Changeset 1108 in main for branches

Timestamp:

05/21/12 15:54:57 (8 years ago)

Author:

pcosquer

Message:

do not allow to delegate someone who is not in the same group of an object. fixes #119

Location:

branches/1.0/openPLM

Files:

• plmapp/controllers/plmobject.py (modified) (7 diffs)
• plmapp/templatetags/plmapp_tags.py (modified) (1 diff)
• plmapp/tests/base.py (modified) (1 diff)
• plmapp/tests/controllers/plmobject.py (modified) (3 diffs)
• plmapp/tests/views.py (modified) (5 diffs)
• plmapp/views/main.py (modified) (1 diff)
• templates/management.html (modified) (1 diff)

branches/1.0/openPLM/plmapp/controllers/plmobject.py

@@ -117 +117 @@
             if sponsor.username == settings.COMPANY:
                 sponsor = user
+            if not obj.check_in_group(sponsor, False):
+                sponsor = user
         except models.DelegationLink.DoesNotExist:
             sponsor = user
@@ -281 +283 @@
         if not self.object.is_editable:
             raise PermissionError("The object is not editable")
+
+    def check_in_group(self, user, raise_=True):
+        if user.username == settings.COMPANY:
+            return True
+        if not self.group.user_set.filter(id=user.id).exists():
+            if raise_:
+                raise PermissionError("The user %s does not belong to the group." % user.username)
+            else:
+                return False
+        return True
 
     def revise(self, new_revision):
@@ -379 +391 @@
         if not dirty:
             self.check_contributor(new_owner)
+            self.check_in_group(new_owner)
             if new_owner.username == settings.COMPANY:
                 if self.is_editable:
@@ -409 +422 @@
         if new_notified != self._user:
             self.check_permission("owner")
+        self.check_in_group(new_notified)
         models.PLMObjectUserLink.objects.create(plmobject=self.object,
             user=new_notified, role="notified")
@@ -430 +444 @@
                 user=notified, role="notified")
         link.delete()
-        details = "user: %s" % notified
+        details = u"user: %s" % notified
         self._save_histo("Notified removed", details) 
 
@@ -447 +461 @@
 
         self.check_contributor(signer)
+        self.check_in_group(signer)
+        
         # remove old signer
         old_signer = None
@@ -465 +481 @@
         models.PLMObjectUserLink.objects.create(plmobject=self.object,
                                                 user=signer, role=role)
-        details = "signer: %s, level : %d" % (signer, level)
+        details = u"signer: %s, level : %d" % (signer, level)
         if old_signer:
-            details += ", old signer: %s" % old_signer
+            details += u", old signer: %s" % old_signer
         self._save_histo("New signer", details) 
 

branches/1.0/openPLM/plmapp/templatetags/plmapp_tags.py

@@ -37 +37 @@
         return parent.can_add_child(child)
     elif action == "delegate":
-        return isinstance(child, (User, UserController))
- 
+        if isinstance(child, (User, UserController)):
+            if hasattr(parent, "check_in_group"):
+                from django.conf import settings
+                if child.username == settings.COMPANY:
+                    return False
+                return parent.check_in_group(child)
+        return True
     return False
 

branches/1.0/openPLM/plmapp/tests/base.py

@@ -39 +39 @@
         user.get_profile().is_contributor = True
         user.get_profile().save()
+        user.groups.add(self.group)
         return user
 

branches/1.0/openPLM/plmapp/tests/controllers/plmobject.py

@@ -177 +177 @@
         controller = self.create("Part1")
         user = self.get_contributor()
+        user.groups.remove(self.group)
         ctrl = self.CONTROLLER(controller.object, user)
         self.failIf(ctrl.is_revisable())
@@ -280 +281 @@
         self.assertRaises(ValueError, controller.set_owner, self.cie)
 
+    def test_set_owner_error_not_in_group(self):
+        controller = self.create("Part1")
+        user = self.get_contributor()
+        user.groups.remove(self.group)
+        self.assertRaises(exc.PermissionError, controller.set_owner, user)
+
     def test_set_sign1(self):
         controller = self.create("Part1")
@@ -300 +307 @@
         user = User(username="user2")
         user.save()
+        user.groups.add(controller.group)
         self.assertRaises(exc.PermissionError, controller.set_role, user,
                           level_to_sign_str(0))
 
