✨ permissions refactoring: generate permissions, adapt permissions checks

4 files changed, 52 insertions, 16 deletions

diff --git a/archaeological_finds/models_finds.py b/archaeological_finds/models_finds.py
index 1863ba450..9ba25cc83 100644
--- a/archaeological_finds/models_finds.py
+++ b/archaeological_finds/models_finds.py
@@ -3023,7 +3023,8 @@ class Find(
 
     @classmethod
     def get_owns(
-        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None
+        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None,
+        no_auth_check=False, query=False
     ):
         replace_query = None
         if menu_filtr and "contextrecord" in menu_filtr:
@@ -3034,7 +3035,11 @@ class Find(
             limit=limit,
             values=values,
             get_short_menu_class=get_short_menu_class,
+            no_auth_check=no_auth_check,
+            query=query
         )
+        if query:
+            return owns
         return cls._return_get_owns(owns, values, get_short_menu_class)
 
     def _generate_cached_label(self):
diff --git a/archaeological_finds/models_treatments.py b/archaeological_finds/models_treatments.py
index d23843226..5ba50728b 100644
--- a/archaeological_finds/models_treatments.py
+++ b/archaeological_finds/models_treatments.py
@@ -341,7 +341,8 @@ class Treatment(
 
     @classmethod
     def get_owns(
-        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None
+        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None,
+        no_auth_check=False, query=False
     ):
         replace_query = None
         if menu_filtr:
@@ -356,7 +357,11 @@ class Treatment(
             limit=limit,
             values=values,
             get_short_menu_class=get_short_menu_class,
+            no_auth_check=no_auth_check,
+            query=query
         )
+        if query:
+            return owns
         return cls._return_get_owns(owns, values, get_short_menu_class)
 
     def get_query_operations(self):
@@ -1346,11 +1351,15 @@ class TreatmentFile(
 
     @classmethod
     def get_owns(
-        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None
+        cls, user, menu_filtr=None, limit=None, values=None, get_short_menu_class=None,
+        no_auth_check=False, query=False
     ):
         owns = super(TreatmentFile, cls).get_owns(
-            user, limit=limit, values=values, get_short_menu_class=get_short_menu_class
+            user, limit=limit, values=values, get_short_menu_class=get_short_menu_class,
+            no_auth_check=no_auth_check, query=query
         )
+        if query:
+            return owns
         return cls._return_get_owns(owns, values, get_short_menu_class)
 
     def _generate_cached_label(self):
diff --git a/archaeological_finds/tests.py b/archaeological_finds/tests.py
index 16fb575c7..5df18cf64 100644
--- a/archaeological_finds/tests.py
+++ b/archaeological_finds/tests.py
@@ -27,7 +27,7 @@ from rest_framework.test import APITestCase
 from rest_framework.authtoken.models import Token
 
 from django.conf import settings
-from django.contrib.auth.models import User, Permission, ContentType
+from django.contrib.auth.models import User, Permission, ContentType, Group
 from django.core.files import File
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.db.utils import IntegrityError
@@ -1923,23 +1923,42 @@ class FindPermissionTest(FindInit, TestCase):
     model = models.Find
 
     def setUp(self):
-        self.username, self.password, self.user = create_superuser()
-        self.alt_username, self.alt_password, self.alt_user = create_user()
+        profile_type = ProfileType.objects.create(
+            label="xxCollaborateur",
+            txt_idx="xxcollaborator",
+        )
+        gp = Group.objects.create(name="xxMobilier rattachées : voir et modification")
         ct_find = ContentType.objects.get(
             app_label="archaeological_finds", model="find"
         )
-        self.alt_user.user_permissions.add(
-            Permission.objects.get(codename="view_own_find", content_type=ct_find)
+        gp.permissions.add(
+            Permission.objects.get(
+                codename="view_own_find",
+                content_type=ct_find
+            )
         )
-        self.alt_user.user_permissions.add(
-            Permission.objects.get(codename="change_own_find", content_type=ct_find)
+        gp.permissions.add(
+            Permission.objects.get(
+                codename="change_own_find",
+                content_type=ct_find
+            )
         )
+        profile_type.groups.add(gp)
+
+        self.username, self.password, self.user = create_superuser()
+        self.alt_username, self.alt_password, self.alt_user = create_user()
+        profile = UserProfile.objects.create(
+            profile_type=profile_type,
+            person=self.alt_user.ishtaruser.person,
+            current=True,
+        )
+
         # nosec: hard coded password for test purposes
         self.alt_username2, self.alt_password2, self.alt_user2 = create_user(  # nosec
             username="luke", password="iamyourfather"
         )
         profile = UserProfile.objects.create(
-            profile_type=ProfileType.objects.get(txt_idx="collaborator"),
+            profile_type=profile_type,
             person=self.alt_user2.ishtaruser.person,
             current=True,
         )
@@ -1973,6 +1992,9 @@ class FindPermissionTest(FindInit, TestCase):
         self.find_2 = self.finds[-1]
         self.operations[-1].towns.add(town)
 
+        self.alt_user.ishtaruser.generate_permission()
+        self.alt_user2.ishtaruser.generate_permission()
+
     def test_own_search(self):
         # no result when no authentification
         c = Client()
@@ -1985,7 +2007,7 @@ class FindPermissionTest(FindInit, TestCase):
         response = c.get(reverse("get-find"))
         # only one "own" context record available
         content = response.content.decode()
-        self.assertTrue(json.loads(content))
+        self.assertTrue(content)
         self.assertEqual(json.loads(content)["recordsTotal"], 1)
 
         # area filter
diff --git a/archaeological_finds/wizards.py b/archaeological_finds/wizards.py
index d6647b81c..c70721eac 100644
--- a/archaeological_finds/wizards.py
+++ b/archaeological_finds/wizards.py
@@ -506,7 +506,7 @@ class TreatmentAdministrativeActWizard(OperationAdministrativeActWizard):
 
 class TreatmentEditAdministrativeActWizard(TreatmentAdministrativeActWizard):
     model = AdministrativeAct
-    edit = True
+    modification = True
 
     def get_associated_item(self, dct):
         return self.get_current_object().treatment
@@ -583,7 +583,7 @@ class TreatmentFileAdministrativeActWizard(OperationAdministrativeActWizard):
 
 class TreatmentFileEditAdministrativeActWizard(TreatmentFileAdministrativeActWizard):
     model = AdministrativeAct
-    edit = True
+    modification = True
 
     def get_associated_item(self, dct):
         return self.get_current_object().treatment_file
@@ -600,7 +600,7 @@ class FindBasketWizard(Wizard):
 
 
 class FindBasketEditWizard(FindBasketWizard):
-    edit = True
+    modification = True
     alt_is_own_method = "get_write_query_owns"
 
     def get_form_kwargs(self, step, **kwargs):