fix 500 on SAS main page for anonymous users

2025-04-19 04:20:18 +00:00 · 2025-04-17 08:41:31 +02:00 · 2025-04-17 08:41:31 +02:00 · ccd4275b02
commit ccd4275b02
parent 4fa83d0667
3 changed files with 29 additions and 3 deletions
--- a/sas/templates/sas/main.jinja
+++ b/sas/templates/sas/main.jinja
@ -59,7 +59,7 @@
        {% endfor %}
      </div>

-      {% if is_sas_admin %}
+      {% if album_create_fragment %}
        </form>
        <br>
        {{ album_create_fragment }}
--- a/sas/tests/test_views.py
+++ b/sas/tests/test_views.py
@ -15,12 +15,13 @@
 from typing import Callable

 import pytest
+from bs4 import BeautifulSoup
 from django.conf import settings
 from django.core.cache import cache
 from django.test import Client, TestCase
 from django.urls import reverse
 from model_bakery import baker
-from pytest_django.asserts import assertInHTML, assertRedirects
+from pytest_django.asserts import assertHTMLEqual, assertInHTML, assertRedirects

 from core.baker_recipes import old_subscriber_user, subscriber_user
 from core.models import Group, User
@ -41,16 +42,37 @@ from sas.models import Album, Picture
            User, groups=[Group.objects.get(pk=settings.SITH_GROUP_SAS_ADMIN_ID)]
        ),
        lambda: baker.make(User),
+        lambda: None,
    ],
 )
 def test_load_main_page(client: Client, user_factory: Callable[[], User]):
    """Just check that the SAS doesn't crash."""
    user = user_factory()
-    client.force_login(user)
+    if user is not None:
+        client.force_login(user)
    res = client.get(reverse("sas:main"))
    assert res.status_code == 200


+@pytest.mark.django_db
+def test_main_page_no_form_for_regular_users(client: Client):
+    """Test that subscribed users see no form on the sas main page"""
+    client.force_login(subscriber_user.make())
+    res = client.get(reverse("sas:main"))
+    soup = BeautifulSoup(res.text, "lxml")
+    forms = soup.find("main").find_all("form")
+    assert len(forms) == 0
+
+
+@pytest.mark.django_db
+def test_main_page_content_anonymous(client: Client):
+    """Test that public users see only an incentive to login"""
+    res = client.get(reverse("sas:main"))
+    soup = BeautifulSoup(res.text, "lxml")
+    expected = "<h3>SAS</h3><p>Vous devez être connecté pour voir les photos.</p>"
+    assertHTMLEqual(soup.find("main").decode_contents(), expected)
+
+
@pytest.mark.django_db
 def test_album_access_non_subscriber(client: Client):
    """Test that non-subscribers can only access albums where they are identified."""
--- a/sas/views.py
+++ b/sas/views.py
@ -65,12 +65,16 @@ class SASMainView(UseFragmentsMixin, TemplateView):
    template_name = "sas/main.jinja"

    def get_fragments(self) -> dict[str, FragmentRenderer]:
+        if not self.request.user.has_perm("sas.add_album"):
+            return {}
        form_init = {"parent": SithFile.objects.get(id=settings.SITH_SAS_ROOT_DIR_ID)}
        return {
            "album_create_fragment": AlbumCreateFragment.as_fragment(initial=form_init)
        }

    def get_fragment_data(self) -> dict[str, dict[str, Any]]:
+        if not self.request.user.has_perm("sas.add_album"):
+            return {}
        root_user = User.objects.get(pk=settings.SITH_ROOT_USER_ID)
        return {"album_create_fragment": {"owner": root_user}}