Commits

Kai Diefenbach committed 1d7d59f

Bugfix: get_allowed_transitions; return only allowed permissions; issue #2

  • Participants
  • Parent commits 3dc39ad

Comments (0)

Files changed (3)

File workflows/models.py

 from django.utils.translation import ugettext_lazy as _
 
 # permissions imports
+import permissions.utils
 from permissions.models import Permission
 from permissions.models import Role
 
     def __unicode__(self):
         return "%s (%s)" % (self.name, self.workflow.name)
 
-    def get_allowed_transitions(self, user):
-        """Returns all allowed transitions for given user.
+    def get_allowed_transitions(self, obj, user):
+        """Returns all allowed transitions for passed object and user.
         """
-        return self.transitions.all()
+        transitions = []
+        for transition in self.transitions.all():
+            permission = transition.permission
+            if permission is None or permissions.utils.has_permission(obj, user, permission.codename):
+               transitions.append(transition)
+
+        return transitions
 
 class Transition(models.Model):
     """A transition from a source to a destination state. The transition can

File workflows/tests.py

         self.assertEqual(states[0], self.private)
         self.assertEqual(states[1], self.public)
 
-    def test_transitions(self):
-        """
-        """
-        transitions = self.public.transitions.all()
-        self.assertEqual(len(transitions), 1)
-        self.assertEqual(transitions[0], self.make_private)
-
-        transitions = self.private.transitions.all()
-        self.assertEqual(len(transitions), 1)
-        self.assertEqual(transitions[0], self.make_public)
-
-    def test_get_transitions(self):
-        """
-        """
-        request = create_request()
-        transitions = self.private.get_allowed_transitions(request.user)
-        self.assertEqual(len(transitions), 1)
-        self.assertEqual(transitions[0], self.make_public)
-
-        transitions = self.public.get_allowed_transitions(request.user)
-        self.assertEqual(len(transitions), 1)
-        self.assertEqual(transitions[0], self.make_private)
-
     def test_unicode(self):
         """
         """
         result = workflows.utils.get_objects_for_workflow("Wrong")
         self.assertEqual(result, [])
 
-
     def test_remove_workflow_from_model(self):
         """
         """
         result = workflows.utils.remove_workflow(self.user)
         self.assertEqual(result, None)
 
+    def get_allowed_transitions(self):
+        """Tests get_allowed_transitions method
+        """
+        page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
+        role_1 = permissions.utils.register_role("Role 1")
+        permissions.utils.add_role(self.user, role_1)
+
+        view = permissions.utils.register_permission("Publish", "publish")
+
+        transitions = self.private.get_allowed_transitions(page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+
+        # protect the transition with a permission
+        self.make_public.permission = view
+        self.make_public.save()
+
+        # user has no transition
+        transitions = self.private.get_allowed_transitions(page_1, self.user)
+        self.assertEqual(len(transitions), 0)
+
+        # grant permission
+        permissions.utils.grant_permission(page_1, role_1, view)
+
+        # user has transition again
+        transitions = self.private.get_allowed_transitions(page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+
 class StateTestCase(TestCase):
     """Tests the State model
     """
         """
         """
         create_workflow(self)
+        self.user = User.objects.create()
+        self.role_1 = permissions.utils.register_role("Role 1")
+        permissions.utils.add_role(self.user, self.role_1)
+        self.page_1 = FlatPage.objects.create(url="/page-1/", title="Page 1")
 
     def test_unicode(self):
         """
         """
         self.assertEqual(self.private.__unicode__(), u"Private (Standard)")
 
+    def test_transitions(self):
+        """
+        """
+        transitions = self.public.transitions.all()
+        self.assertEqual(len(transitions), 1)
+        self.assertEqual(transitions[0], self.make_private)
+
+        transitions = self.private.transitions.all()
+        self.assertEqual(len(transitions), 1)
+        self.assertEqual(transitions[0], self.make_public)
+
+    def test_get_transitions(self):
+        """
+        """
+        transitions = self.private.get_allowed_transitions(self.page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+        self.assertEqual(transitions[0], self.make_public)
+
+        transitions = self.public.get_allowed_transitions(self.page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+        self.assertEqual(transitions[0], self.make_private)
+
+    def test_get_allowed_transitions(self):
+        """
+        """
+        self.view = permissions.utils.register_permission("Publish", "publish")
+        transitions = self.private.get_allowed_transitions(self.page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+
+        # protect the transition with a permission
+        self.make_public.permission = self.view
+        self.make_public.save()
+
+        # user has no transition
+        transitions = self.private.get_allowed_transitions(self.page_1, self.user)
+        self.assertEqual(len(transitions), 0)
+
+        # grant permission
+        permissions.utils.grant_permission(self.page_1, self.role_1, self.view)
+
+        # user has transition again
+        transitions = self.private.get_allowed_transitions(self.page_1, self.user)
+        self.assertEqual(len(transitions), 1)
+
 class TransitionTestCase(TestCase):
     """Tests the Transition model
     """

File workflows/utils.py

 
     transitions = []
     for transition in state.transitions.all():
-        transitions.append(transition)
+        permission = transition.permission
+        if permission is None or self.has_permission(user, permission.codename):
+           transitions.append(transition)
 
     return transitions