||
|
||||
def has_permission(self, *args, **kwargs):
|
||||
"""
|
||||
Ensures that only users with permission can see this view.
|
||||
"""
|
||||
self.permission_required = self.config_collection.required_permission
|
||||
return super(ConfigView, self).has_permission(*args, **kwargs)
|
||||
|
||||
def get_form(self, *args):
|
||||
"""
|
||||
Gets the form for the view. Includes all form fields given by the
|
||||
|
@ -148,6 +148,5 @@ def setup_general_config(sender, **kwargs):
|
||||
return ConfigGroupedCollection(
|
||||
title=ugettext_noop('General'),
|
||||
url='general',
|
||||
required_permission='config.can_manage',
|
||||
weight=10,
|
||||
groups=(group_event, group_projector, group_welcome_widget, group_system))
|
||||
|
@ -147,7 +147,6 @@ def setup_motion_config(sender, **kwargs):
|
||||
return ConfigGroupedCollection(
|
||||
title=ugettext_noop('Motion'),
|
||||
url='motion',
|
||||
required_permission='config.can_manage',
|
||||
weight=30,
|
||||
groups=(group_general, group_supporters, group_ballot_papers, group_pdf))
|
||||
|
||||
|
@ -105,7 +105,6 @@ def setup_participant_config(sender, **kwargs):
|
||||
return ConfigGroupedCollection(
|
||||
title=ugettext_noop('Participant'),
|
||||
url='participant',
|
||||
required_permission='config.can_manage',
|
||||
weight=50,
|
||||
groups=(group_general, group_pdf))
|
||||
|
||||
|
@ -68,7 +68,7 @@ def setup_projector_config(sender, **kwargs):
|
||||
default_value=False)
|
||||
|
||||
return ConfigCollection(
|
||||
required_permission=None, variables=(
|
||||
variables=(
|
||||
projector, projector_message,
|
||||
countdown_time, countdown_start_stamp, countdown_pause_stamp,
|
||||
countdown_state, projector_scale, projector_scroll,
|
||||
|
@ -146,17 +146,13 @@ class ConfigFormTest(TestCase):
|
||||
self.assertRedirects(response=response, expected_url='/login/?next=/config/testgroupedpage1/',
|
||||
status_code=302, target_status_code=200)
|
||||
|
||||
def test_get_config_form_testsimplepage1_other_clients(self):
|
||||
response = self.client_normal_user.get('/config/testsimplepage1/')
|
||||
def test_get_config_form_testsimplepage1_manager_client(self):
|
||||
response = self.client_manager.get('/config/testsimplepage1/')
|
||||
self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200)
|
||||
self.assertTemplateUsed(response=response, template_name='base.html')
|
||||
self.assertTemplateUsed(response=response, template_name='config/config_form.html')
|
||||
self.assertTemplateUsed(response=response, template_name='form.html')
|
||||
self.assertTemplateUsed(response=response, template_name='formbuttons_save.html')
|
||||
bad_client = Client()
|
||||
response = bad_client.get('/config/testsimplepage1/')
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertNotContains(response=response, text='BaeB0ahcMae3feem', status_code=200)
|
||||
|
||||
def test_get_config_form_testgroupedpage1_initial(self):
|
||||
config['string_var'] = 'something unique AChie6eeiDie3Ieciy1bah4I'
|
||||
@ -319,7 +315,6 @@ def set_grouped_config_view(sender, **kwargs):
|
||||
return ConfigGroupedCollection(
|
||||
title='Config vars for testing 1',
|
||||
url='testgroupedpage1',
|
||||
required_permission='config.can_manage',
|
||||
weight=10000,
|
||||
groups=(group_1, group_2),
|
||||
extra_context={'extra_stylefiles': ['styles/test-config-sjNN56dFGDrg2.css'],
|
||||
@ -335,7 +330,6 @@ def set_simple_config_view(sender, **kwargs):
|
||||
return ConfigCollection(
|
||||
title='Config vars for testing 2',
|
||||
url='testsimplepage1',
|
||||
required_permission='No permission required',
|
||||
variables=(ConfigVariable(name='additional_config_var', default_value='BaeB0ahcMae3feem'),
|
||||
ConfigVariable(name='additional_config_var_2', default_value='', form_field=forms.CharField()),
|
||||
ConfigVariable(name='none_config_var', default_value=None)))
|
||||
@ -349,7 +343,6 @@ def set_simple_config_view_multiple_vars(sender, **kwargs):
|
||||
return ConfigCollection(
|
||||
title='Config vars for testing 3',
|
||||
url='testsimplepage2',
|
||||
required_permission='No permission required',
|
||||
variables=(ConfigVariable(name='multiple_config_var', default_value='foobar1'),
|
||||
ConfigVariable(name='multiple_config_var', default_value='foobar2')))
|
||||
|
||||
@ -359,7 +352,6 @@ def set_simple_config_collection_disabled_view(sender, **kwargs):
|
||||
return ConfigCollection(
|
||||
title='Ho5iengaoon5Hoht',
|
||||
url='testsimplepage3',
|
||||
required_permission='No permission required',
|
||||
variables=(ConfigVariable(name='hidden_config_var_2', default_value=''),))
|
||||
|
||||
|
||||
@ -370,7 +362,6 @@ def set_simple_config_collection_with_callback(sender, **kwargs):
|
||||
return ConfigCollection(
|
||||
title='Hvndfhsbgkridfgdfg',
|
||||
url='testsimplepage4',
|
||||
required_permission='No permission required',
|
||||
variables=(ConfigVariable(
|
||||
name='var_with_callback_ghvnfjd5768gdfkwg0hm2',
|
||||
default_value='',
|
||||
|
Loading…
Reference in New Issue
Block a user