mirror of
https://github.com/umap-project/umap.git
synced 2025-04-29 11:52:38 +02:00
feat: introduce Map.share_status=DRAFT and DELETED
This commit is contained in:
parent
c15ecfc29f
commit
1aaea0beb9
12 changed files with 238 additions and 98 deletions
|
@ -40,16 +40,12 @@ class UpdateMapPermissionsForm(forms.ModelForm):
|
||||||
|
|
||||||
|
|
||||||
class AnonymousMapPermissionsForm(forms.ModelForm):
|
class AnonymousMapPermissionsForm(forms.ModelForm):
|
||||||
STATUS = (
|
edit_status = forms.ChoiceField(choices=Map.ANONYMOUS_EDIT_STATUS)
|
||||||
(Map.OWNER, _("Only editable with secret edit link")),
|
share_status = forms.ChoiceField(choices=Map.ANONYMOUS_SHARE_STATUS)
|
||||||
(Map.ANONYMOUS, _("Everyone can edit")),
|
|
||||||
)
|
|
||||||
|
|
||||||
edit_status = forms.ChoiceField(choices=STATUS)
|
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Map
|
model = Map
|
||||||
fields = ("edit_status",)
|
fields = ("edit_status", "share_status")
|
||||||
|
|
||||||
|
|
||||||
class DataLayerForm(forms.ModelForm):
|
class DataLayerForm(forms.ModelForm):
|
||||||
|
@ -65,13 +61,7 @@ class DataLayerPermissionsForm(forms.ModelForm):
|
||||||
|
|
||||||
|
|
||||||
class AnonymousDataLayerPermissionsForm(forms.ModelForm):
|
class AnonymousDataLayerPermissionsForm(forms.ModelForm):
|
||||||
STATUS = (
|
edit_status = forms.ChoiceField(choices=DataLayer.ANONYMOUS_EDIT_STATUS)
|
||||||
(DataLayer.INHERIT, _("Inherit")),
|
|
||||||
(DataLayer.OWNER, _("Only editable with secret edit link")),
|
|
||||||
(DataLayer.ANONYMOUS, _("Everyone can edit")),
|
|
||||||
)
|
|
||||||
|
|
||||||
edit_status = forms.ChoiceField(choices=STATUS)
|
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = DataLayer
|
model = DataLayer
|
||||||
|
|
|
@ -38,13 +38,22 @@ def get_user_stars_url(self):
|
||||||
return reverse("user_stars", kwargs={"identifier": identifier})
|
return reverse("user_stars", kwargs={"identifier": identifier})
|
||||||
|
|
||||||
|
|
||||||
|
def get_user_metadata(self):
|
||||||
|
return {
|
||||||
|
"id": self.pk,
|
||||||
|
"name": str(self),
|
||||||
|
"url": self.get_url(),
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
User.add_to_class("__str__", display_name)
|
User.add_to_class("__str__", display_name)
|
||||||
User.add_to_class("get_url", get_user_url)
|
User.add_to_class("get_url", get_user_url)
|
||||||
User.add_to_class("get_stars_url", get_user_stars_url)
|
User.add_to_class("get_stars_url", get_user_stars_url)
|
||||||
|
User.add_to_class("get_metadata", get_user_metadata)
|
||||||
|
|
||||||
|
|
||||||
def get_default_share_status():
|
def get_default_share_status():
|
||||||
return settings.UMAP_DEFAULT_SHARE_STATUS or Map.PUBLIC
|
return settings.UMAP_DEFAULT_SHARE_STATUS or Map.DRAFT
|
||||||
|
|
||||||
|
|
||||||
def get_default_edit_status():
|
def get_default_edit_status():
|
||||||
|
@ -161,20 +170,30 @@ class Map(NamedModel):
|
||||||
ANONYMOUS = 1
|
ANONYMOUS = 1
|
||||||
COLLABORATORS = 2
|
COLLABORATORS = 2
|
||||||
OWNER = 3
|
OWNER = 3
|
||||||
|
DRAFT = 0
|
||||||
PUBLIC = 1
|
PUBLIC = 1
|
||||||
OPEN = 2
|
OPEN = 2
|
||||||
PRIVATE = 3
|
PRIVATE = 3
|
||||||
BLOCKED = 9
|
BLOCKED = 9
|
||||||
|
DELETED = 99
|
||||||
|
ANONYMOUS_EDIT_STATUS = (
|
||||||
|
(OWNER, _("Only editable with secret edit link")),
|
||||||
|
(ANONYMOUS, _("Everyone can edit")),
|
||||||
|
)
|
||||||
EDIT_STATUS = (
|
EDIT_STATUS = (
|
||||||
(ANONYMOUS, _("Everyone")),
|
(ANONYMOUS, _("Everyone")),
|
||||||
(COLLABORATORS, _("Editors and team only")),
|
(COLLABORATORS, _("Editors and team only")),
|
||||||
(OWNER, _("Owner only")),
|
(OWNER, _("Owner only")),
|
||||||
)
|
)
|
||||||
SHARE_STATUS = (
|
ANONYMOUS_SHARE_STATUS = (
|
||||||
|
(DRAFT, _("Draft (private)")),
|
||||||
(PUBLIC, _("Everyone (public)")),
|
(PUBLIC, _("Everyone (public)")),
|
||||||
|
)
|
||||||
|
SHARE_STATUS = ANONYMOUS_SHARE_STATUS + (
|
||||||
(OPEN, _("Anyone with link")),
|
(OPEN, _("Anyone with link")),
|
||||||
(PRIVATE, _("Editors and team only")),
|
(PRIVATE, _("Editors and team only")),
|
||||||
(BLOCKED, _("Blocked")),
|
(BLOCKED, _("Blocked")),
|
||||||
|
(DELETED, _("Deleted")),
|
||||||
)
|
)
|
||||||
slug = models.SlugField(db_index=True)
|
slug = models.SlugField(db_index=True)
|
||||||
center = models.PointField(geography=True, verbose_name=_("center"))
|
center = models.PointField(geography=True, verbose_name=_("center"))
|
||||||
|
@ -352,19 +371,20 @@ class Map(NamedModel):
|
||||||
return can
|
return can
|
||||||
|
|
||||||
def can_view(self, request):
|
def can_view(self, request):
|
||||||
if self.share_status == self.BLOCKED:
|
if self.share_status in [Map.BLOCKED, Map.DELETED]:
|
