fix question edit permissions
This commit is contained in:
+1
-1
@@ -598,7 +598,7 @@ class AnatomyQuestionAnswerUpdate(RevisionMixin, AuthorOrCheckerRequiredMixin, U
|
||||
return super().form_invalid(form)
|
||||
|
||||
# class AnatomyQuestionUpdate(LoginRequiredMixin, AuthorOrCheckerRequiredMixin,
|
||||
class AnatomyQuestionUpdate(UpdateQuestionMixin,AuthorOrCheckerRequiredMixin):
|
||||
class AnatomyQuestionUpdate(UpdateQuestionMixin):
|
||||
model = AnatomyQuestion
|
||||
form_class = AnatomyQuestionForm
|
||||
|
||||
|
||||
+14
-1
@@ -3625,9 +3625,22 @@ class UpdateQuestionMixin(RedirectMixin, RevisionMixin, UpdateView):
|
||||
def get_form_kwargs(self):
|
||||
kwargs = super().get_form_kwargs()
|
||||
kwargs.update({"user": self.request.user})
|
||||
|
||||
return kwargs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context["question"] = context["object"]
|
||||
return context
|
||||
|
||||
# Do permission checks here
|
||||
|
||||
obj = context["object"]
|
||||
if (
|
||||
self.request.user.groups.filter(name="long_checker").exists()
|
||||
or self.request.user.is_superuser
|
||||
):
|
||||
return context
|
||||
if self.request.user in obj.get_author_objects():
|
||||
return context
|
||||
raise PermissionDenied() # or Http404
|
||||
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
|
||||
from django.urls import reverse
|
||||
import pytest
|
||||
|
||||
from longs.models import Long
|
||||
|
||||
|
||||
def create_question():
|
||||
return Long.objects.create(
|
||||
description="Test Question",
|
||||
)
|
||||
|
||||
def create_user(db, django_user_model):
|
||||
return django_user_model.objects.create_user(
|
||||
"user1", "user1@user.com", "password"
|
||||
)
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_question_creation(client, db, django_user_model):
|
||||
question = create_question()
|
||||
assert question.description == "Test Question"
|
||||
assert question.get_absolute_url() == f"/longs/question/{question.pk}/"
|
||||
|
||||
# Test access
|
||||
user = create_user(db, django_user_model)
|
||||
client.force_login(user)
|
||||
|
||||
# View access
|
||||
response = client.get(reverse("longs:question_detail", kwargs={"pk": question.pk}), follow=True)
|
||||
assert response.status_code == 403
|
||||
|
||||
response = client.get(reverse("longs:long_update", kwargs={"pk": question.pk}), follow=True)
|
||||
assert response.status_code == 403
|
||||
|
||||
|
||||
# Add author
|
||||
question.add_author(user)
|
||||
|
||||
# Test author access
|
||||
response = client.get(reverse("longs:question_detail", kwargs={"pk": question.pk}), follow=True)
|
||||
assert response.status_code == 200
|
||||
|
||||
response = client.get(reverse("longs:long_update", kwargs={"pk": question.pk}), follow=True)
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
+1
-1
@@ -506,7 +506,7 @@ class LongCreate(LongCreateBase):
|
||||
|
||||
|
||||
class LongUpdate(
|
||||
UpdateQuestionMixin,AuthorOrCheckerRequiredMixin
|
||||
UpdateQuestionMixin
|
||||
):
|
||||
model = Long
|
||||
form_class = LongForm
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
|
||||
import pytest
|
||||
|
||||
from longs.models import Long
|
||||
|
||||
|
||||
+1
-1
@@ -376,7 +376,7 @@ class RapidAnswerUpdate(RevisionMixin, AuthorOrCheckerRequiredMixin, UpdateView)
|
||||
|
||||
|
||||
class RapidUpdate(
|
||||
UpdateQuestionMixin,AuthorOrCheckerRequiredMixin
|
||||
UpdateQuestionMixin
|
||||
):
|
||||
model = Rapid
|
||||
form_class = RapidForm
|
||||
|
||||
+1
-1
@@ -318,7 +318,7 @@ class QuestionCreate(QuestionCreateBase):
|
||||
return initial
|
||||
|
||||
|
||||
class QuestionUpdate(AuthorOrCheckerRequiredMixin, UpdateQuestionMixin):
|
||||
class QuestionUpdate(UpdateQuestionMixin):
|
||||
model = Question
|
||||
form_class = QuestionForm
|
||||
|
||||
|
||||
Reference in New Issue
Block a user