Permalink
Browse files

Merge pull request #1556 from kux/permissions_cache_for_groups

Fix permissions cache invalidation bug
  • Loading branch information...
2 parents 6127148 + 6585e4a commit 36f7c763e453a190d9b818d1ce1b2859775ef609 @digi604 digi604 committed Dec 18, 2012
Showing with 53 additions and 13 deletions.
  1. +14 −11 cms/signals.py
  2. +39 −2 cms/tests/permmod.py
View
@@ -237,22 +237,25 @@ def pre_delete_group(instance, **kwargs):
for user in instance.user_set.all():
clear_user_permission_cache(user)
-def pre_save_pagepermission(instance, raw, **kwargs):
+def _clear_users_permissions(instance):
if instance.user:
clear_user_permission_cache(instance.user)
+ if instance.group:
+ for user in instance.group.user_set.all():
+ clear_user_permission_cache(user)
+
+def pre_save_pagepermission(instance, raw, **kwargs):
+ _clear_users_permissions(instance)
def pre_delete_pagepermission(instance, **kwargs):
- if instance.user:
- clear_user_permission_cache(instance.user)
+ _clear_users_permissions(instance)
def pre_save_globalpagepermission(instance, raw, **kwargs):
- if instance.user:
- clear_user_permission_cache(instance.user)
+ _clear_users_permissions(instance)
menu_pool.clear(all=True)
def pre_delete_globalpagepermission(instance, **kwargs):
- if instance.user:
- clear_user_permission_cache(instance.user)
+ _clear_users_permissions(instance)
def pre_save_delete_page(instance, **kwargs):
clear_permission_cache()
@@ -263,18 +266,18 @@ def pre_save_delete_page(instance, **kwargs):
signals.pre_save.connect(pre_save_user, sender=PageUser)
signals.pre_delete.connect(pre_delete_user, sender=PageUser)
-
+
signals.pre_save.connect(pre_save_group, sender=Group)
signals.pre_delete.connect(pre_delete_group, sender=Group)
signals.pre_save.connect(pre_save_group, sender=PageUserGroup)
signals.pre_delete.connect(pre_delete_group, sender=PageUserGroup)
-
+
signals.pre_save.connect(pre_save_pagepermission, sender=PagePermission)
signals.pre_delete.connect(pre_delete_pagepermission, sender=PagePermission)
-
+
signals.pre_save.connect(pre_save_globalpagepermission, sender=GlobalPagePermission)
signals.pre_delete.connect(pre_delete_globalpagepermission, sender=GlobalPagePermission)
-
+
signals.pre_save.connect(pre_save_delete_page, sender=Page)
signals.pre_delete.connect(pre_save_delete_page, sender=Page)
View
@@ -763,20 +763,23 @@ def test_switch_moderator_off(self):
self.assertEqual(page1.get_absolute_url(), page2.get_absolute_url())
-class ViewPermissionTests(SettingsOverrideTestCase):
+class PermissionTestsBase(SettingsOverrideTestCase):
+
settings_overrides = {
'CMS_PERMISSION': True,
'CMS_PUBLIC_FOR': 'all',
}
-
def get_request(self, user=None):
attrs = {
'user': user or AnonymousUser(),
'REQUEST': {},
'session': {},
}
return type('Request', (object,), attrs)
+
+
+class ViewPermissionTests(PermissionTestsBase):
def test_public_for_all_staff(self):
request = self.get_request()
@@ -934,3 +937,37 @@ def test_global_permission(self):
page.level = 0
page.tree_id = 1
self.assertTrue(page.has_view_permission(request))
+
+
+class PagePermissionTests(PermissionTestsBase):
+
+ PermissionTestsBase.settings_overrides['CMS_CACHE_DURATIONS'] = {
+ 'permissions': 360
+ }
+
+ def test_page_permission_cache_invalidation(self):
+ """user belongs to group which is given page_permission over page.
+ Test the fact that if page_permission changes then
+ page is rendered with with respect to the new page_permisison.
+ This is to assert that the permissions cache is properly
+ invalidated.
+ """
+ user = User(username='user', email='user@domain.com', password='user',
+ is_staff=True)
+ user.save()
+ group = Group.objects.create(name='testgroup')
+ group.user_set.add(user)
+ page = create_page('A', 'nav_playground.html', 'en')
+ page_permission = PagePermission.objects.create(
+ can_change_permissions=True, group=group, page=page)
+ request = self.get_request(user)
+ self.assertTrue(page.has_change_permissions_permission(request))
+ page_permission.can_change_permissions = False
+ page_permission.save()
+ request = self.get_request(user)
+ # re-fetch the page from the db to so that the page doesn't have
+ # the permission_user_cache attribute set
+ page = Page.objects.get(pk=page.pk)
+ self.assertFalse(page.has_change_permissions_permission(request))
+
+

0 comments on commit 36f7c76

Please sign in to comment.