||||||
can = False
|
can = False
|
||||||
|
elif self.share_status in [Map.PUBLIC, Map.OPEN]:
|
||||||
|
can = True
|
||||||
elif self.owner is None:
|
elif self.owner is None:
|
||||||
can = True
|
can = settings.UMAP_ALLOW_ANONYMOUS and self.is_anonymous_owner(request)
|
||||||
elif self.share_status in [self.PUBLIC, self.OPEN]:
|
|
||||||
can = True
|
|
||||||
elif not request.user.is_authenticated:
|
elif not request.user.is_authenticated:
|
||||||
can = False
|
can = False
|
||||||
elif request.user == self.owner:
|
elif request.user == self.owner:
|
||||||
can = True
|
can = True
|
||||||
else:
|
else:
|
||||||
|
restricted = self.share_status in [Map.PRIVATE, Map.DRAFT]
|
||||||
can = not (
|
can = not (
|
||||||
self.share_status == self.PRIVATE
|
restricted
|
||||||
and request.user not in self.editors.all()
|
and request.user not in self.editors.all()
|
||||||
and self.team not in request.user.teams.all()
|
and self.team not in request.user.teams.all()
|
||||||
)
|
)
|
||||||
|
@ -444,6 +464,11 @@ class DataLayer(NamedModel):
|
||||||
(COLLABORATORS, _("Editors and team only")),
|
(COLLABORATORS, _("Editors and team only")),
|
||||||
(OWNER, _("Owner only")),
|
(OWNER, _("Owner only")),
|
||||||
)
|
)
|
||||||
|
ANONYMOUS_EDIT_STATUS = (
|
||||||
|
(INHERIT, _("Inherit")),
|
||||||
|
(OWNER, _("Only editable with secret edit link")),
|
||||||
|
(ANONYMOUS, _("Everyone can edit")),
|
||||||
|
)
|
||||||
uuid = models.UUIDField(unique=True, primary_key=True, editable=False)
|
uuid = models.UUIDField(unique=True, primary_key=True, editable=False)
|
||||||
old_id = models.IntegerField(null=True, blank=True)
|
old_id = models.IntegerField(null=True, blank=True)
|
||||||
map = models.ForeignKey(Map, on_delete=models.CASCADE)
|
map = models.ForeignKey(Map, on_delete=models.CASCADE)
|
||||||
|
|
|
@ -50,6 +50,14 @@ export class MapPermissions extends ServerStored {
|
||||||
selectOptions: this._umap.properties.edit_statuses,
|
selectOptions: this._umap.properties.edit_statuses,
|
||||||
},
|
},
|
||||||
])
|
])
|
||||||
|
fields.push([
|
||||||
|
'properties.share_status',
|
||||||
|
{
|
||||||
|
handler: 'IntSelect',
|
||||||
|
label: translate('Who can view'),
|
||||||
|
selectOptions: this._umap.properties.share_statuses,
|
||||||
|
},
|
||||||
|
])
|
||||||
const builder = new U.FormBuilder(this, fields)
|
const builder = new U.FormBuilder(this, fields)
|
||||||
const form = builder.build()
|
const form = builder.build()
|
||||||
container.appendChild(form)
|
container.appendChild(form)
|
||||||
|
@ -184,11 +192,11 @@ export class MapPermissions extends ServerStored {
|
||||||
}
|
}
|
||||||
if (this.isOwner() || this.isAnonymousMap()) {
|
if (this.isOwner() || this.isAnonymousMap()) {
|
||||||
formData.append('edit_status', this.properties.edit_status)
|
formData.append('edit_status', this.properties.edit_status)
|
||||||
|
formData.append('share_status', this.properties.share_status)
|
||||||
}
|
}
|
||||||
if (this.isOwner()) {
|
if (this.isOwner()) {
|
||||||
formData.append('owner', this.properties.owner?.id)
|
formData.append('owner', this.properties.owner?.id)
|
||||||
formData.append('team', this.properties.team?.id || '')
|
formData.append('team', this.properties.team?.id || '')
|
||||||
formData.append('share_status', this.properties.share_status)
|
|
||||||
}
|
}
|
||||||
const [data, response, error] = await this._umap.server.post(
|
const [data, response, error] = await this._umap.server.post(
|
||||||
this.getUrl(),
|
this.getUrl(),
|
||||||
|
@ -228,6 +236,10 @@ export class MapPermissions extends ServerStored {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
isDraft() {
|
||||||
|
return this.properties.share_status === 0
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
export class DataLayerPermissions extends ServerStored {
|
export class DataLayerPermissions extends ServerStored {
|
||||||
|
|
|
@ -31,7 +31,8 @@ const TOP_BAR_TEMPLATE = `
|
||||||
<button class="edit-save button round" type="button" data-ref="save">
|
<button class="edit-save button round" type="button" data-ref="save">
|
||||||
<i class="icon icon-16 icon-save"></i>
|
<i class="icon icon-16 icon-save"></i>
|
||||||
<i class="icon icon-16 icon-save-disabled"></i>
|
<i class="icon icon-16 icon-save-disabled"></i>
|
||||||
<span class="">${translate('Save')}</span>
|
<span data-ref="saveLabel">${translate('Save')}</span>
|
||||||
|
<span data-ref="saveDraftLabel">${translate('Save draft')}</span>
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
</div>`
|
</div>`
|
||||||
|
@ -145,6 +146,8 @@ export class TopBar extends WithTemplate {
|
||||||
|
|
||||||
redraw() {
|
redraw() {
|
||||||
