collection permission check + view stats
This commit is contained in:
Jeff Balogh
Родитель
f2752b7856
Коммит
0a43175850
|
|
@ -1,5 +1,6 @@
|
|||
import amo
|
||||
from addons.models import Addon
|
||||
from bandwagon.models import Collection
|
||||
|
||||
|
||||
def match_rules(rules, app, action):
|
||||
|
|
@ -31,11 +32,33 @@ def action_allowed(request, app, action):
|
|||
for group in getattr(request, 'groups', ()))
|
||||
|
||||
|
||||
def check_ownership(request, addon, require_owner=False):
|
||||
def check_ownership(request, obj, require_owner=False):
|
||||
"""Check if request.user has permissions for the object."""
|
||||
if isinstance(obj, Addon):
|
||||
return check_addon_ownership(request, obj, require_owner)
|
||||
elif isinstance(obj, Collection):
|
||||
return check_collection_ownership(request, obj, require_owner)
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
def check_collection_ownership(request, collection, require_owner=False):
|
||||
if not request.user.is_authenticated():
|
||||
return False
|
||||
if not require_owner and action_allowed(request, 'Admin', '%'):
|
||||
return True
|
||||
elif request.user.id == collection.author_id:
|
||||
return True
|
||||
elif not require_owner:
|
||||
return bool(collection.users.filter(user=request.user))
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
def check_addon_ownership(request, addon, require_owner=False):
|
||||
"""Check if request.user has owner permissions for the add-on."""
|
||||
if not request.user.is_authenticated():
|
||||
return False
|
||||
|
||||
if not require_owner and action_allowed(request, 'Admin', 'EditAnyAddon'):
|
||||
return True
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ from amo.urlresolvers import reverse
|
|||
from cake.models import Session
|
||||
from test_utils import TestCase
|
||||
|
||||
from .acl import match_rules, action_allowed, check_ownership
|
||||
from .acl import match_rules, action_allowed, check_addon_ownership
|
||||
|
||||
|
||||
def test_match_rules():
|
||||
|
|
@ -96,26 +96,26 @@ class TestCheckOwnership(TestCase):
|
|||
|
||||
def test_unauthenticated(self):
|
||||
self.request.user.is_authenticated = lambda: False
|
||||
eq_(False, check_ownership(self.request, self.addon))
|
||||
eq_(False, check_addon_ownership(self.request, self.addon))
|
||||
|
||||
@mock.patch('access.acl.action_allowed')
|
||||
def test_admin(self, allowed):
|
||||
eq_(True, check_ownership(self.request, self.addon))
|
||||
eq_(True, check_ownership(self.request, self.addon,
|
||||
eq_(True, check_addon_ownership(self.request, self.addon))
|
||||
eq_(True, check_addon_ownership(self.request, self.addon,
|
||||
require_owner=True))
|
||||
|
||||
def test_addon_status(self):
|
||||
self.addon.status = amo.STATUS_DISABLED
|
||||
eq_(False, check_ownership(self.request, self.addon))
|
||||
eq_(False, check_addon_ownership(self.request, self.addon))
|
||||
|
||||
def test_author_roles(self):
|
||||
f = self.addon.authors.filter
|
||||
roles = (amo.AUTHOR_ROLE_ADMINOWNER, amo.AUTHOR_ROLE_ADMIN,
|
||||
amo.AUTHOR_ROLE_OWNER, amo.AUTHOR_ROLE_DEV)
|
||||
|
||||
check_ownership(self.request, self.addon, True)
|
||||
check_addon_ownership(self.request, self.addon, True)
|
||||
eq_(f.call_args[1]['addonuser__role__in'], roles)
|
||||
|
||||
check_ownership(self.request, self.addon)
|
||||
check_addon_ownership(self.request, self.addon)
|
||||
eq_(f.call_args[1]['addonuser__role__in'],
|
||||
roles + (amo.AUTHOR_ROLE_VIEWER,))
|
||||
|
|
|
|||
|
|
@ -41,6 +41,12 @@
|
|||
{% endtrans %}
|
||||
</li>
|
||||
<li>{{ _('Updated {0}')|f(c.modified) }}</li>
|
||||
{% if perms.view_stats %}
|
||||
<li>
|
||||
<a href="{{ remora_url('/statistics/collection/' + c.uuid) }}">
|
||||
{{ _('View Statistics') }}</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
<h3>{{ _('About this Collection') }}</h3>
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ from django.http import QueryDict
|
|||
from nose.tools import eq_
|
||||
import test_utils
|
||||
|
||||
import amo.test_utils
|
||||
from amo.urlresolvers import reverse
|
||||
from bandwagon.models import Collection, CollectionVote
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import jingo
|
|||
from tower import ugettext_lazy as _lazy
|
||||
|
||||
import amo.utils
|
||||
from access import acl
|
||||
from addons.models import Addon
|
||||
from addons.views import BaseFilter
|
||||
from tags.models import Tag
|
||||
|
|
@ -61,12 +62,17 @@ def collection_detail(request, username, slug):
|
|||
else:
|
||||
others = []
|
||||
|
||||
perms = {
|
||||
'view_stats': acl.check_ownership(request, c, require_owner=False),
|
||||
}
|
||||
|
||||
tag_ids = c.top_tags
|
||||
tags = Tag.objects.filter(id__in=tag_ids) if tag_ids else []
|
||||
return jingo.render(request, 'bandwagon/collection_detail.html',
|
||||
{'collection': c, 'filter': filter,
|
||||
'addons': addons, 'notes': notes,
|
||||
'author_collections': others, 'tags': tags})
|
||||
'author_collections': others, 'tags': tags,
|
||||
'perms': perms})
|
||||
|
||||
|
||||
def get_notes(collection):
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче