mirror of
https://github.com/Hopiu/wagtail.git
synced 2026-05-13 17:53:12 +00:00
Merge pull request #1540 from gasman/fix/site-permissions
Make wagtailsites work for non-superusers
This commit is contained in:
Karl Hobley
commit
14fc0f9059
5 changed files with 98 additions and 13 deletions
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
<li>
|
||||
<input type="submit" value="{% trans 'Save' %}" />
|
||||
{% if perms.site.delete_site %}
|
||||
{% if perms.wagtailcore.delete_site %}
|
||||
<a href="{% url 'wagtailsites:delete' site.id %}" class="button button-secondary no">{% trans "Delete site" %}</a>
|
||||
{% endif %}
|
||||
</li>
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
{% block titletag %}{% trans "Sites" %}{% endblock %}
|
||||
{% block content %}
|
||||
{% trans "Sites" as sites_str %}
|
||||
{% if perms.site.add_site %}
|
||||
{% if perms.wagtailcore.add_site %}
|
||||
{% trans "Add a site" as add_a_site_str %}
|
||||
{% include "wagtailadmin/shared/header.html" with title=sites_str add_link="wagtailsites:add" add_text=add_a_site_str icon="site" %}
|
||||
{% else %}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ from __future__ import unicode_literals
|
|||
from django.test import TestCase
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.utils import six
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.auth.models import Permission
|
||||
|
||||
from wagtail.tests.utils import WagtailTestUtils
|
||||
from wagtail.wagtailcore.models import Site, Page
|
||||
|
|
@ -242,9 +244,86 @@ class TestSiteDeleteView(TestCase, WagtailTestUtils):
|
|||
self.assertEqual(self.get(site_id=100000).status_code, 404)
|
||||
|
||||
def test_posting_deletes_site(self):
|
||||
response = self.post({
|
||||
'trivial_key': 'trivial_value'
|
||||
})
|
||||
response = self.post()
|
||||
|
||||
# Should redirect back to index
|
||||
self.assertRedirects(response, reverse('wagtailsites:index'))
|
||||
|
||||
# Check that the site was edited
|
||||
with self.assertRaises(Site.DoesNotExist):
|
||||
Site.objects.get(id=self.localhost.id)
|
||||
|
||||
|
||||
class TestLimitedPermissions(TestCase, WagtailTestUtils):
|
||||
def setUp(self):
|
||||
# Create a user
|
||||
user = get_user_model().objects.create_user(username='test', email='test@email.com', password='password')
|
||||
user.user_permissions.add(
|
||||
Permission.objects.get(codename='access_admin'),
|
||||
Permission.objects.get(codename='add_site'),
|
||||
Permission.objects.get(codename='change_site'),
|
||||
Permission.objects.get(codename='delete_site')
|
||||
)
|
||||
|
||||
# Login
|
||||
self.client.login(username='test', password='password')
|
||||
|
||||
self.home_page = Page.objects.get(id=2)
|
||||
self.localhost = Site.objects.all()[0]
|
||||
|
||||
def test_get_index(self):
|
||||
response = self.client.get(reverse('wagtailsites:index'))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertTemplateUsed(response, 'wagtailsites/index.html')
|
||||
|
||||
def test_get_create_view(self):
|
||||
response = self.client.get(reverse('wagtailsites:add'))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertTemplateUsed(response, 'wagtailsites/create.html')
|
||||
|
||||
def test_create(self):
|
||||
response = self.client.post(reverse('wagtailsites:add'), {
|
||||
'hostname': "testsite",
|
||||
'port': "80",
|
||||
'root_page': str(self.home_page.id),
|
||||
})
|
||||
|
||||
# Should redirect back to index
|
||||
self.assertRedirects(response, reverse('wagtailsites:index'))
|
||||
|
||||
# Check that the site was created
|
||||
self.assertEqual(Site.objects.filter(hostname='testsite').count(), 1)
