✅ test for context record relation form

4 files changed, 129 insertions, 4 deletions

diff --git a/archaeological_context_records/tests.py b/archaeological_context_records/tests.py
index 0d756be1c..ae27e56d1 100644
--- a/archaeological_context_records/tests.py
+++ b/archaeological_context_records/tests.py
@@ -1386,6 +1386,122 @@ class ContextRecordWizardCreationTest(WizardTest, ContextRecordInit, TestCase):
         self.assertEqual(cr.datings.count(), 1)
 
 
+class ContextRecordRelationTest(ContextRecordInit, TestCase):
+    fixtures = CONTEXT_RECORD_TOWNS_FIXTURES
+
+    def setUp(self):
+        # nosec: hard coded password for test purposes
+        self.username, self.password, user = create_user(  # nosec
+            username="Gandalf", password="ushallpass"
+        )
+        user.user_permissions.add(
+            Permission.objects.get(codename="view_own_contextrecord")
+        )
+        user.user_permissions.add(
+            Permission.objects.get(codename="change_own_contextrecord")
+        )
+        # by default associated to the first user
+        self.create_context_record({"label": "CR 1"})
+        self.create_context_record({"label": "CR 2"})
+        self.create_context_record({"label": "CR 3"})
+
+        self.username2, self.password2, user2 = create_user(  # nosec
+            username="Saroumane", password="ushallnotpass"
+        )
+        user2.user_permissions.add(
+            Permission.objects.get(codename="view_own_contextrecord")
+        )
+        user2.user_permissions.add(
+            Permission.objects.get(codename="change_own_contextrecord")
+        )
+        self.cr1, self.cr2, self.cr3 = self.context_records
+        self.sym_rel_type, __ = models.RelationType.objects.get_or_create(
+            symmetrical=True, txt_idx="sym", logical_relation="equal"
+        )
+        self.rel_type_below, __ = models.RelationType.objects.get_or_create(
+            symmetrical=False, txt_idx="below", logical_relation="below"
+        )
+
+    def init_data(self):
+        nb_crs = 2
+        data = {}
+        for idx in range(nb_crs + views.RELATION_FORMSET_EXTRA_FORM):
+            data.update({
+                f"form-{idx}-pk": "",
+                f"form-{idx}-right_record": "",
+                f"form-{idx}-relation_type": "",
+                f"form-{idx}-DELETE": '',
+            })
+        return data
+
+    def test_relation_update_and_add(self):
+        c = Client()
+        rel1 = models.RecordRelations.objects.create(
+            left_record=self.cr1,
+            right_record=self.cr2,
+            relation_type=self.sym_rel_type
+        )
+        nb_record_relation = models.RecordRelations.objects.count()
+
+        c.login(username=self.username2, password=self.password2)
+        response = c.get(reverse("context-record-relation-modify", kwargs={"pk": self.context_records[0].pk}))
+        self.assertEqual(response.status_code, 403)
+
+        c.login(username=self.username, password=self.password)
+        url = reverse("context-record-relation-modify", kwargs={"pk": self.context_records[0].pk})
+        response = c.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, f'"{rel1.pk}"')
+        self.assertContains(response, f'"{self.cr1.pk}"')
+        self.assertContains(response, f'"{self.cr2.pk}"')
+        self.assertContains(response, f'>{str(self.sym_rel_type)}<')
+
+        data = self.init_data()
+
+        data.update({
+            "form-0-pk": rel1.pk,
+            "form-0-right_record": rel1.right_record.pk,
+            "form-0-relation_type": self.rel_type_below.pk,
+            "form-1-right_record": self.cr3.pk,
+            "form-1-relation_type": self.rel_type_below.pk,
+        })
+
+        post_response = c.post(url, data)
+        self.assertEqual(post_response.status_code, 302)
+
+        rel1 = models.RecordRelations.objects.get(pk=rel1.pk)
+        self.assertEqual(rel1.relation_type, self.rel_type_below)
+
+        self.assertEqual(models.RecordRelations.objects.count(), nb_record_relation + 1)
+        q_rel2 = models.RecordRelations.objects.filter(left_record=self.cr1, right_record=self.cr3.pk,
+                                                       relation_type=self.rel_type_below)
+        self.assertEqual(q_rel2.count(), 1)
+
+    def test_relation_delete(self):
+        c = Client()
+        rel1 = models.RecordRelations.objects.create(
+            left_record=self.cr1,
+            right_record=self.cr2,
+            relation_type=self.sym_rel_type
+        )
+        nb_record_relation = models.RecordRelations.objects.filter(left_record=self.cr1).count()
+
+        c.login(username=self.username, password=self.password)
+        data = self.init_data()
+        data.update({
+            "form-0-pk": rel1.pk,
+            "form-0-right_record": rel1.right_record.pk,
+            "form-0-relation_type": self.rel_type_below.pk,
+            "form-0-DELETE": "on"
+        })
+        url = reverse("context-record-relation-modify", kwargs={"pk": self.context_records[0].pk})
+        post_response = c.post(url, data)
+        self.assertEqual(post_response.status_code, 302)
+        q_rel = models.RecordRelations.objects.filter(pk=rel1.pk)
+        self.assertEqual(q_rel.count(), 0)
+        self.assertEqual(models.RecordRelations.objects.filter(left_record=self.cr1).count(), nb_record_relation - 1)
+
+
 class AutocompleteTest(AutocompleteTestBase, TestCase):
     fixtures = CONTEXT_RECORD_FIXTURES
     models = [
diff --git a/archaeological_context_records/urls.py b/archaeological_context_records/urls.py
index 5fd360fbb..2b95db086 100644
--- a/archaeological_context_records/urls.py
+++ b/archaeological_context_records/urls.py
@@ -151,7 +151,9 @@ urlpatterns = [
     ),
     url(
         r"^context-record-relations-modify/(?P<pk>.+)/$",
-        views.context_record_modify_relations,
+        check_rights(["change_contextrecord", "change_own_contextrecord"])(
+            views.context_record_modify_relations
+        ),
         name="context-record-relation-modify",
     ),
     url(
diff --git a/archaeological_context_records/views.py b/archaeological_context_records/views.py
index 3695617f9..eba1ae8c0 100644
--- a/archaeological_context_records/views.py
+++ b/archaeological_context_records/views.py
@@ -19,6 +19,7 @@
 
 import json
 
+from django.core.exceptions import PermissionDenied
 from django.db.models import Q
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import render, redirect
@@ -197,9 +198,15 @@ RELATION_FORMSET_EXTRA_FORM = 3
 
 
 def get_relation_modify(model, model_relation, url_name):
-    def _modify_relation(request, pk):
+    def _modify_relation(request, pk, current_right=None):
+        try:
+            item = model.objects.get(pk=pk)
+        except model.DoesNotExist:
+            raise Http404()
+        if "_own_" in current_right:
+            if not item.is_own(request.user):
+                raise PermissionDenied()
         formset_class = forms.RecordRelationsFormSet
-        item = model.objects.get(pk=pk)
         relations = model_relation.objects.filter(left_record_id=pk).all()
 
         items = [
diff --git a/ishtar_common/utils.py b/ishtar_common/utils.py
index 3249bb20e..b48b8f3a2 100644
--- a/ishtar_common/utils.py
+++ b/ishtar_common/utils.py
@@ -369,7 +369,7 @@ class OwnPerms:
         if not query:
             return False
         query &= Q(pk=self.pk)
-        return self.__class__.objects.filter(query).count()
+        return self.__class__.objects.filter(query).exists()
 
     @classmethod
     def has_item_of(cls, user):