From d16237d015597c748c7e72a5bb2abd95db68921c Mon Sep 17 00:00:00 2001 From: imperosol Date: Wed, 12 Mar 2025 13:24:02 +0100 Subject: [PATCH] make PageCreateView a PermissionRequiredMixin --- core/auth/mixins.py | 3 +- core/management/commands/populate.py | 1 + core/templates/core/base.jinja | 12 +++---- core/templates/core/page.jinja | 9 +++-- core/tests/test_core.py | 53 +++++++++++++++++----------- core/views/page.py | 18 +++++----- 6 files changed, 54 insertions(+), 42 deletions(-) diff --git a/core/auth/mixins.py b/core/auth/mixins.py index 974e9bd1..54bdc481 100644 --- a/core/auth/mixins.py +++ b/core/auth/mixins.py @@ -169,10 +169,9 @@ class CanCreateMixin(View): super().__init__(*args, **kwargs) def dispatch(self, request, *arg, **kwargs): - res = super().dispatch(request, *arg, **kwargs) if not request.user.is_authenticated: raise PermissionDenied - return res + return super().dispatch(request, *arg, **kwargs) def form_valid(self, form): obj = form.instance diff --git a/core/management/commands/populate.py b/core/management/commands/populate.py index 5abcb203..492f971b 100644 --- a/core/management/commands/populate.py +++ b/core/management/commands/populate.py @@ -919,6 +919,7 @@ Welcome to the wiki page! "view_album", "view_peoplepicturerelation", "add_peoplepicturerelation", + "add_page", ] ) ) diff --git a/core/templates/core/base.jinja b/core/templates/core/base.jinja index 6ee285b2..41b13398 100644 --- a/core/templates/core/base.jinja +++ b/core/templates/core/base.jinja @@ -84,18 +84,18 @@
- {% block tabs %} + {%- block tabs -%} {% include "core/base/tabs.jinja" %} - {% endblock %} + {%- endblock -%} - {% block errors%} + {%- block errors -%} {% if error %} {{ error }} {% endif %} - {% endblock %} + {%- endblock -%} - {% block content %} - {% endblock %} + {%- block content -%} + {%- endblock -%}
diff --git a/core/templates/core/page.jinja b/core/templates/core/page.jinja index 620839aa..862bb216 100644 --- a/core/templates/core/page.jinja +++ b/core/templates/core/page.jinja @@ -12,16 +12,15 @@ {% endif %} {% endblock %} -{% macro print_page_name(page) %} - {% if page %} +{%- macro print_page_name(page) -%} + {%- if page -%} {{ print_page_name(page.parent) }} > {{ page.get_display_name() }} - {% endif %} -{% endmacro %} + {%- endif -%} +{%- endmacro -%} {% block content %} {{ print_page_name(page) }} -
{% if page %} diff --git a/core/tests/test_core.py b/core/tests/test_core.py index e6b37e5c..930e8819 100644 --- a/core/tests/test_core.py +++ b/core/tests/test_core.py @@ -18,7 +18,9 @@ from smtplib import SMTPException import freezegun import pytest +from bs4 import BeautifulSoup from django.contrib.auth.hashers import make_password +from django.contrib.auth.models import Permission from django.core import mail from django.core.cache import cache from django.core.mail import EmailMessage @@ -223,17 +225,19 @@ def test_full_markdown_syntax(): class TestPageHandling(TestCase): @classmethod def setUpTestData(cls): - cls.root = User.objects.get(username="root") - cls.root_group = Group.objects.get(name="Root") + cls.group = baker.make( + Group, permissions=[Permission.objects.get(codename="add_page")] + ) + cls.user = baker.make(User, groups=[cls.group]) def setUp(self): - self.client.force_login(self.root) + self.client.force_login(self.user) def test_create_page_ok(self): """Should create a page correctly.""" response = self.client.post( reverse("core:page_new"), - {"parent": "", "name": "guy", "owner_group": self.root_group.id}, + {"parent": "", "name": "guy", "owner_group": self.group.id}, ) self.assertRedirects( response, reverse("core:page", kwargs={"page_name": "guy"}) @@ -249,32 +253,38 @@ class TestPageHandling(TestCase): def test_create_child_page_ok(self): """Should create a page correctly.""" - # remove all