Fix code

django-cms · Feb 8, 2015 · c007f94 · c007f94
1 parent 399c0ae
commit c007f94
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 12 deletions.
diff --git a/cms/models/pagemodel.py b/cms/models/pagemodel.py
@@ -955,24 +955,27 @@ def get_template_name(self):
         return _("default")
 
     def has_view_permission(self, request, user=None):
+        if not user:
+            user = request.user
         from cms.utils.permissions import get_any_page_view_permissions, has_global_page_permission
         can_see_unrestricted = get_cms_setting('PUBLIC_FOR') == 'all' or (
-            get_cms_setting('PUBLIC_FOR') == 'staff' and request.user.is_staff)
+            get_cms_setting('PUBLIC_FOR') == 'staff' and user.is_staff)
 
         # inherited and direct view permissions
         is_restricted = bool(get_any_page_view_permissions(request, self))
 
         if not is_restricted and can_see_unrestricted:
             return True
-        elif not request.user.is_authenticated():
+        elif not user.is_authenticated():
             return False
 
         if not is_restricted:
             # a global permission was given to the request's user
-            if has_global_page_permission(request, self.site_id, can_view=True):
+            if has_global_page_permission(request, self.site_id, user=user, can_view=True):
                 return True
+        else:
             # a specific permission was granted to the request's user
-            if self.get_draft_object().has_generic_permission(request, "view"):
+            if self.get_draft_object().has_generic_permission(request, "view", user=user):
                 return True
 
         # The user has a normal django permission to view pages globally

diff --git a/cms/tests/permmod.py b/cms/tests/permmod.py
@@ -885,8 +885,7 @@ def test_staff_basic_auth(self):
 
     @override_settings(CMS_PUBLIC_FOR="none")
     def test_normal_basic_auth(self):
-        User = get_user_model()
-        user = User.objects.create(username="normal", is_active=True, is_staff=False)
+        user = get_user_model().objects.create(username="normal", is_active=True, is_staff=False)
         request = self.get_request(user)
         with self.assertNumQueries(0):
             self.assertTrue(self.page.has_view_permission(request))

diff --git a/cms/tests/toolbar.py b/cms/tests/toolbar.py
@@ -119,7 +119,7 @@ def test_nonstaff(self):
         # Logo + edit-mode + logout
         self.assertEqual(len(items), 0)
 
-    @override_settings(CMS_PERMISSIONS=True)
+    @override_settings(CMS_PERMISSION=True)
     def test_template_change_permission(self):
         page = create_page('test', 'nav_playground.html', 'en', published=True)
         request = self.get_page_request(page, self.get_nonstaff())
@@ -374,7 +374,7 @@ def test_toolbar_logout(self):
             superuser.save()
 
         page = create_page("home", "nav_playground.html", "en",
-                            published=True)
+                           published=True)
         page.publish('en')
         self.get_page_request(page, superuser, '/')
         #
@@ -402,6 +402,7 @@ def test_toolbar_logout(self):
             admin_menu = toolbar.get_or_create_menu(ADMIN_MENU_IDENTIFIER)
             self.assertTrue(admin_menu.find_first(AjaxItem, name=_(u'Logout %s') % self.get_username(superuser)))
 
+    @override_settings(CMS_PERMISSION=True)
     def test_toolbar_logout_redirect(self):
         """
         Tests the logount AjaxItem on_success parameter in four different conditions:

diff --git a/cms/utils/permissions.py b/cms/utils/permissions.py
@@ -110,7 +110,7 @@ def has_page_change_permission(request):
         and global_change_perm or has_any_page_change_permissions(request))
 
 
-def has_global_page_permission(request, site=None, **filters):
+def has_global_page_permission(request, site=None, user=None, **filters):
     """
     A helper function to check for global page permissions for the current user
     and site. Caches the result on a request basis, so multiple calls to this
@@ -121,17 +121,19 @@ def has_global_page_permission(request, site=None, **filters):
     :param filters: queryset filters, e.g. ``can_add = True``
     :return: ``True`` or ``False``
     """
-    if not request.user.is_authenticated():
+    if not user:
+        user = request.user
+    if not user.is_authenticated():
         return False
-    if not get_cms_setting('PERMISSION') or request.user.is_superuser:
+    if not get_cms_setting('PERMISSION') or user.is_superuser:
         return True
     if not hasattr(request, '_cms_global_perms'):
         request._cms_global_perms = {}
     key = tuple((k, v) for k, v in filters.items())
     if site:
         key = (('site', site.pk if hasattr(site, 'pk') else int(site)),) + key
     if key not in request._cms_global_perms:
-        qs = GlobalPagePermission.objects.with_user(request.user).filter(**filters)
+        qs = GlobalPagePermission.objects.with_user(user).filter(**filters)
         if site:
             qs = qs.filter(Q(sites__in=[site]) | Q(sites__isnull=True))
         request._cms_global_perms[key] = qs.exists()