Skip to content

Don't show edit/create page buttons and page git changes when user doesn't have required permissions #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fpytloun wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Don't show edit/create page buttons and page git changes when user doesn't have required permissions #102

fpytloun wants to merge 3 commits into from

Conversation

@fpytloun
Copy link
Contributor

@fpytloun fpytloun commented Jun 7, 2015

Don't know if this is desired behavior but it makes sense to me to don't show
per-page button if user doesn't have permissions to edit given page.
Therefore it also makes sense to raise 404 when user access page that doesn't
exist and doesn't have permissions to create it (eg. anonymous user).

Fixing behavior of whatchanged makes it possible to have part of wiki hidden and available only for given users/groups.

@fpytloun fpytloun force-pushed the master branch 6 times, most recently from 3f6ca46 to 52678ee Compare June 7, 2015 18:05
@fpytloun
Copy link
Contributor Author

fpytloun commented Jun 7, 2015

Hm, I am not sure how to fix the tests. Tried following:

diff --git a/tests/test_views.py b/tests/test_views.py
index 649d366..0dfddbd 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -22,8 +22,8 @@ class TestPageView(TestCase):
         response = self.client.get(self.page.get_absolute_url())
         self.assertContains(response, self.page.title)
         self.assertContains(response, self.page.body)
+        # We don't have edit permissions, there should be no edit link
         self.assertContains(response, self.edit_url)
-        self.assertTemplateUsed(response, 'waliki/detail.html')

     def test_view_raw(self):
         response = self.client.get(self.page.get_absolute_url() + '/raw')
@@ -37,9 +37,10 @@ class TestPageView(TestCase):

     def test_view_auth(self):
         user = UserFactory()
+        ACLRuleFactory(slug=self.page.slug, permissions=['change_page'], users=[user])
         self.client.login(username=user.username, password='pass')
-        with mock.patch('waliki.acl.WALIKI_ANONYMOUS_USER_PERMISSIONS', return_value=()):
-            response = self.client.get(self.page.get_absolute_url())
+
+        response = self.client.get(self.page.get_absolute_url())
         self.assertContains(response, self.page.body)
         self.assertContains(response, self.edit_url)
         self.assertTemplateUsed(response, 'waliki/detail.html')

But test_view_auth still doesn't work. It seems that permissions were not applied correctly before self.client.get

@fpytloun fpytloun changed the title Trivial fixes on when to show edit/create page buttons Don't show edit/create page buttons and page git changes when user doesn't have required permissions Jun 7, 2015
@fpytloun
Don't show edit button if user has no privileges to edit page
81f5ca1
@fpytloun
Raise 404 if page doesn't exist and user doesn't have permissions to …
9521378 
…create it
@fpytloun
Don't show pages without permissions in git whatchanged
f8a923d 
Only pages where user has view_page permissions are shown.
For RSS feed only pages, available to anonymous users are shown.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fpytloun