fix: make sure anonymous is owner at create

The tricky thing is that the Map.is_owner() method check for cookies on the request, but at create this cookie is not set yet on the request, so we have to deal with an exception here. fix #2176
2025-04-29 03:42:37 +02:00 · 2024-10-03 18:35:52 +02:00 · 2024-10-03 18:35:52 +02:00 · ff5195a787
commit ff5195a787
parent 4940f6c329
4 changed files with 7 additions and 5 deletions
--- a/umap/static/umap/js/umap.js
+++ b/umap/static/umap/js/umap.js
@ -1063,10 +1063,8 @@ U.Map = L.Map.extend({
      window.open(data.login_required)
      return
    }
-    if (data.user?.id) {
-      this.options.user = data.user
-      this.renderEditToolbar()
-    }
+    this.options.user = data.user
+    this.renderEditToolbar()
    if (!this.options.umap_id) {
      this.options.umap_id = data.id
      this.permissions.setOptions(data.permissions)
--- a/umap/tests/integration/test_anonymous_owned_map.py
+++ b/umap/tests/integration/test_anonymous_owned_map.py
@ -156,6 +156,7 @@ def test_can_change_perms_after_create(tilelayer, live_server, page):
        ".datalayer-permissions select[name='edit_status'] option:checked"
    )
    expect(option).to_have_text("Inherit")
+    expect(page.get_by_label("Secret edit link:")).to_be_visible()


 def test_alert_message_after_create(
--- a/umap/tests/test_map_views.py
+++ b/umap/tests/test_map_views.py
@ -368,6 +368,7 @@ def test_anonymous_create(cookieclient, post_data):
    assert (
        created_map.get_anonymous_edit_url() in j["permissions"]["anonymous_edit_url"]
    )
+    assert j["user"]["is_owner"] is True
    assert created_map.name == name
    key, value = created_map.signed_cookie_elements
    assert key in cookieclient.cookies
--- a/umap/views.py
+++ b/umap/views.py
@ -863,15 +863,17 @@ class MapCreate(FormLessEditMixin, PermissionsMixin, SessionMixin, CreateView):
            form.instance.owner = self.request.user
        self.object = form.save()
        permissions = self.get_permissions()
+        user_data = self.get_user_data()
        # User does not have the cookie yet.
        if not self.object.owner:
            anonymous_url = self.object.get_anonymous_edit_url()
            permissions["anonymous_edit_url"] = anonymous_url
+            user_data["is_owner"] = True
        response = simple_json_response(
            id=self.object.pk,
            url=self.object.get_absolute_url(),
            permissions=permissions,
-            user=self.get_user_data(),
+            user=user_data,
        )
        if not self.request.user.is_authenticated:
            key, value = self.object.signed_cookie_elements