this.elements.peers.hidden = !this._umap.getProperty('syncEnabled')
|
this.elements.peers.hidden = !this._umap.getProperty('syncEnabled')
|
||||||
|
this.elements.saveLabel.hidden = this._umap.permissions.isDraft()
|
||||||
|
this.elements.saveDraftLabel.hidden = !this._umap.permissions.isDraft()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1321,6 +1321,7 @@ export default class Umap extends ServerStored {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
this.topBar.redraw()
|
||||||
},
|
},
|
||||||
numberOfConnectedPeers: () => {
|
numberOfConnectedPeers: () => {
|
||||||
Utils.eachElement('.connected-peers span', (el) => {
|
Utils.eachElement('.connected-peers span', (el) => {
|
||||||
|
|
|
@ -102,6 +102,7 @@ class MapFactory(factory.django.DjangoModelFactory):
|
||||||
|
|
||||||
licence = factory.SubFactory(LicenceFactory)
|
licence = factory.SubFactory(LicenceFactory)
|
||||||
owner = factory.SubFactory(UserFactory)
|
owner = factory.SubFactory(UserFactory)
|
||||||
|
share_status = Map.PUBLIC
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _adjust_kwargs(cls, **kwargs):
|
def _adjust_kwargs(cls, **kwargs):
|
||||||
|
|
|
@ -76,8 +76,6 @@ def test_owner_permissions_form(map, datalayer, live_server, owner_session):
|
||||||
edit_permissions = owner_session.get_by_title("Update permissions and editors")
|
edit_permissions = owner_session.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
edit_permissions.click()
|
edit_permissions.click()
|
||||||
select = owner_session.locator(".umap-field-share_status select")
|
|
||||||
expect(select).to_be_hidden()
|
|
||||||
owner_field = owner_session.locator(".umap-field-owner")
|
owner_field = owner_session.locator(".umap-field-owner")
|
||||||
expect(owner_field).to_be_hidden()
|
expect(owner_field).to_be_hidden()
|
||||||
editors_field = owner_session.locator(".umap-field-editors input")
|
editors_field = owner_session.locator(".umap-field-editors input")
|
||||||
|
@ -92,8 +90,15 @@ def test_owner_permissions_form(map, datalayer, live_server, owner_session):
|
||||||
".datalayer-permissions select[name='edit_status'] option:checked"
|
".datalayer-permissions select[name='edit_status'] option:checked"
|
||||||
)
|
)
|
||||||
expect(option).to_have_text("Inherit")
|
expect(option).to_have_text("Inherit")
|
||||||
# Those fields should not be present in anonymous maps
|
expect(owner_session.locator(".umap-field-share_status select")).to_be_visible()
|
||||||
expect(owner_session.locator(".umap-field-share_status select")).to_be_hidden()
|
options = [
|
||||||
|
int(option.get_attribute("value"))
|
||||||
|
for option in owner_session.locator(
|
||||||
|
".umap-field-share_status select option"
|
||||||
|
).all()
|
||||||
|
]
|
||||||
|
assert options == [Map.DRAFT, Map.PUBLIC]
|
||||||
|
# This field should not be present in anonymous maps
|
||||||
expect(owner_session.locator(".umap-field-owner")).to_be_hidden()
|
expect(owner_session.locator(".umap-field-owner")).to_be_hidden()
|
||||||
|
|
||||||
|
|
||||||
|
@ -135,15 +140,15 @@ def test_can_change_perms_after_create(tilelayer, live_server, page):
|
||||||
page.get_by_title("Manage layers").click()
|
page.get_by_title("Manage layers").click()
|
||||||
page.get_by_title("Add a layer").click()
|
page.get_by_title("Add a layer").click()
|
||||||
page.locator("input[name=name]").fill("Layer 1")
|
page.locator("input[name=name]").fill("Layer 1")
|
||||||
save = page.get_by_role("button", name="Save")
|
expect(
|
||||||
expect(save).to_be_visible()
|
page.get_by_role("button", name="Visibility: Draft (private)")
|
||||||
|
).to_be_visible()
|
||||||
|
expect(page.get_by_role("button", name="Save", exact=True)).to_be_hidden()
|
||||||
with page.expect_response(re.compile(r".*/datalayer/create/.*")):
|
with page.expect_response(re.compile(r".*/datalayer/create/.*")):
|
||||||
save.click()
|
page.get_by_role("button", name="Save draft", exact=True).click()
|
||||||
edit_permissions = page.get_by_title("Update permissions and editors")
|
edit_permissions = page.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
edit_permissions.click()
|
edit_permissions.click()
|
||||||
select = page.locator(".umap-field-share_status select")
|
|
||||||
expect(select).to_be_hidden()
|
|
||||||
owner_field = page.locator(".umap-field-owner")
|
owner_field = page.locator(".umap-field-owner")
|
||||||
expect(owner_field).to_be_hidden()
|
expect(owner_field).to_be_hidden()
|
||||||
editors_field = page.locator(".umap-field-editors input")
|
editors_field = page.locator(".umap-field-editors input")
|
||||||
|
@ -157,6 +162,9 @@ def test_can_change_perms_after_create(tilelayer, live_server, page):
|
||||||
)
|
)