other pages to make sure there is no side effect - Page.objects.all().delete() - self.client.post( - reverse("core:page_new"), - {"parent": "", "name": "guy", "owner_group": str(self.root_group.id)}, + parent = baker.prepare(Page) + parent.save(force_lock=True) + response = self.client.get( + reverse("core:page_new") + f"?page={parent._full_name}/new" ) - page = Page.objects.first() - self.client.post( + + assert response.status_code == 200 + # The name and parent inputs should be already filled + soup = BeautifulSoup(response.content.decode(), "lxml") + assert soup.find("input", {"name": "name"})["value"] == "new" + select = soup.find("autocomplete-select", {"name": "parent"}) + assert select.find("option", {"selected": True})["value"] == str(parent.id) + + response = self.client.post( reverse("core:page_new"), { - "parent": str(page.id), - "name": "bibou", - "owner_group": str(self.root_group.id), + "parent": str(parent.id), + "name": "new", + "owner_group": str(self.group.id), }, ) - response = self.client.get( - reverse("core:page", kwargs={"page_name": "guy/bibou"}) - ) + new_url = reverse("core:page", kwargs={"page_name": f"{parent._full_name}/new"}) + assertRedirects(response, new_url, fetch_redirect_response=False) + response = self.client.get(new_url) assert response.status_code == 200 - assert '' in str(response.content) + assert f'' in response.content.decode() def test_access_child_page_ok(self): """Should display a page correctly.""" - parent = Page(name="guy", owner_group=self.root_group) + parent = Page(name="guy", owner_group=self.group) parent.save(force_lock=True) - page = Page(name="bibou", owner_group=self.root_group, parent=parent) + page = Page(name="bibou", owner_group=self.group, parent=parent) page.save(force_lock=True) response = self.client.get( reverse("core:page", kwargs={"page_name": "guy/bibou"}) @@ -293,7 +303,8 @@ class TestPageHandling(TestCase): def test_create_page_markdown_safe(self): """Should format the markdown and escape html correctly.""" self.client.post( - reverse("core:page_new"), {"parent": "", "name": "guy", "owner_group": "1"} + reverse("core:page_new"), + {"parent": "", "name": "guy", "owner_group": self.group.id}, ) self.client.post( reverse("core:page_edit", kwargs={"page_name": "guy"}), diff --git a/core/views/page.py b/core/views/page.py index f4b04f9c..23898217 100644 --- a/core/views/page.py +++ b/core/views/page.py @@ -12,6 +12,7 @@ # OR WITHIN THE LOCAL FILE "LICENSE" # # +from django.contrib.auth.mixins import PermissionRequiredMixin # This file contains all the views that concern the page model from django.forms.models import modelform_factory @@ -22,7 +23,6 @@ from django.views.generic import DetailView, ListView from django.views.generic.edit import CreateView, DeleteView, UpdateView from core.auth.mixins import ( - CanCreateMixin, CanEditMixin, CanEditPropMixin, CanViewMixin, @@ -115,20 +115,22 @@ class PageRevView(CanViewMixin, DetailView): return context -class PageCreateView(CanCreateMixin, CreateView): +class PageCreateView(PermissionRequiredMixin, CreateView): model = Page form_class = PageForm template_name = "core/page_prop.jinja" + permission_required = "core.add_page" def get_initial(self): - init = {} - if "page" in self.request.GET: - page_name = self.request.GET["page"] - parent_name = "/".join(page_name.split("/")[:-1]) - parent = Page.get_page_by_full_name(parent_name) + init = super().get_initial() + if "page" not in self.request.GET: + return init + page_name = self.request.GET["page"].rsplit("/", maxsplit=1) + if len(page_name) == 2: + parent = Page.get_page_by_full_name(page_name[0]) if parent is not None: init["parent"] = parent.id - init["name"] = page_name.split("/")[-1] + init["name"] = page_name[-1] return init def get_context_data(self, **kwargs):