diff options
-rw-r--r-- | archaeological_finds/forms.py | 11 | ||||
-rw-r--r-- | archaeological_finds/tests.py | 58 |
2 files changed, 67 insertions, 2 deletions
diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py index 5fcf57a27..babc56876 100644 --- a/archaeological_finds/forms.py +++ b/archaeological_finds/forms.py @@ -726,6 +726,12 @@ class QAFindBasketForm(IshtarForm): if not self.cleaned_data['qa_bf_basket']: raise forms.ValidationError( _(u"On update, you have to select a basket.")) + q = Q(user=self.user) | Q(shared_write_with__pk=self.user.pk) + q = models.FindBasket.objects.filter(q).filter( + pk=self.cleaned_data['qa_bf_basket']) + if not q.count(): + raise forms.ValidationError( + _("You cannot update the selected basket.")) return self.cleaned_data label = self.cleaned_data['qa_bf_label'].strip() if not label: @@ -738,8 +744,9 @@ class QAFindBasketForm(IshtarForm): def save(self, items): if self.cleaned_data['qa_bf_create_or_update'] == 'update': - basket = models.FindBasket.objects.get( - user=self.user, pk=self.cleaned_data['qa_bf_basket']) + q = Q(user=self.user) | Q(shared_write_with__pk=self.user.pk) + basket = models.FindBasket.objects.filter(q).get( + pk=self.cleaned_data['qa_bf_basket']) else: label = self.cleaned_data['qa_bf_label'].strip() basket = models.FindBasket.objects.create( diff --git a/archaeological_finds/tests.py b/archaeological_finds/tests.py index 2c78d3efa..cfdcb1585 100644 --- a/archaeological_finds/tests.py +++ b/archaeological_finds/tests.py @@ -27,6 +27,7 @@ from rest_framework.authtoken.models import Token from django.conf import settings from django.contrib.auth.models import User, Permission, ContentType from django.contrib.gis.geos import GEOSGeometry +from django.core.exceptions import ObjectDoesNotExist from django.core.files import File from django.core.files.uploadedfile import SimpleUploadedFile from django.core.urlresolvers import reverse @@ -1306,6 +1307,63 @@ class FindQATest(FindInit, TestCase): self.assertEqual(models.Find.objects.get(pk=find_1.pk).description, base_desc_1 + u"\n" + extra_desc) + def test_basket(self): + find_0 = self.finds[0] + find_1 = self.finds[1] + nb_basket = models.FindBasket.objects.count() + url = reverse('find-qa-basket', args=[find_0.pk]) + c = Client() + response = c.get(url) + self.assertRedirects(response, '/') + + c.login(username=self.username, password=self.password) + response = c.get(url) + self.assertEqual(response.status_code, 200) + label = "Test - basket" + data = { + "qa_bf_create_or_update": "create", + "qa_bf_label": label + } + response = c.post(url, data) + if response.status_code != 200: + self.assertRedirects(response, '/success/') + self.assertEqual( + nb_basket + 1, + models.FindBasket.objects.count()) + q = models.FindBasket.objects.filter( + user=self.user.ishtaruser, label=label) + self.assertEqual(q.count(), 1) + # no duplicate with same user, same name + c.post(url, data) + self.assertEqual(q.count(), 1) + basket = q.all()[0] + self.assertEqual(basket.items.count(), 1) + + # update + url = reverse('find-qa-basket', args=[find_1.pk]) + self.assertEqual(basket.items.count(), 1) + data = { + "qa_bf_create_or_update": "update", + "qa_bf_basket": basket.pk + } + c.post(url, data) + self.assertEqual(basket.items.count(), 2) + self.assertIn(find_1, list(basket.items.all())) + + # no permission + basket.user = self.alt_user.ishtaruser + basket.items.clear() + basket.save() + self.assertEqual(basket.items.count(), 0) + c.post(url, data) + # no update + self.assertEqual(basket.items.count(), 0) + + # write permission + basket.shared_write_with.add(self.user.ishtaruser) + c.post(url, data) + self.assertEqual(basket.items.count(), 1) + def test_packaging(self): c = Client() find_0 = self.finds[0] |