|
||||||
expect(option).to_have_text("Inherit")
|
expect(option).to_have_text("Inherit")
|
||||||
expect(page.get_by_label("Secret edit link:")).to_be_visible()
|
expect(page.get_by_label("Secret edit link:")).to_be_visible()
|
||||||
|
page.locator('select[name="share_status"]').select_option("1")
|
||||||
|
expect(page.get_by_role("button", name="Save draft", exact=True)).to_be_hidden()
|
||||||
|
expect(page.get_by_role("button", name="Save", exact=True)).to_be_visible()
|
||||||
|
|
||||||
|
|
||||||
def test_alert_message_after_create(
|
def test_alert_message_after_create(
|
||||||
|
|
|
@ -61,8 +61,12 @@ def test_owner_permissions_form(map, datalayer, live_server, login):
|
||||||
edit_permissions = page.get_by_title("Update permissions and editors")
|
edit_permissions = page.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
edit_permissions.click()
|
edit_permissions.click()
|
||||||
select = page.locator(".umap-field-share_status select")
|
expect(page.locator(".umap-field-share_status select")).to_be_visible()
|
||||||
expect(select).to_be_visible()
|
options = [
|
||||||
|
int(option.get_attribute("value"))
|
||||||
|
for option in page.locator(".umap-field-share_status select option").all()
|
||||||
|
]
|
||||||
|
assert options == [Map.DRAFT, Map.PUBLIC, Map.OPEN, Map.PRIVATE]
|
||||||
# expect(select).to_have_value(Map.PUBLIC) # Does not work
|
# expect(select).to_have_value(Map.PUBLIC) # Does not work
|
||||||
owner_field = page.locator(".umap-field-owner")
|
owner_field = page.locator(".umap-field-owner")
|
||||||
expect(owner_field).to_be_visible()
|
expect(owner_field).to_be_visible()
|
||||||
|
@ -181,29 +185,31 @@ def test_can_change_perms_after_create(tilelayer, live_server, login, user):
|
||||||
page.get_by_title("Manage layers").click()
|
page.get_by_title("Manage layers").click()
|
||||||
page.get_by_title("Add a layer").click()
|
page.get_by_title("Add a layer").click()
|
||||||
page.locator("input[name=name]").fill("Layer 1")
|
page.locator("input[name=name]").fill("Layer 1")
|
||||||
save = page.get_by_role("button", name="Save")
|
expect(
|
||||||
expect(save).to_be_visible()
|
page.get_by_role("button", name="Visibility: Draft (private)")
|
||||||
|
).to_be_visible()
|
||||||
|
expect(page.get_by_role("button", name="Save", exact=True)).to_be_hidden()
|
||||||
with page.expect_response(re.compile(r".*/map/create/")):
|
with page.expect_response(re.compile(r".*/map/create/")):
|
||||||
save.click()
|
page.get_by_role("button", name="Save draft", exact=True).click()
|
||||||
edit_permissions = page.get_by_title("Update permissions and editors")
|
edit_permissions = page.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
edit_permissions.click()
|
edit_permissions.click()
|
||||||
select = page.locator(".umap-field-share_status select")
|
expect(page.locator(".umap-field-share_status select")).to_be_visible()
|
||||||
expect(select).to_be_visible()
|
expect(page.locator("select[name='share_status'] option:checked")).to_have_text(
|
||||||
option = page.locator("select[name='share_status'] option:checked")
|
"Draft (private)"
|
||||||
expect(option).to_have_text("Everyone (public)")
|
)
|
||||||
owner_field = page.locator(".umap-field-owner")
|
expect(page.locator(".umap-field-owner")).to_be_visible()
|
||||||
expect(owner_field).to_be_visible()
|
expect(page.locator(".umap-field-editors input")).to_be_visible()
|
||||||
editors_field = page.locator(".umap-field-editors input")
|
expect(page.get_by_text('Who can edit "Layer 1"')).to_be_visible()
|
||||||
expect(editors_field).to_be_visible()
|
|
||||||
datalayer_label = page.get_by_text('Who can edit "Layer 1"')
|
|
||||||
expect(datalayer_label).to_be_visible()
|
|
||||||
options = page.locator(".datalayer-permissions select[name='edit_status'] option")
|
options = page.locator(".datalayer-permissions select[name='edit_status'] option")
|
||||||
expect(options).to_have_count(4)
|
expect(options).to_have_count(4)
|
||||||
option = page.locator(
|
option = page.locator(
|
||||||
".datalayer-permissions select[name='edit_status'] option:checked"
|
".datalayer-permissions select[name='edit_status'] option:checked"
|
||||||
)
|
)
|
||||||
expect(option).to_have_text("Inherit")
|
expect(option).to_have_text("Inherit")
|
||||||
|
page.locator('select[name="share_status"]').select_option("1")
|
||||||
|
expect(page.get_by_role("button", name="Save draft", exact=True)).to_be_hidden()
|
||||||
|
expect(page.get_by_role("button", name="Save", exact=True)).to_be_visible()
|
||||||
|
|
||||||
|
|
||||||
def test_can_change_owner(map, live_server, login, user):
|
def test_can_change_owner(map, live_server, login, user):
|
