Commit 366ec242 authored by Ola Hermann Opheim's avatar Ola Hermann Opheim
Browse files

task_permissions_refac

parent 6a96fb46
from user.models import User
def can_modify_permissions(request, project, task):
accepted_task_offer = task.accepted_task_offer()
return (project.user == request.user.profile or
(accepted_task_offer and request.user == accepted_task_offer.offerer.user))
def change_permissions(task, task_permission_form):
try:
username = task_permission_form.cleaned_data['user']
user = User.objects.get(username=username)
permission_type =task_permission_form.cleaned_data['permission']
if permission_type == 'Read':
task.read.add(user.profile)
elif permission_type == 'Write':
task.write.add(user.profile)
elif permission_type == 'Modify':
task.modify.add(user.profile)
except (Exception):
print("user not found")
\ No newline at end of file
......@@ -11,13 +11,12 @@ def file_upload_and_access_handler(request, project, task, user_permissions):
existing_file = task.files.filter(file=directory_path(task_file, task_file.file.file)).first()
access = user_permissions['modify']
for team in request.user.profile.teams.all():
file_modify_access = TaskFileTeam.objects.filter(team=team, file=existing_file, modify=True).exists()
file_modify_access = TaskFileTeam.objects.filter(team=team, file=existing_file, modify=True).exists()
access = access or file_modify_access
if (access):
if access:
if existing_file:
existing_file.delete()
task_file.save()
if request.user.profile != project.user and request.user.profile != accepted_task_offer.offerer:
teams = request.user.profile.teams.filter(task__id=task.id)
for team in teams:
......
import unittest
from django.test import Client
from user.models import User
from projects.models import Project, Task
from test_helpers import create_multiple_test_data, delete_test_data
class TaskPermissionsRegressionTest(unittest.TestCase):
def setUp(self):
self.client = Client()
create_multiple_test_data()
self.project = Project.objects.get(title="Project1")
self.task = Task.objects.get(title="Task1")
def tearDown(self):
delete_test_data()
def test_unauthorized_route(self):
self.client.login(username= 'User2', password= 'top_secret')
response = self.client.post(f'/projects/{self.project.pk}/tasks/{self.task.id}/permissions/', follow=True)
self.assertTrue((f'/projects/{self.project.pk}/tasks/{self.task.id}/', 302) in response.redirect_chain)
def test_valid_perm_form_route(self):
self.client.login(username= 'User1', password= 'top_secret')
added_user = User.objects.get(username="User2")
response = self.client.post(f'/projects/{self.project.pk}/tasks/{self.task.id}/permissions/', {
'user': added_user.id,
'permission': 'Write'
}, follow=True)
self.assertTrue(added_user.profile in self.task.write.all())
self.assertTrue((f'/projects/{self.project.pk}/tasks/{self.task.id}/', 302) in response.redirect_chain)
def test_unvalid_perm_form_route(self):
self.client.login(username= 'User1', password= 'top_secret')
response = self.client.post(f'/projects/{self.project.pk}/tasks/{self.task.id}/permissions/', follow=True)
self.assertIsNotNone(response.context['project'])
......@@ -10,6 +10,7 @@ from .templatetags.projects_extras import sort_projects
from .templatetags.new_project_extras import create_new_project
from .templatetags.project_view_extras import offer_response_handler, edit_project_handler, offer_submit_handler, edit_offer_handler
from .templatetags.upload_extras import file_upload_and_access_handler
from .templatetags.task_permissions_extras import can_modify_permissions, change_permissions
def projects(request):
......@@ -20,7 +21,7 @@ def projects(request):
if request.method == 'POST' and 'sort_form' in request.POST:
sort_form = SortForm(request.POST)
if sort_form.is_valid():
sort_by = sort_form.save(commit=False)
sort_form.save(commit=False)
projects = sort_projects(projects, request.POST.get('sort_by'))
return render(request,
......@@ -259,43 +260,27 @@ def task_view(request, project_id, task_id):
@login_required
def task_permissions(request, project_id, task_id):
user = request.user
task = Task.objects.get(pk=task_id)
project = Project.objects.get(pk=project_id)
accepted_task_offer = task.accepted_task_offer()
if project.user == request.user.profile or user == accepted_task_offer.offerer.user:
task = Task.objects.get(pk=task_id)
if int(project_id) == task.project.id:
if request.method == 'POST':
task_permission_form = TaskPermissionForm(request.POST)
if task_permission_form.is_valid():
try:
username = task_permission_form.cleaned_data['user']
user = User.objects.get(username=username)
permission_type =task_permission_form.cleaned_data['permission']
if permission_type == 'Read':
task.read.add(user.profile)
elif permission_type == 'Write':
task.write.add(user.profile)
elif permission_type == 'Modify':
task.modify.add(user.profile)
except (Exception):
print("user not found")
return redirect('task_view', project_id=project_id, task_id=task_id)
task_permission_form = TaskPermissionForm()
if (can_modify_permissions(request, project, task) and
int(project_id) == task.project.id and
request.method == 'POST'):
task_permission_form = TaskPermissionForm(request.POST)
if task_permission_form.is_valid():
change_permissions(task, task_permission_form)
else:
return render(
request,
'projects/task_permissions.html',
{
'project': project,
'task': task,
'form': task_permission_form,
'form': TaskPermissionForm(),
}
)
return redirect('task_view', project_id=project_id, task_id=task_id)
@login_required
def delete_file(request, file_id):
f = TaskFile.objects.get(pk=file_id)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment