Merge pull request #1556 from kux/permissions_cache_for_groups

Fix permissions cache invalidation bug
django-cms · Dec 18, 2012 · 36f7c76 · 36f7c76
2 parents 6127148 + 6585e4a
commit 36f7c76
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 13 deletions.
diff --git a/cms/signals.py b/cms/signals.py
@@ -237,22 +237,25 @@ def pre_delete_group(instance, **kwargs):
     for user in instance.user_set.all():
         clear_user_permission_cache(user)
 
-def pre_save_pagepermission(instance, raw, **kwargs):
+def _clear_users_permissions(instance):
     if instance.user:
         clear_user_permission_cache(instance.user)
+    if instance.group:
+        for user in instance.group.user_set.all():
+            clear_user_permission_cache(user)
+
+def pre_save_pagepermission(instance, raw, **kwargs):
+    _clear_users_permissions(instance)
 
 def pre_delete_pagepermission(instance, **kwargs):
-    if instance.user:
-        clear_user_permission_cache(instance.user)
+    _clear_users_permissions(instance)
 
 def pre_save_globalpagepermission(instance, raw, **kwargs):
-    if instance.user:
-        clear_user_permission_cache(instance.user)
+    _clear_users_permissions(instance)
     menu_pool.clear(all=True)
 
 def pre_delete_globalpagepermission(instance, **kwargs):
-    if instance.user:
-        clear_user_permission_cache(instance.user)
+    _clear_users_permissions(instance)
 
 def pre_save_delete_page(instance, **kwargs):
     clear_permission_cache()
@@ -263,18 +266,18 @@ def pre_save_delete_page(instance, **kwargs):
 
     signals.pre_save.connect(pre_save_user, sender=PageUser)
     signals.pre_delete.connect(pre_delete_user, sender=PageUser)
-    
+
     signals.pre_save.connect(pre_save_group, sender=Group)
     signals.pre_delete.connect(pre_delete_group, sender=Group)
 
     signals.pre_save.connect(pre_save_group, sender=PageUserGroup)
     signals.pre_delete.connect(pre_delete_group, sender=PageUserGroup)
-    
+
     signals.pre_save.connect(pre_save_pagepermission, sender=PagePermission)
     signals.pre_delete.connect(pre_delete_pagepermission, sender=PagePermission)
-    
+
     signals.pre_save.connect(pre_save_globalpagepermission, sender=GlobalPagePermission)
     signals.pre_delete.connect(pre_delete_globalpagepermission, sender=GlobalPagePermission)
-    
+
     signals.pre_save.connect(pre_save_delete_page, sender=Page)
     signals.pre_delete.connect(pre_save_delete_page, sender=Page)
diff --git a/cms/tests/permmod.py b/cms/tests/permmod.py
@@ -763,20 +763,23 @@ def test_switch_moderator_off(self):
             self.assertEqual(page1.get_absolute_url(), page2.get_absolute_url())
 
 
-class ViewPermissionTests(SettingsOverrideTestCase):
+class PermissionTestsBase(SettingsOverrideTestCase):
+
     settings_overrides = {
         'CMS_PERMISSION': True,
         'CMS_PUBLIC_FOR': 'all',
     }
 
-
     def get_request(self, user=None):
         attrs = {
             'user': user or AnonymousUser(),
             'REQUEST': {},
             'session': {},
         }
         return type('Request', (object,), attrs)
+
+
+class ViewPermissionTests(PermissionTestsBase):
 
     def test_public_for_all_staff(self):
         request = self.get_request()
@@ -934,3 +937,37 @@ def test_global_permission(self):
             page.level = 0
             page.tree_id = 1
             self.assertTrue(page.has_view_permission(request))
+
+
+class PagePermissionTests(PermissionTestsBase):
+
+    PermissionTestsBase.settings_overrides['CMS_CACHE_DURATIONS'] = {
+        'permissions': 360
+        }
+
+    def test_page_permission_cache_invalidation(self):
+        """user belongs to group which is given page_permission over page.
+        Test the fact that if page_permission changes then
+        page is rendered with with respect to the new page_permisison.
+        This is to assert that the permissions cache is properly
+        invalidated.
+        """
+        user = User(username='user', email='user@domain.com', password='user',
+                    is_staff=True)
+        user.save()
+        group = Group.objects.create(name='testgroup')
+        group.user_set.add(user)
+        page = create_page('A', 'nav_playground.html', 'en')
+        page_permission = PagePermission.objects.create(
+            can_change_permissions=True, group=group, page=page)
+        request = self.get_request(user)
+        self.assertTrue(page.has_change_permissions_permission(request))
+        page_permission.can_change_permissions = False
+        page_permission.save()
+        request = self.get_request(user)
+        # re-fetch the page from the db to so that the page doesn't have
+        # the permission_user_cache attribute set
+        page = Page.objects.get(pk=page.pk)
+        self.assertFalse(page.has_change_permissions_permission(request))
+
+