||||||
|
|
|
@ -2,6 +2,7 @@ import pytest
|
||||||
from django.contrib.auth.models import AnonymousUser
|
from django.contrib.auth.models import AnonymousUser
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
|
|
||||||
|
from umap.forms import DEFAULT_CENTER
|
||||||
from umap.models import Map
|
from umap.models import Map
|
||||||
|
|
||||||
from .base import MapFactory
|
from .base import MapFactory
|
||||||
|
@ -160,8 +161,9 @@ def test_can_change_default_edit_status(user, settings):
|
||||||
|
|
||||||
|
|
||||||
def test_can_change_default_share_status(user, settings):
|
def test_can_change_default_share_status(user, settings):
|
||||||
|
map = Map.objects.create(owner=user, center=DEFAULT_CENTER)
|
||||||
|
assert map.share_status == Map.DRAFT
|
||||||
|
settings.UMAP_DEFAULT_SHARE_STATUS = Map.PUBLIC
|
||||||
|
map = Map.objects.create(owner=user, center=DEFAULT_CENTER)
|
||||||
map = MapFactory(owner=user)
|
map = MapFactory(owner=user)
|
||||||
assert map.share_status == Map.PUBLIC
|
assert map.share_status == Map.PUBLIC
|
||||||
settings.UMAP_DEFAULT_SHARE_STATUS = Map.PRIVATE
|
|
||||||
map = MapFactory(owner=user)
|
|
||||||
assert map.share_status == Map.PRIVATE
|
|
||||||
|
|
|
@ -42,7 +42,7 @@ def test_create(client, user, post_data):
|
||||||
assert created_map.center.y == 48.94415123418794
|
assert created_map.center.y == 48.94415123418794
|
||||||
assert j["permissions"] == {
|
assert j["permissions"] == {
|
||||||
"edit_status": 3,
|
"edit_status": 3,
|
||||||
"share_status": 1,
|
"share_status": 0,
|
||||||
"owner": {"id": user.pk, "name": "Joe", "url": "/en/user/Joe/"},
|
"owner": {"id": user.pk, "name": "Joe", "url": "/en/user/Joe/"},
|
||||||
"editors": [],
|
"editors": [],
|
||||||
}
|
}
|
||||||
|
@ -241,42 +241,46 @@ def test_map_creation_should_allow_unicode_names(client, map, post_data):
|
||||||
assert created_map.slug == "map"
|
assert created_map.slug == "map"
|
||||||
|
|
||||||
|
|
||||||
def test_anonymous_can_access_map_with_share_status_public(client, map):
|
@pytest.mark.parametrize("share_status", [Map.PUBLIC, Map.OPEN])
|
||||||
|
def test_anonymous_can_access_map_with_share_status_accessible(
|
||||||
|
client, map, share_status
|
||||||
|
):
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
url = reverse("map", args=(map.slug, map.pk))
|
||||||
map.share_status = map.PUBLIC
|
map.share_status = share_status
|
||||||
map.save()
|
map.save()
|
||||||
response = client.get(url)
|
response = client.get(url)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
def test_anonymous_can_access_map_with_share_status_open(client, map):
|
@pytest.mark.parametrize(
|
||||||
|
"share_status", [Map.PRIVATE, Map.DRAFT, Map.BLOCKED, Map.DELETED]
|
||||||
|
)
|
||||||
|
def test_anonymous_cannot_access_map_with_share_status_restricted(
|
||||||
|
client, map, share_status
|
||||||
|
):
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
url = reverse("map", args=(map.slug, map.pk))
|
||||||
map.share_status = map.OPEN
|
map.share_status = share_status
|
||||||
map.save()
|
|
||||||
response = client.get(url)
|
|
||||||
assert response.status_code == 200
|
|
||||||
|
|
||||||
|
|
||||||
def test_anonymous_cannot_access_map_with_share_status_private(client, map):
|
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
|
||||||
map.share_status = map.PRIVATE
|
|
||||||
map.save()
|
map.save()
|
||||||
response = client.get(url)
|
response = client.get(url)
|
||||||
assert response.status_code == 403
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
||||||
def test_owner_can_access_map_with_share_status_private(client, map):
|
@pytest.mark.parametrize("share_status", [Map.PRIVATE, Map.DRAFT])
|
||||||
|
def test_owner_can_access_map_with_share_status_restricted(client, map, share_status):
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
url = reverse("map", args=(map.slug, map.pk))
|
||||||
map.share_status = map.PRIVATE
|
map.share_status = share_status
|
||||||
map.save()
|
map.save()
|
||||||
client.login(username=map.owner.username, password="123123")
|
client.login(username=map.owner.username, password="123123")
|
||||||
response = client.get(url)
|
response = client.get(url)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
def test_editors_can_access_map_with_share_status_private(client, map, user):
|
@pytest.mark.parametrize("share_status", [Map.PRIVATE, Map.DRAFT])
|
||||||
|
def test_editors_can_access_map_with_share_status_resricted(
|
||||||
|
client, map, user, share_status
|
||||||
|
):
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
url = reverse("map", args=(map.slug, map.pk))
|
||||||
map.share_status = map.PRIVATE
|
