Permalink
Browse files

Merge pull request #27 from transifex/fix_reviewer_project_access

Fixed access permissions for a reviewer in private projects.
  • Loading branch information...
2 parents 7eb78bd + ea3da8b commit 360576d40189d75bf3171b3c9bdab533fe1a2ad1 @jkal jkal committed Apr 18, 2012
@@ -34,7 +34,8 @@
'maintainer',
'writer',
'team_coordinator',
- 'team_member']
+ 'team_member',
+ 'reviewer']
PASSWORD = '123412341234'
@@ -448,8 +449,10 @@ def setUp(self):
project=self.project_private, creator=self.user['maintainer'])[0]
self.team.coordinators.add(self.user['team_coordinator'])
self.team.members.add(self.user['team_member'])
+ self,team.reviewers.add(self.user['reviewer'])
self.team_private.coordinators.add(self.user['team_coordinator'])
self.team_private.members.add(self.user['team_member'])
+ self.team_private.reviewers.add(self.user['reviewer'])
# Create a release
self.release = Release.objects.create(slug="releaseslug1",
@@ -538,8 +541,10 @@ def setUpClass(self):
project=cls._project_private, creator=cls._user['maintainer'])[0]
cls._team.coordinators.add(cls._user['team_coordinator'])
cls._team.members.add(cls._user['team_member'])
+ cls._team.members.add(cls._user['reviewer'])
cls._team_private.coordinators.add(cls._user['team_coordinator'])
cls._team_private.members.add(cls._user['team_member'])
+ cls._team_private.members.add(cls._user['reviewer'])
# Create a release
cls._release = Release.objects.get_or_create(slug="releaseslug1",
@@ -97,7 +97,8 @@ def involved_with(self, user):
return self.filter(
Q(maintainers__in=[user]) |
Q(team__coordinators__in=[user]) |
- Q(team__members__in=[user])
+ Q(team__members__in=[user]) |
+ Q(team__reviewers__in=[user])
).distinct()
def for_user(self, user):
@@ -114,7 +115,8 @@ def for_user(self, user):
projects = projects.exclude(
Q(private=True) & ~(Q(maintainers__in=[user]) |
Q(team__coordinators__in=[user]) |
- Q(team__members__in=[user]))).distinct()
+ Q(team__members__in=[user]) |
+ Q(team__reviewers__in=[user]))).distinct()
return projects
def public(self):
@@ -299,7 +301,8 @@ def team_members(self):
"""Return a queryset of all memebers of a project."""
return User.objects.filter(
Q(team_members__project=self) | Q(team_coordinators__project=self) |\
- Q(projects_owning=self) | Q(projects_maintaining=self)
+ Q(team_reviewers__project=self) | Q(projects_owning=self) |\
+ Q(projects_maintaining=self)
).distinct()
@property
@@ -59,7 +59,7 @@ def coordinate_team(self, project=None, language=None):
coordinate_team.short_description = _("Is allowed to coordinate a "
"team project")
- def proofread(self, project=None, language=None):
+ def proofread(self, project=None, language=None, any_team=False):
if project:
if self.maintain(project):
# Maintainers can review
@@ -70,6 +70,11 @@ def proofread(self, project=None, language=None):
if team:
if self.user in team.reviewers.all() or self.user in team.coordinators.all():
return True
+ elif any_team:
+ user_teams = project.team_set.filter(
+ Q(reviewers=self.user)).distinct()
+ if user_teams:
+ return True
return False
proofread.short_description = _("Is allowed to review translations for "
"a team project")
@@ -133,7 +138,8 @@ def private(self, project=None):
return False
# Maintainers, writers (submitters, coordinators, members)
return self.maintain(project) or \
- self.submit_translations(project, any_team=True)
+ self.submit_translations(project, any_team=True) or\
+ self.proofread(project, any_team=True)
else:
# The project is public so let them continue
return True
@@ -128,7 +128,8 @@ def test_project_detail(self):
self.failUnlessEqual(response.status_code, 403)
# Check people who should have access to the private project
- for user in ['maintainer', 'team_coordinator', 'team_member']: # 'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: # 'writer',
response = self.client[user].get(self.urls['project_private'])
self.failUnlessEqual(response.status_code, 200)
@@ -143,7 +144,8 @@ def test_resource_details(self):
self.failUnlessEqual(response.status_code, 403)
# Check people who should have access to the private project
- for user in ['maintainer', 'team_coordinator', 'team_member']: # 'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: # 'writer',
response = self.client[user].get(self.urls['resource_private'])
self.failUnlessEqual(response.status_code, 200)
@@ -160,7 +162,8 @@ def test_widgets(self):
self.failUnlessEqual(response.status_code, 403)
# Check people who should have access to the private project
- for user in ['maintainer', 'writer', 'team_coordinator', 'team_member']:
+ for user in ['maintainer', 'writer', 'team_coordinator',
+ 'team_member', 'reviewer']:
response = self.client[user].get(url)
self.failUnlessEqual(response.status_code, 403)
@@ -336,6 +339,32 @@ def test_teams_access(self):
'/projects/p/%s/language/%s/deny/%s/' % (self.project_private.slug, self.language.code,
self.user['team_member'].username)
]
+ },
+ 'reviewer' : {
+ 200 : [
+ '/projects/p/%s/language/%s/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/language/%s/members/' %(self.project_private.slug, self.language.code)
