✨ permissions refactoring: generate permissions, adapt permissions checks

3 files changed, 59 insertions, 23 deletions

diff --git a/archaeological_context_records/models.py b/archaeological_context_records/models.py
index 2611b7dfd..a88a7d161 100644
--- a/archaeological_context_records/models.py
+++ b/archaeological_context_records/models.py
@@ -1234,7 +1234,8 @@ class ContextRecord(
 
     @classmethod
     def get_owns(
-        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None
+        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None,
+        no_auth_check=False, query=False
     ):
         replace_query = None
         if menu_filtr and "operation" in menu_filtr:
@@ -1245,7 +1246,11 @@ class ContextRecord(
             limit=limit,
             values=values,
             get_short_menu_class=get_short_menu_class,
+            no_auth_check=no_auth_check,
+            query=query
         )
+        if query:
+            return owns
         return cls._return_get_owns(owns, values, get_short_menu_class)
 
     def full_label(self):
diff --git a/archaeological_context_records/tests.py b/archaeological_context_records/tests.py
index efeab4670..8a16facf5 100644
--- a/archaeological_context_records/tests.py
+++ b/archaeological_context_records/tests.py
@@ -23,7 +23,7 @@ import locale
 
 from django.apps import apps
 from django.conf import settings
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Permission, Group
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.template.defaultfilters import slugify
@@ -32,14 +32,15 @@ from django.urls import reverse
 from django.utils.translation import pgettext_lazy
 
 from ishtar_common.models import (
-    IshtarSiteProfile,
+    Area,
+    get_current_profile,
     ImporterModel,
     ImporterType,
-    UserProfile,
+    IshtarSiteProfile,
+    IshtarUser,
     ProfileType,
     Town,
-    Area,
-    get_current_profile,
+    UserProfile,
 )
 
 from ishtar_common import forms_common
@@ -945,21 +946,35 @@ class ContextRecordPermissionTest(ContextRecordInit, TestCase):
     fixtures = CONTEXT_RECORD_TOWNS_FIXTURES
 
     def setUp(self):
-        IshtarSiteProfile.objects.create()
-        self.username, self.password, self.user = create_superuser()
-        self.alt_username, self.alt_password, self.alt_user = create_user()
-        self.alt_user.user_permissions.add(
+        profile_type = ProfileType.objects.create(
+            label="xxCollaborateur",
+            txt_idx="xxcollaborator",
+        )
+        gp = Group.objects.create(name="xxUE rattachées : voir et modification")
+        gp.permissions.add(
             Permission.objects.get(codename="view_own_contextrecord")
         )
-        self.alt_user.user_permissions.add(
+        gp.permissions.add(
             Permission.objects.get(codename="change_own_contextrecord")
         )
+        profile_type.groups.add(gp)
+
+        IshtarSiteProfile.objects.create()
+        self.username, self.password, self.user = create_superuser()
+        self.alt_username, self.alt_password, self.alt_user = create_user()
+
+        UserProfile.objects.create(
+            profile_type=profile_type,
+            person=self.alt_user.ishtaruser.person,
+            current=True,
+        )
+
         # nosec: hard coded password for test purposes
         self.alt_username2, self.alt_password2, self.alt_user2 = create_user(  # nosec
             username="luke", password="iamyourfather"
         )
         profile = UserProfile.objects.create(
-            profile_type=ProfileType.objects.get(txt_idx="collaborator"),
+            profile_type=profile_type,
             person=self.alt_user2.ishtaruser.person,
             current=True,
         )
@@ -984,6 +999,9 @@ class ContextRecordPermissionTest(ContextRecordInit, TestCase):
         self.cr_1 = self.context_records[0]
         self.cr_2 = self.context_records[1]
 
+        self.alt_user.ishtaruser.generate_permission()
+        self.alt_user2.ishtaruser.generate_permission()
+
     def test_own_search(self):
         # no result when no authentification
         c = Client()
@@ -1390,29 +1408,42 @@ class ContextRecordRelationTest(ContextRecordInit, TestCase):
     fixtures = CONTEXT_RECORD_TOWNS_FIXTURES
 
     def setUp(self):
-        # nosec: hard coded password for test purposes
-        self.username, self.password, user = create_user(  # nosec
-            username="Gandalf", password="ushallpass"
+        profile_type = ProfileType.objects.create(
+            label="xxCollaborateur",
+            txt_idx="xxcollaborator",
         )
-        user.user_permissions.add(
+        gp = Group.objects.create(name="xxUE rattachées : voir et modification")
+        gp.permissions.add(
             Permission.objects.get(codename="view_own_contextrecord")
         )
-        user.user_permissions.add(
+        gp.permissions.add(
             Permission.objects.get(codename="change_own_contextrecord")
         )
+        profile_type.groups.add(gp)
+
+        # nosec: hard coded password for test purposes
+        self.username, self.password, user = create_user(  # nosec
+            username="Gandalf", password="ushallpass"
+        )
+        UserProfile.objects.create(
+            profile_type=profile_type,
+            person=user.ishtaruser.person,
+            current=True,
+        )
         self.create_context_record({"label": "CR 1"}, user=user)
         self.create_context_record({"label": "CR 2"}, user=user)
         self.create_context_record({"label": "CR 3"}, user=user)
+        IshtarUser.objects.get(pk=user.pk).generate_permission()
 
         self.username2, self.password2, user2 = create_user(  # nosec
             username="Saroumane", password="ushallnotpass"
         )
-        user2.user_permissions.add(
-            Permission.objects.get(codename="view_own_contextrecord")
-        )
-        user2.user_permissions.add(
-            Permission.objects.get(codename="change_own_contextrecord")
+        UserProfile.objects.create(
+            profile_type=profile_type,
+            person=user2.ishtaruser.person,
+            current=True,
         )
+        IshtarUser.objects.get(pk=user2.pk).generate_permission()
         self.cr1, self.cr2, self.cr3 = self.context_records
         self.sym_rel_type, __ = models.RelationType.objects.get_or_create(
             symmetrical=True, txt_idx="sym", logical_relation="equal"
diff --git a/archaeological_context_records/wizards.py b/archaeological_context_records/wizards.py
index 35b4e02b4..4524681fc 100644
--- a/archaeological_context_records/wizards.py
+++ b/archaeological_context_records/wizards.py
@@ -31,7 +31,7 @@ class RecordSearch(SearchWizard):
 
 class RecordWizard(Wizard):
     model = models.ContextRecord
-    edit = False
+    modification = False
     wizard_done_window = reverse_lazy("show-contextrecord")
     relations_step_key = "relations"
     redirect_url = "record_modification"