map.share_status = share_status
|
||||||
map.editors.add(user)
|
map.editors.add(user)
|
||||||
map.save()
|
map.save()
|
||||||
client.login(username=user.username, password="123123")
|
client.login(username=user.username, password="123123")
|
||||||
|
@ -284,10 +288,11 @@ def test_editors_can_access_map_with_share_status_private(client, map, user):
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
def test_anonymous_cannot_access_map_with_share_status_blocked(client, map):
|
def test_owner_cannot_access_map_with_share_status_deleted(client, map):
|
||||||
url = reverse("map", args=(map.slug, map.pk))
|
url = reverse("map", args=(map.slug, map.pk))
|
||||||
map.share_status = map.BLOCKED
|
map.share_status = map.DELETED
|
||||||
map.save()
|
map.save()
|
||||||
|
client.login(username=map.owner.username, password="123123")
|
||||||
response = client.get(url)
|
response = client.get(url)
|
||||||
assert response.status_code == 403
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
@ -408,7 +413,7 @@ def test_anonymous_delete(cookieclient, anonymap):
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.usefixtures("allow_anonymous")
|
@pytest.mark.usefixtures("allow_anonymous")
|
||||||
def test_no_cookie_cant_delete(client, anonymap):
|
def test_no_cookie_cannot_delete(client, anonymap):
|
||||||
url = reverse("map_delete", args=(anonymap.pk,))
|
url = reverse("map_delete", args=(anonymap.pk,))
|
||||||
response = client.post(
|
response = client.post(
|
||||||
url, headers={"X-Requested-With": "XMLHttpRequest"}, follow=True
|
url, headers={"X-Requested-With": "XMLHttpRequest"}, follow=True
|
||||||
|
@ -416,6 +421,24 @@ def test_no_cookie_cant_delete(client, anonymap):
|
||||||
assert response.status_code == 403
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.usefixtures("allow_anonymous")
|
||||||
|
def test_no_cookie_cannot_view_anonymous_owned_map_in_draft(client, anonymap):
|
||||||
|
anonymap.share_status = Map.DRAFT
|
||||||
|
anonymap.save()
|
||||||
|
url = reverse("map", kwargs={"map_id": anonymap.pk, "slug": anonymap.slug})
|
||||||
|
response = client.get(url)
|
||||||
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.usefixtures("allow_anonymous")
|
||||||
|
def test_owner_can_view_anonymous_owned_map_in_draft(cookieclient, anonymap):
|
||||||
|
anonymap.share_status = Map.DRAFT
|
||||||
|
anonymap.save()
|
||||||
|
url = reverse("map", kwargs={"map_id": anonymap.pk, "slug": anonymap.slug})
|
||||||
|
response = cookieclient.get(url)
|
||||||
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.usefixtures("allow_anonymous")
|
@pytest.mark.usefixtures("allow_anonymous")
|
||||||
def test_anonymous_edit_url(cookieclient, anonymap):
|
def test_anonymous_edit_url(cookieclient, anonymap):
|
||||||
url = anonymap.get_anonymous_edit_url()
|
url = anonymap.get_anonymous_edit_url()
|
||||||
|
@ -557,16 +580,6 @@ def test_create_readonly(client, user, post_data, settings):
|
||||||
assert response.content == b"Site is readonly for maintenance"
|
assert response.content == b"Site is readonly for maintenance"
|
||||||
|
|
||||||
|
|
||||||
def test_search(client, map):
|
|
||||||
# Very basic search, that do not deal with accent nor case.
|
|
||||||
# See install.md for how to have a smarter dict + index.
|
|
||||||
map.name = "Blé dur"
|
|
||||||
map.save()
|
|
||||||
url = reverse("search")
|
|
||||||
response = client.get(url + "?q=Blé")
|
|
||||||
assert "Blé dur" in response.content.decode()
|
|
||||||
|
|
||||||
|
|
||||||
def test_authenticated_user_can_star_map(client, map, user):
|
def test_authenticated_user_can_star_map(client, map, user):
|
||||||
url = reverse("map_star", args=(map.pk,))
|
url = reverse("map_star", args=(map.pk,))
|
||||||
client.login(username=user.username, password="123123")
|
client.login(username=user.username, password="123123")
|
||||||
|
@ -748,7 +761,9 @@ def test_download_multiple_maps_editor(client, map, datalayer):
|
||||||
assert f.infolist()[1].filename == f"umap_backup_test-map_{map.id}.umap"
|
assert f.infolist()[1].filename == f"umap_backup_test-map_{map.id}.umap"
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("share_status", [Map.PRIVATE, Map.BLOCKED])
|
@pytest.mark.parametrize(
|
||||||
|
"share_status", [Map.PRIVATE, Map.BLOCKED, Map.DRAFT, Map.DELETED]
|
||||||
|
)
|
||||||
def test_download_shared_status_map(client, map, datalayer, share_status):
|
def test_download_shared_status_map(client, map, datalayer, share_status):
|
||||||
map.share_status = share_status
|
map.share_status = share_status
|
||||||
map.save()
|
map.save()
|
||||||
|
@ -757,8 +772,9 @@ def test_download_shared_status_map(client, map, datalayer, share_status):