+ ],
+ 302 : [
+ '/projects/p/%s/language/%s/request/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/language/%s/leave/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/languages/request/' % self.project_private.slug
+ ],
+ 404 : [
+ '/projects/p/%s/language/%s/withdraw/' %(self.project_private.slug, self.language.code),
+ ],
+ 403 : [
+ '/projects/p/%s/languages/add/' % self.project_private.slug,
+ '/projects/p/%s/language/%s/edit/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/language/%s/delete/' %(self.project_private.slug, self.language.code),
+ # TODO: Add a second team to check if coordinator has access too.
+ '/projects/p/%s/language/%s/approve/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/language/%s/deny/' %(self.project_private.slug, self.language.code),
+ '/projects/p/%s/language/%s/approve/%s/' % (self.project_private.slug, self.language.code,
+ self.user['team_member'].username),
+ '/projects/p/%s/language/%s/deny/%s/' % (self.project_private.slug, self.language.code,
+ self.user['team_member'].username)
+ ]
}
}
@@ -364,7 +393,8 @@ def test_view_strings(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']:# 'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']:# 'writer',
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 200)
@@ -377,7 +407,8 @@ def test_view_strings(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 302)
- for user in ['registered', 'team_coordinator', 'team_member']:
+ for user in ['registered', 'team_coordinator', 'team_member',
+ 'reviewer']:
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
@@ -402,7 +433,8 @@ def test_edit_strings(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']: # 'writer'?
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: # 'writer'?
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 200)
@@ -419,7 +451,7 @@ def test_edit_strings(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
- for user in ['team_coordinator', 'team_member']:
+ for user in ['team_coordinator', 'team_member', 'reviewer']:
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
@@ -446,7 +478,8 @@ def test_download_file(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403) # better 404?
- for user in ['maintainer', 'team_coordinator', 'team_member']: #'writer'?
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: #'writer'?
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 302) # why not 200?
@@ -459,7 +492,8 @@ def test_download_file(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 302)
- for user in ['team_coordinator', 'team_member', 'registered']:
+ for user in ['team_coordinator', 'team_member', 'registered',
+ 'reviewer']:
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
@@ -545,7 +579,8 @@ def test_lock_unlock_file(self):
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']: #'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: #'writer',
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 200)
@@ -589,7 +624,8 @@ def test_watch_unwatch_file(self):
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']: #'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: #'writer',
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 200)
@@ -630,7 +666,8 @@ def test_watch_unwatch_project(self):
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']: # 'writer',
+ for user in ['maintainer', 'team_coordinator', 'team_member',
+ 'reviewer']: # 'writer',
response = self.client[user].post(URL, follow=True)
self.failUnlessEqual(response.status_code, 200)
@@ -656,7 +693,8 @@ def test_charts(self):
self.failUnlessEqual(response.status_code, 403)
# For now charts are disabled for private projects
- for user in ['maintainer', 'writer', 'team_coordinator', 'team_member']:
+ for user in ['maintainer', 'writer', 'team_coordinator',
+ 'team_member', 'reviewer']:
for url in URLs:
response = self.client[user].get(url)
self.failUnlessEqual(response.status_code, 403)
@@ -677,7 +715,8 @@ def test_timeline(self):
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 403)
- for user in ['maintainer', 'team_coordinator', 'team_member']:
+ for user in ['maintainer', 'team_coordinator',
+ 'team_member', 'reviewer']:
response = self.client[user].get(URL)
self.failUnlessEqual(response.status_code, 200)
@@ -725,3 +764,10 @@ def test_private_projects_ajax_lookup(self):
self.assertContains(resp, public_project, status_code=200)
self.assertContains(resp, private_project, status_code=200)
+ # Test that a private project is visible to a reviewer of its teams
+ self.assertTrue(self.user['reviewer'] in self.team_private.members.all())
+ self.assertFalse(self.user['reviewer'] in self.project_private.maintainers.all())
+ resp = self.client['reviewer'].get('/ajax/ajax_lookup/projects', {'q': 'p', 'limit': '150', })
+ self.assertContains(resp, public_project, status_code=200)
+ self.assertContains(resp, private_project, status_code=200)
+
Oops, something went wrong. Retry.

0 comments on commit 360576d

Please sign in to comment.