make PageCreateView a PermissionRequiredMixin

core/auth/mixins.py

@@ -169,10 +169,9 @@ class CanCreateMixin(View):
         super().__init__(*args, **kwargs)
 
     def dispatch(self, request, *arg, **kwargs):
-        res = super().dispatch(request, *arg, **kwargs)
         if not request.user.is_authenticated:
             raise PermissionDenied
-        return res
+        return super().dispatch(request, *arg, **kwargs)
 
     def form_valid(self, form):
         obj = form.instance

core/management/commands/populate.py

@@ -919,6 +919,7 @@ Welcome to the wiki page!
                         "view_album",
                         "view_peoplepicturerelation",
                         "add_peoplepicturerelation",
+                        "add_page",
                     ]
                 )
             )

core/templates/core/base.jinja

@@ -84,18 +84,18 @@
       </ul>
 
       <div id="content">
-        {% block tabs %}
+        {%- block tabs -%}
           {% include "core/base/tabs.jinja" %}
-        {% endblock %}
+        {%- endblock -%}
 
-        {% block errors%}
+        {%- block errors -%}
           {% if error %}
             {{ error }}
           {% endif %}
-        {% endblock %}
+        {%- endblock -%}
 
-        {% block content %}
-        {% endblock %}
+        {%- block content -%}
+        {%- endblock -%}
       </div>
     </div>
 

core/templates/core/page.jinja

@@ -12,16 +12,15 @@
   {% endif %}
 {% endblock %}
 
-{% macro print_page_name(page) %}
-  {% if page %}
+{%- macro print_page_name(page) -%}
+  {%- if page -%}
     {{ print_page_name(page.parent) }} >
     <a href="{{ url('core:page', page_name=page.get_full_name()) }}">{{ page.get_display_name() }}</a>
-  {% endif %}
-{% endmacro %}
+  {%- endif -%}
+{%- endmacro -%}
 
 {% block content %}
   {{ print_page_name(page) }}
-
   <div class="tool_bar">
     <div class="tools">
       {% if page %}

core/tests/test_core.py

@@ -18,7 +18,9 @@ from smtplib import SMTPException
 
 import freezegun
 import pytest
+from bs4 import BeautifulSoup
 from django.contrib.auth.hashers import make_password
+from django.contrib.auth.models import Permission
 from django.core import mail
 from django.core.cache import cache
 from django.core.mail import EmailMessage
@@ -223,17 +225,19 @@ def test_full_markdown_syntax():
 class TestPageHandling(TestCase):
     @classmethod
     def setUpTestData(cls):
-        cls.root = User.objects.get(username="root")
-        cls.root_group = Group.objects.get(name="Root")
+        cls.group = baker.make(
+            Group, permissions=[Permission.objects.get(codename="add_page")]
+        )
+        cls.user = baker.make(User, groups=[cls.group])
 
     def setUp(self):
-        self.client.force_login(self.root)
+        self.client.force_login(self.user)
 
     def test_create_page_ok(self):
         """Should create a page correctly."""
         response = self.client.post(
             reverse("core:page_new"),
-            {"parent": "", "name": "guy", "owner_group": self.root_group.id},
+            {"parent": "", "name": "guy", "owner_group": self.group.id},
         )
         self.assertRedirects(
             response, reverse("core:page", kwargs={"page_name": "guy"})
@@ -249,32 +253,38 @@ class TestPageHandling(TestCase):
 
     def test_create_child_page_ok(self):
         """Should create a page correctly."""
-        # remove all other pages to make sure there is no side effect
-        Page.objects.all().delete()
-        self.client.post(
-            reverse("core:page_new"),
-            {"parent": "", "name": "guy", "owner_group": str(self.root_group.id)},
+        parent = baker.prepare(Page)
+        parent.save(force_lock=True)
+        response = self.client.get(
+            reverse("core:page_new") + f"?page={parent._full_name}/new"
         )
-        page = Page.objects.first()
-        self.client.post(
+
+        assert response.status_code == 200
+        # The name and parent inputs should be already filled
+        soup = BeautifulSoup(response.content.decode(), "lxml")
+        assert soup.find("input", {"name": "name"})["value"] == "new"
+        select = soup.find("autocomplete-select", {"name": "parent"})
+        assert select.find("option", {"selected": True})["value"] == str(parent.id)
+
+        response = self.client.post(
             reverse("core:page_new"),
             {
-                "parent": str(page.id),
-                "name": "bibou",
-                "owner_group": str(self.root_group.id),
+                "parent": str(parent.id),
+                "name": "new",
+                "owner_group": str(self.group.id),
             },
         )
-        response = self.client.get(
-            reverse("core:page", kwargs={"page_name": "guy/bibou"})
-        )
+        new_url = reverse("core:page", kwargs={"page_name": f"{parent._full_name}/new"})
+        assertRedirects(response, new_url, fetch_redirect_response=False)
+        response = self.client.get(new_url)
         assert response.status_code == 200
-        assert '<a href="/page/guy/bibou/">' in str(response.content)
+        assert f'<a href="/page/{parent._full_name}/new/">' in response.content.decode()
 
     def test_access_child_page_ok(self):
         """Should display a page correctly."""
-        parent = Page(name="guy", owner_group=self.root_group)
+        parent = Page(name="guy", owner_group=self.group)
         parent.save(force_lock=True)
-        page = Page(name="bibou", owner_group=self.root_group, parent=parent)
+        page = Page(name="bibou", owner_group=self.group, parent=parent)
         page.save(force_lock=True)
         response = self.client.get(
             reverse("core:page", kwargs={"page_name": "guy/bibou"})
@@ -293,7 +303,8 @@ class TestPageHandling(TestCase):
     def test_create_page_markdown_safe(self):
         """Should format the markdown and escape html correctly."""
         self.client.post(
-            reverse("core:page_new"), {"parent": "", "name": "guy", "owner_group": "1"}
+            reverse("core:page_new"),
+            {"parent": "", "name": "guy", "owner_group": self.group.id},
         )
         self.client.post(
             reverse("core:page_edit", kwargs={"page_name": "guy"}),

core/views/page.py

@@ -12,6 +12,7 @@
 # OR WITHIN THE LOCAL FILE "LICENSE"
 #
 #
+from django.contrib.auth.mixins import PermissionRequiredMixin
 
 # This file contains all the views that concern the page model
 from django.forms.models import modelform_factory
@@ -22,7 +23,6 @@ from django.views.generic import DetailView, ListView
 from django.views.generic.edit import CreateView, DeleteView, UpdateView
 
 from core.auth.mixins import (
-    CanCreateMixin,
     CanEditMixin,
     CanEditPropMixin,
     CanViewMixin,
@@ -115,20 +115,22 @@ class PageRevView(CanViewMixin, DetailView):
         return context
 
 
-class PageCreateView(CanCreateMixin, CreateView):
+class PageCreateView(PermissionRequiredMixin, CreateView):
     model = Page
     form_class = PageForm
     template_name = "core/page_prop.jinja"
+    permission_required = "core.add_page"
 
     def get_initial(self):
-        init = {}
-        if "page" in self.request.GET:
-            page_name = self.request.GET["page"]
-            parent_name = "/".join(page_name.split("/")[:-1])
-            parent = Page.get_page_by_full_name(parent_name)
+        init = super().get_initial()
+        if "page" not in self.request.GET:
+            return init
+        page_name = self.request.GET["page"].rsplit("/", maxsplit=1)
+        if len(page_name) == 2:
+            parent = Page.get_page_by_full_name(page_name[0])
             if parent is not None:
                 init["parent"] = parent.id
-            init["name"] = page_name.split("/")[-1]
+        init["name"] = page_name[-1]
         return init
 
     def get_context_data(self, **kwargs):