|
||||||
assert response.status_code == 403
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
||||||
def test_download_my_map(client, map, datalayer):
|
@pytest.mark.parametrize("share_status", [Map.PRIVATE, Map.DRAFT])
|
||||||
map.share_status = Map.PRIVATE
|
def test_download_my_map(client, map, datalayer, share_status):
|
||||||
|
map.share_status = share_status
|
||||||
map.save()
|
map.save()
|
||||||
client.login(username=map.owner.username, password="123123")
|
client.login(username=map.owner.username, password="123123")
|
||||||
url = reverse("map_download", args=(map.pk,))
|
url = reverse("map_download", args=(map.pk,))
|
||||||
|
@ -769,7 +785,19 @@ def test_download_my_map(client, map, datalayer):
|
||||||
assert j["type"] == "umap"
|
assert j["type"] == "umap"
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("share_status", [Map.PRIVATE, Map.BLOCKED, Map.OPEN])
|
@pytest.mark.parametrize("share_status", [Map.BLOCKED, Map.DELETED])
|
||||||
|
def test_download_my_map_blocked_or_deleted(client, map, datalayer, share_status):
|
||||||
|
map.share_status = share_status
|
||||||
|
map.save()
|
||||||
|
client.login(username=map.owner.username, password="123123")
|
||||||
|
url = reverse("map_download", args=(map.pk,))
|
||||||
|
response = client.get(url)
|
||||||
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize(
|
||||||
|
"share_status", [Map.PRIVATE, Map.BLOCKED, Map.OPEN, Map.DRAFT]
|
||||||
|
)
|
||||||
def test_oembed_shared_status_map(client, map, datalayer, share_status):
|
def test_oembed_shared_status_map(client, map, datalayer, share_status):
|
||||||
map.share_status = share_status
|
map.share_status = share_status
|
||||||
map.save()
|
map.save()
|
||||||
|
|
|
@ -288,6 +288,28 @@ def test_user_dashboard_display_user_maps(client, map):
|
||||||
assert "Owner only" in body
|
assert "Owner only" in body
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_user_dashboard_do_not_display_blocked_user_maps(client, map):
|
||||||
|
map.share_status = Map.BLOCKED
|
||||||
|
map.save()
|
||||||
|
client.login(username=map.owner.username, password="123123")
|
||||||
|
response = client.get(reverse("user_dashboard"))
|
||||||
|
assert response.status_code == 200
|
||||||
|
body = response.content.decode()
|
||||||
|
assert map.name not in body
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_user_dashboard_do_not_display_deleted_user_maps(client, map):
|
||||||
|
map.share_status = Map.DELETED
|
||||||
|
map.save()
|
||||||
|
client.login(username=map.owner.username, password="123123")
|
||||||
|
response = client.get(reverse("user_dashboard"))
|
||||||
|
assert response.status_code == 200
|
||||||
|
body = response.content.decode()
|
||||||
|
assert map.name not in body
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_user_dashboard_display_user_team_maps(client, map, team, user):
|
def test_user_dashboard_display_user_team_maps(client, map, team, user):
|
||||||
user.teams.add(team)
|
user.teams.add(team)
|
||||||
|
@ -497,3 +519,34 @@ def test_websocket_token_is_generated_for_editors(client, user, user2, map):
|
||||||
resp = client.get(token_url)
|
resp = client.get(token_url)
|
||||||
token = resp.json().get("token")
|
token = resp.json().get("token")
|
||||||
assert TimestampSigner().unsign_object(token, max_age=30)
|
assert TimestampSigner().unsign_object(token, max_age=30)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_search(client, map):
|
||||||
|
# Very basic search, that do not deal with accent nor case.
|
||||||
|
# See install.md for how to have a smarter dict + index.
|
||||||
|
map.name = "Blé dur"
|
||||||
|
map.save()
|
||||||
|
url = reverse("search")
|
||||||
|
response = client.get(url + "?q=Blé")
|
||||||
|
assert "Blé dur" in response.content.decode()
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_cannot_search_blocked_map(client, map):
|
||||||
|
map.name = "Blé dur"
|
||||||
|
map.share_status = Map.BLOCKED
|
||||||
|
map.save()
|
||||||
|
url = reverse("search")
|
||||||
|
response = client.get(url + "?q=Blé")
|
||||||
|
assert "Blé dur" not in response.content.decode()
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.django_db
|
||||||
|
def test_cannot_search_deleted_map(client, map):
|
||||||
|
map.name = "Blé dur"
|
||||||
|
map.share_status = Map.DELETED
|
||||||
|
map.save()
|
||||||
|
url = reverse("search")
|
||||||
|
response = client.get(url + "?q=Blé")
|
||||||
|
assert "Blé dur" not in response.content.decode()
|
||||||
|
|
|
@ -373,6 +373,7 @@ class UserDashboard(PaginatorMixin, DetailView, SearchMixin):
|
||||||
|
|
||||||
def get_maps(self):
|
def get_maps(self):
|
||||||
qs = self.get_search_queryset() or Map.objects.all()
