Compare commits

..

No commits in common. "dbbfa79f10eda4ee44f22f2cd5a57efe3c5c39e3" and "948e9deb547f20ca60620a2a435e718138b60755" have entirely different histories.

6 changed files with 31 additions and 63 deletions

View File

@ -134,19 +134,6 @@ class Project(models.Model):
def auth(self):
return sign_data(f'{self.pk}-{self.nonce}', 12)
@classmethod
def for_user(cls, user, project_keys=[], ensemble_keys=[]):
projects = cls.objects.select_related('ensemble')
if user.is_superuser:
return projects
f = models.Q(pk__in=project_keys) | models.Q(ensemble__slug__in=ensemble_keys)
if user.is_authenticated:
f |= models.Q(ensemble__admins=user.pk)
return projects.filter(f)
def __str__(self):
return self.name

View File

@ -30,12 +30,9 @@ class AccessTestCase(TestCase):
cls.ensembles[obj.slug] = obj
cls.projects = {}
for details in cls.PROJECTS:
when = details.pop('when', 0)
ensemble = details.pop('ensemble')
details['event_date'] = now + timedelta(days=when) if when else None
obj = cls.ensembles[ensemble].projects.create(**details)
cls.projects[details['name']] = obj
for name, ensemble, when in cls.PROJECTS:
obj = cls.ensembles[ensemble].projects.create(name=name, event_date=now+timedelta(days=when))
cls.projects[name] = obj
return

View File

@ -19,24 +19,23 @@ class InterfaceAccessTestCase(AccessTestCase):
)
PROJECTS = (
{'name': 'Baker St', 'ensemble': 'bleeding-gums', 'when': -12},
{'name': 'Navy Recruitment Day', 'ensemble': 'party-posse', 'when': 6},
{'name': 'Barbershop Contest', 'ensemble': 'be-sharps', 'when': 28},
{'name': 'Open Mic Night', 'ensemble': 'bleeding-gums', 'when': 1 },
{'name': 'Current Repertoire', 'ensemble': 'be-sharps'},
('Baker St', 'bleeding-gums', -12),
('Navy Recruitment Day', 'party-posse', 6),
('Barbershop Contest', 'be-sharps', 28),
('Open Mic Night', 'bleeding-gums', 1)
)
def test_bad_login(self):
with self.assertRaisesMessage(self.failureException, 'Failed to login as admin'):
self.login('admin', 'admin')
def test_superuser_ensembles(self):
def test_admin_ensembles(self):
self.login('admin', 'secret')
response = self.client.get('/ensembles')
self.assertObjectList(response, ['The Be Sharps', 'Lisa & the Bleeding Gums', 'Party Posse'])
self.assertContains(response, 'Django Admin')
def test_superuser_ensemble_permissions(self):
def test_admin_ensemble_permissions(self):
self.login('admin', 'secret')
response = self.client.get('/ensembles/party-posse')
self.assertTrue(response.context['request'].is_admin)
@ -49,10 +48,10 @@ class InterfaceAccessTestCase(AccessTestCase):
'/ensembles/be-sharps/new-project': True,
})
def test_superuser_projects(self):
def test_admin_projects(self):
self.login('admin', 'secret')
response = self.client.get('/projects')
self.assertObjectList(response, ['Current Repertoire', 'Open Mic Night', 'Navy Recruitment Day', 'Barbershop Contest'])
self.assertObjectList(response, ['Open Mic Night', 'Navy Recruitment Day', 'Barbershop Contest'])
self.assertObjectList(self.client.get('/ensembles/bleeding-gums'), ['Open Mic Night'])
self.assertObjectList(self.client.get('/ensembles/bleeding-gums?inactive'), ['Open Mic Night', 'Baker St'])
@ -95,7 +94,7 @@ class InterfaceAccessTestCase(AccessTestCase):
def test_user_projects(self):
self.login('homer', 'maggie')
response = self.client.get('/projects')
self.assertObjectList(response, ['Current Repertoire', 'Barbershop Contest'])
self.assertObjectList(response, ['Barbershop Contest'])
response = self.client.get('/projects/3')
self.assertTrue(response.context['request'].is_admin)
@ -111,7 +110,7 @@ class InterfaceAccessTestCase(AccessTestCase):
self.authorize(models.Project, pk=4)
response = self.client.get('/projects')
self.assertObjectList(response, ['Current Repertoire', 'Open Mic Night', 'Barbershop Contest'])
self.assertObjectList(response, ['Open Mic Night', 'Barbershop Contest'])
response = self.client.get('/projects/4')
self.assertFalse(response.context['request'].is_admin)

View File

@ -254,14 +254,20 @@ class ProjectListView(ProjectMixin, ListView):
return True
def get_project_queryset(self):
return models.Project.for_user(self.request.user,
self.get_authorized_keys('project'),
self.get_authorized_keys('ensemble'))
projects = models.Project.objects.select_related('ensemble')
if self.request.is_admin:
return projects
f = Q(pk__in=self.get_authorized_keys('project').keys()) | Q(ensemble__slug__in=self.get_authorized_keys('ensemble').keys())
if self.request.user.is_authenticated:
f |= Q(ensemble__admins=self.request.user.pk)
return projects.filter(f)
def get_queryset(self):
qs = self.get_project_queryset()
f = Q(event_date__gte=(timezone.now()-timezone.timedelta(7))) | Q(event_date=None)
return qs.filter(f, active=True)
return qs.filter(active=True, event_date__gte=timezone.now()-timezone.timedelta(7))
class ProjectCreateView(EnsembleMixin, CreateView):
admin_required = True

View File

@ -4,7 +4,7 @@ from django.contrib.auth.models import User
from interface.models import Ensemble, Project
from . import models
class LibraryTestCase(AccessTestCase):
class IntegrationTestCase(AccessTestCase):
USERS = (
{'username': 'admin', 'password': 'secret', 'is_superuser': True, 'is_staff': True},
@ -18,10 +18,10 @@ class LibraryTestCase(AccessTestCase):
)
PROJECTS = (
{'name': 'Baker St', 'ensemble': 'bleeding-gums', 'when': -12},
{'name': 'Navy Recruitment Day', 'ensemble': 'party-posse', 'when': 6},
{'name': 'Barbershop Contest', 'ensemble': 'be-sharps', 'when': 28},
{'name': 'Open Mic Night', 'ensemble': 'bleeding-gums', 'when': 1 },
('Baker St', 'bleeding-gums', -12),
('Navy Recruitment Day', 'party-posse', 6),
('Barbershop Contest', 'be-sharps', 28),
('Open Mic Night', 'bleeding-gums', 1)
)
COLLECTIONS = (
@ -33,16 +33,6 @@ class LibraryTestCase(AccessTestCase):
{'name': 'Baby on Board', 'collection': 'ned'},
)
PROTECTED_URLS = (
'/collections/1',
'/collections/1/add',
'/collections/2/works/1',
'/collections/2/works/1/edit',
'/collections/2/works/1/partset',
'/collections/2/works/1/add_to_project',
'/collections/2/works/1/upload',
)
@classmethod
def setUpTestData(cls):
super().setUpTestData()
@ -75,13 +65,6 @@ class LibraryTestCase(AccessTestCase):
def test_integration(self):
pass
def test_get_views(self):
self.assertAccess({ x: False for x in self.PROTECTED_URLS })
self.login('admin', 'secret')
self.assertAccess({ x: True for x in self.PROTECTED_URLS })
def test_superuser_access(self):
self.login('admin', 'secret')
self.assertAccess({

View File

@ -248,7 +248,7 @@ class WorkUpdateView(CollectionMixin, UpdateView):
class WorkAddToProject(CollectionMixin, FormView):
class WorkAddToProject(ProjectMixin, FormView):
admin_required = True
form_class = forms.ProjectSelectForm
template_name = "interface/default_form.html"
@ -261,12 +261,8 @@ class WorkAddToProject(CollectionMixin, FormView):
f = super(WorkAddToProject, self).get_form()
qs = f.fields['project'].queryset
# Limit to projects for ensembles where we are an admin and they haven't occured yet
qs = qs.filter(ensemble__admins=self.request.user, event_date__gt=now())
# dont show projects already added to
work = self.get_object()
qs = qs.exclude(pk__in=work.projects.all())
qs = qs.filter(ensemble_id=self.request.ensemble_id).exclude(pk__in=work.projects.all())
f.fields['project'].queryset = qs
return f