diff options
| -rw-r--r-- | archaeological_files/models.py | 3 | ||||
| -rw-r--r-- | archaeological_operations/models.py | 3 | ||||
| -rw-r--r-- | archaeological_operations/tests.py | 35 | ||||
| -rw-r--r-- | ishtar_common/views.py | 4 |
4 files changed, 36 insertions, 9 deletions
diff --git a/archaeological_files/models.py b/archaeological_files/models.py index 297a23fed..db33ed9b2 100644 --- a/archaeological_files/models.py +++ b/archaeological_files/models.py @@ -228,7 +228,8 @@ class File(BaseHistorizedItem, OwnPerms, ValueGetter): @classmethod def get_query_owns(cls, user): - return (Q(history_creator=user) | Q(in_charge__ishtaruser=user)) \ + return (Q(history_creator=user) | + Q(in_charge__ishtaruser=user.ishtaruser)) \ & Q(end_date__isnull=True) def is_active(self): diff --git a/archaeological_operations/models.py b/archaeological_operations/models.py index 97d10801c..8601c602f 100644 --- a/archaeological_operations/models.py +++ b/archaeological_operations/models.py @@ -375,7 +375,8 @@ class Operation(BaseHistorizedItem, OwnPerms, ValueGetter): @classmethod def get_query_owns(cls, user): - return Q(in_charge=user.person)|Q(scientist=user.person)|\ + return Q(in_charge=user.ishtaruser.person)|\ + Q(scientist=user.ishtaruser.person)|\ Q(history_creator=user) & Q(end_date__isnull=True) def is_active(self): diff --git a/archaeological_operations/tests.py b/archaeological_operations/tests.py index 2dd3c519e..808d999af 100644 --- a/archaeological_operations/tests.py +++ b/archaeological_operations/tests.py @@ -28,7 +28,7 @@ from django.core.urlresolvers import reverse from django.test import TestCase from django.test.client import Client -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Permission import models from ishtar_common.models import OrganizationType, Organization, Town, \ @@ -43,7 +43,7 @@ class ImportOperationTest(TestCase): '../archaeological_operations/fixtures/initial_data-fr.json'] def setUp(self): - user = User.objects.create_user('username') + user = User.objects.create_superuser('username') def testImportDbfOperation(self): """ @@ -303,13 +303,21 @@ class ImportOperationTest(TestCase): value) ) -def create_user(): +def create_superuser(): username = 'username4277' password = 'dcbqj756456!@%' user = User.objects.create_superuser(username, "nomail@nomail.com", password) return username, password, user +def create_user(): + username = 'username678' + password = 'dcbqj756456!@%' + user = User.objects.create_user(username, email="nomail2@nomail.com") + user.set_password(password) + user.save() + return username, password, user + def create_orga(user): orga_type, created = OrganizationType.objects.get_or_create( txt_idx='operator') @@ -335,9 +343,13 @@ class OperationTest(TestCase): '../archaeological_operations/fixtures/initial_data-fr.json'] def setUp(self): - self.username, self.password, self.user = create_user() + self.username, self.password, self.user = create_superuser() + self.alt_username, self.alt_password, self.alt_user = create_user() + self.alt_user.user_permissions.add(Permission.objects.get( + codename='view_own_operation')) self.orgas = create_orga(self.user) self.operations = create_operation(self.user, self.orgas[0]) + self.operations += create_operation(self.alt_user, self.orgas[0]) self.item = self.operations[0] def testSearch(self): @@ -347,6 +359,19 @@ class OperationTest(TestCase): self.assertTrue(not json.loads(response.content)) c.login(username=self.username, password=self.password) response = c.get(reverse('get-operation'), {'year': '2010',}) + self.assertTrue(json.loads(response.content)['total'] == 2) + response = c.get(reverse('get-operation'), + {'operator': self.orgas[0].pk}) + self.assertTrue(json.loads(response.content)['total'] == 2) + + def testOwnSearch(self): + c = Client() + response = c.get(reverse('get-operation'), {'year': '2010',}) + # no result when no authentification + self.assertTrue(not json.loads(response.content)) + c.login(username=self.alt_username, password=self.alt_password) + response = c.get(reverse('get-operation'), {'year': '2010',}) + # only one "own" operation available self.assertTrue(json.loads(response.content)['total'] == 1) response = c.get(reverse('get-operation'), {'operator': self.orgas[0].pk}) @@ -372,7 +397,7 @@ class RegisterTest(TestCase): '../archaeological_operations/fixtures/initial_data-fr.json'] def setUp(self): - self.username, self.password, self.user = create_user() + self.username, self.password, self.user = create_superuser() self.operations = create_operation(self.user) self.act_types, self.operations = create_administrativact( self.user, self.operations[0]) diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 11351d7c0..0292021bf 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -230,7 +230,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[], # if not specific any perm is relevant (read right) if specific_perms and perm not in specific_perms: continue - if request.user.has_perm(perm) \ + if request.user.has_perm(model._meta.app_label + '.' + perm) \ or (request.user.is_authenticated() and request.user.ishtaruser.has_right(perm)): allowed = True @@ -339,7 +339,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[], break query = Q(**dct) if own: - query = query & model.get_query_own(request.user) + query = query & model.get_query_owns(request.user) for k, or_req in or_reqs: alt_dct = dct.copy() alt_dct.pop(k) |