|
qs = self.get_search_queryset() or Map.objects.all()
|
||||||
|
qs = qs.exclude(share_status__in=[Map.DELETED, Map.BLOCKED])
|
||||||
teams = self.object.teams.all()
|
teams = self.object.teams.all()
|
||||||
qs = (
|
qs = (
|
||||||
qs.filter(owner=self.object)
|
qs.filter(owner=self.object)
|
||||||
|
@ -601,9 +602,6 @@ class MapDetailMixin(SessionMixin):
|
||||||
"id": self.get_id(),
|
"id": self.get_id(),
|
||||||
"starred": self.is_starred(),
|
"starred": self.is_starred(),
|
||||||
"licences": dict((l.name, l.json) for l in Licence.objects.all()),
|
"licences": dict((l.name, l.json) for l in Licence.objects.all()),
|
||||||
"share_statuses": [
|
|
||||||
(i, str(label)) for i, label in Map.SHARE_STATUS if i != Map.BLOCKED
|
|
||||||
],
|
|
||||||
"umap_version": VERSION,
|
"umap_version": VERSION,
|
||||||
"featuresHaveOwner": settings.UMAP_DEFAULT_FEATURES_HAVE_OWNERS,
|
"featuresHaveOwner": settings.UMAP_DEFAULT_FEATURES_HAVE_OWNERS,
|
||||||
"websocketEnabled": settings.WEBSOCKET_ENABLED,
|
"websocketEnabled": settings.WEBSOCKET_ENABLED,
|
||||||
|
@ -613,15 +611,22 @@ class MapDetailMixin(SessionMixin):
|
||||||
}
|
}
|
||||||
created = bool(getattr(self, "object", None))
|
created = bool(getattr(self, "object", None))
|
||||||
if (created and self.object.owner) or (not created and not user.is_anonymous):
|
if (created and self.object.owner) or (not created and not user.is_anonymous):
|
||||||
map_statuses = Map.EDIT_STATUS
|
edit_statuses = Map.EDIT_STATUS
|
||||||
datalayer_statuses = DataLayer.EDIT_STATUS
|
datalayer_statuses = DataLayer.EDIT_STATUS
|
||||||
|
share_statuses = Map.SHARE_STATUS
|
||||||
else:
|
else:
|
||||||
map_statuses = AnonymousMapPermissionsForm.STATUS
|
edit_statuses = Map.ANONYMOUS_EDIT_STATUS
|
||||||
datalayer_statuses = AnonymousDataLayerPermissionsForm.STATUS
|
datalayer_statuses = DataLayer.ANONYMOUS_EDIT_STATUS
|
||||||
properties["edit_statuses"] = [(i, str(label)) for i, label in map_statuses]
|
share_statuses = Map.ANONYMOUS_SHARE_STATUS
|
||||||
|
properties["edit_statuses"] = [(i, str(label)) for i, label in edit_statuses]
|
||||||
properties["datalayer_edit_statuses"] = [
|
properties["datalayer_edit_statuses"] = [
|
||||||
(i, str(label)) for i, label in datalayer_statuses
|
(i, str(label)) for i, label in datalayer_statuses
|
||||||
]
|
]
|
||||||
|
properties["share_statuses"] = [
|
||||||
|
(i, str(label))
|
||||||
|
for i, label in share_statuses
|
||||||
|
if i not in [Map.BLOCKED, Map.DELETED]
|
||||||
|
]
|
||||||
if self.get_short_url():
|
if self.get_short_url():
|
||||||
properties["shortUrl"] = self.get_short_url()
|
properties["shortUrl"] = self.get_short_url()
|
||||||
|
|
||||||
|
@ -684,14 +689,9 @@ class PermissionsMixin:
|
||||||
permissions["edit_status"] = self.object.edit_status
|
permissions["edit_status"] = self.object.edit_status
|
||||||
permissions["share_status"] = self.object.share_status
|
permissions["share_status"] = self.object.share_status
|
||||||
if self.object.owner:
|
if self.object.owner:
|
||||||
permissions["owner"] = {
|
permissions["owner"] = self.object.owner.get_metadata()
|
||||||
"id": self.object.owner.pk,
|
|
||||||
"name": str(self.object.owner),
|
|
||||||
"url": self.object.owner.get_url(),
|
|
||||||
}
|
|
||||||
permissions["editors"] = [
|
permissions["editors"] = [
|
||||||
{"id": editor.pk, "name": str(editor)}
|
editor.get_metadata() for editor in self.object.editors.all()
|
||||||
for editor in self.object.editors.all()
|
|
||||||
]
|
]
|
||||||
if self.object.team:
|
if self.object.team:
|
||||||
permissions["team"] = self.object.team.get_metadata()
|
permissions["team"] = self.object.team.get_metadata()
|
||||||
|
@ -847,6 +847,17 @@ class MapViewGeoJSON(MapView):
|
||||||
class MapNew(MapDetailMixin, TemplateView):
|
class MapNew(MapDetailMixin, TemplateView):
|
||||||
template_name = "umap/map_detail.html"
|
template_name = "umap/map_detail.html"
|
||||||
|
|
||||||
|
def get_map_properties(self):
|
||||||
|
properties = super().get_map_properties()
|
||||||
|
properties["permissions"] = {
|
||||||
|
"edit_status": Map.edit_status.field.default(),
|
||||||
|
"share_status": Map.share_status.field.default(),
|
||||||
|
}
|
||||||
|
if self.request.user.is_authenticated:
|
||||||
|
user = self.request.user
|
||||||
|
properties["permissions"]["owner"] = user.get_metadata()
|
||||||
|
return properties
|
||||||
|
|
||||||
|
|
||||||
class MapPreview(MapDetailMixin, TemplateView):
|
class MapPreview(MapDetailMixin, TemplateView):
|
||||||
template_name = "umap/map_detail.html"
|
template_name = "umap/map_detail.html"
|
||||||
|
|
Loading…
Reference in a new issue