|
||||
|
||||
def test_get_edit_view(self):
|
||||
edit_url = reverse('wagtailsites:edit', args=(self.localhost.id,))
|
||||
response = self.client.get(edit_url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertTemplateUsed(response, 'wagtailsites/edit.html')
|
||||
|
||||
def test_edit(self):
|
||||
edit_url = reverse('wagtailsites:edit', args=(self.localhost.id,))
|
||||
edited_hostname = 'edited'
|
||||
response = self.client.post(edit_url, {
|
||||
'hostname': edited_hostname,
|
||||
'port': 80,
|
||||
'root_page': self.home_page.id,
|
||||
})
|
||||
|
||||
# Should redirect back to index
|
||||
self.assertRedirects(response, reverse('wagtailsites:index'))
|
||||
|
||||
# Check that the site was edited
|
||||
self.assertEqual(Site.objects.get(id=self.localhost.id).hostname, edited_hostname)
|
||||
|
||||
def test_get_delete_view(self):
|
||||
delete_url = reverse('wagtailsites:delete', args=(self.localhost.id,))
|
||||
response = self.client.get(delete_url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertTemplateUsed(response, 'wagtailsites/confirm_delete.html')
|
||||
|
||||
def test_delete(self):
|
||||
delete_url = reverse('wagtailsites:delete', args=(self.localhost.id,))
|
||||
response = self.client.post(delete_url)
|
||||
|
||||
# Should redirect back to index
|
||||
self.assertRedirects(response, reverse('wagtailsites:index'))
|
||||
|
|
|
|||
|
|
@ -7,9 +7,10 @@ from wagtail.wagtailcore.models import Site
|
|||
from wagtail.wagtailsites.forms import SiteForm
|
||||
from wagtail.wagtailadmin import messages
|
||||
|
||||
|
||||
def user_has_site_model_perm(user):
|
||||
for verb in ['add', 'change', 'delete']:
|
||||
if user.has_perm('site.%s_site' % verb):
|
||||
if user.has_perm('wagtailcore.%s_site' % verb):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
|
@ -22,9 +23,9 @@ def index(request):
|
|||
})
|
||||
|
||||
|
||||
@permission_required('site.add_site')
|
||||
@permission_required('wagtailcore.add_site')
|
||||
def create(request):
|
||||
if request.POST:
|
||||
if request.method == 'POST':
|
||||
form = SiteForm(request.POST)
|
||||
if form.is_valid():
|
||||
site = form.save()
|
||||
|
|
@ -42,11 +43,11 @@ def create(request):
|
|||
})
|
||||
|
||||
|
||||
@permission_required('site.change_site')
|
||||
@permission_required('wagtailcore.change_site')
|
||||
def edit(request, site_id):
|
||||
site = get_object_or_404(Site, id=site_id)
|
||||
|
||||
if request.POST:
|
||||
if request.method == 'POST':
|
||||
form = SiteForm(request.POST, instance=site)
|
||||
if form.is_valid():
|
||||
site = form.save()
|
||||
|
|
@ -65,11 +66,11 @@ def edit(request, site_id):
|
|||
})
|
||||
|
||||
|
||||
@permission_required('site.delete_site')
|
||||
@permission_required('wagtailcore.delete_site')
|
||||
def delete(request, site_id):
|
||||
site = get_object_or_404(Site, id=site_id)
|
||||
|
||||
if request.POST:
|
||||
if request.method == 'POST':
|
||||
site.delete()
|
||||
messages.success(request, _("Site '{0}' deleted.").format(site.hostname))
|
||||
return redirect('wagtailsites:index')
|
||||
|
|
|
|||
|
|
@ -17,7 +17,12 @@ def register_admin_urls():
|
|||
|
||||
class SitesMenuItem(MenuItem):
|
||||
def is_shown(self, request):
|
||||
return request.user.is_superuser
|
||||
return (
|
||||
request.user.has_perm('wagtailcore.add_site')
|
||||
or request.user.has_perm('wagtailcore.edit_site')
|
||||
or request.user.has_perm('wagtailcore.delete_site')
|
||||
)
|
||||
|
||||
|
||||
@hooks.register('register_settings_menu_item')
|
||||
def register_sites_menu_item():
|
||||
|
|
|
|||
Loading…
Reference in a new issue