+    def test_set_signerr_error_not_in_group(self):
+        controller = self.create("Part1")
+        user = self.get_contributor()
+        user.groups.remove(self.group)
+        self.assertRaises(exc.PermissionError, controller.set_role, user,
+                          level_to_sign_str(0))
+
     def test_add_notified(self):
         controller = self.create("Part1")
         user = User(username="user2")
         user.save()
+        user.groups.add(controller.group)
         controller.add_notified(user)
         models.PLMObjectUserLink.objects.get(user=user, plmobject=controller.object,
                                       role="notified")
+
+    def test_add_notified_error_not_in_group(self):
+        controller = self.create("Part1")
+        user = self.get_contributor()
+        user.groups.remove(self.group)
+        self.assertRaises(exc.PermissionError, controller.add_notified, user)
 
     def test_remove_notified(self):

branches/1.0/openPLM/plmapp/tests/views.py

@@ -362 +362 @@
     def test_management(self):
         response = self.get(self.base_url + "management/", page="management")
+        self.brian.groups.add(self.group)
         self.controller.set_owner(self.brian)
         response = self.get(self.base_url + "management/")
@@ -378 +379 @@
     def test_management_add_post(self):
         data = dict(type="User", username=self.brian.username)
+        self.brian.groups.add(self.group)
         response = self.post(self.base_url + "management/add/", data)
         self.assertTrue(m.PLMObjectUserLink.objects.filter(plmobject=self.controller.object,
@@ -384 +386 @@
     def test_management_replace_get(self):
         role = level_to_sign_str(0)
+        self.brian.groups.add(self.group)
         self.controller.set_signer(self.brian, role)
         link = m.PLMObjectUserLink.objects.get(plmobject=self.controller.object,
@@ -395 +398 @@
     def test_management_replace_post(self):
         role = level_to_sign_str(0)
+        self.brian.groups.add(self.group)
         self.controller.set_signer(self.brian, role)
         link = m.PLMObjectUserLink.objects.get(plmobject=self.controller.object,
@@ -407 +411 @@
 
     def test_management_delete(self):
+        self.brian.groups.add(self.group)
         self.controller.add_notified(self.brian)
         link = m.PLMObjectUserLink.objects.get(plmobject=self.controller.object,

branches/1.0/openPLM/plmapp/views/main.py

@@ -1016 +1016 @@
             ctx["remove_notify_link"] = link[0]
         else:
-            initial = { "type" : "User",
-                        "username" : request.user.username
-                      }
-            form = forms.SelectUserForm(initial=initial)
-            for field in ("type", "username"):
-                form.fields[field].widget = HiddenInput() 
-            ctx["notify_self_form"] = form
+            if obj.check_in_group(request.user, False):
+                initial = { "type" : "User",
+                            "username" : request.user.username
+                          }
+                form = forms.SelectUserForm(initial=initial)
+                for field in ("type", "username"):
+                    form.fields[field].widget = HiddenInput() 
+                ctx["notify_self_form"] = form
+                ctx["can_notify"] = True
+            else:
+                ctx["can_notify"] = False
     ctx.update({'current_page':'management',
-                'object_management': object_management_list})
+            'object_management': object_management_list})
     
     return r2r('management.html', ctx, request)

branches/1.0/openPLM/templates/management.html

@@ -20 +20 @@
             </form>
         {% else %}
-            <form  method="POST" action="./add/">
-                {{ notify_self_form.as_p }}
-                <input name="action" type="submit" class="{{"Button"|button}}" value="{% trans "Notify me" %}" />
-            </form>
+            {% if can_notify %}
+                <form  method="POST" action="./add/">
+                    {{ notify_self_form.as_p }}
+                    <input name="action" type="submit" class="{{"Button"|button}}" value="{% trans "Notify me" %}" />
+                </form>
+            {% endif %}
         {% endif %}
     {% endif %}