diff --git a/HISTORY.rst b/HISTORY.rst index 4c84fc4267..06c5e29f9d 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -15,6 +15,7 @@ - The permission to add or remove documents to cabinets now applies to documents too. - Equalize dashboard widgets heights. - Switch the order of the DEFAULT_AUTHENTICATION_CLASSES of DRF. GitLab #400. +- Backport document's version list view permission. 2.5.2 (2017-07-08) ================== diff --git a/docs/releases/2.5.1.rst b/docs/releases/2.5.1.rst index d8304199e6..5686968390 100644 --- a/docs/releases/2.5.1.rst +++ b/docs/releases/2.5.1.rst @@ -63,6 +63,12 @@ Backward incompatible changes Bugs fixed or issues closed =========================== +<<<<<<< HEAD:docs/releases/2.5.1.rst * None +======= +* `GitLab issue #378 `_ Add metadata widget changes from @Macrobb +* `GitLab issue #379 `_ Add new document version list view permission. + +>>>>>>> 105eab074... Add new document version list view permission. GitLab issue #379:docs/releases/3.0.rst .. _PyPI: https://pypi.python.org/pypi/mayan-edms/ diff --git a/mayan/apps/documents/api_views.py b/mayan/apps/documents/api_views.py index 6a4c03462c..d850f8e211 100644 --- a/mayan/apps/documents/api_views.py +++ b/mayan/apps/documents/api_views.py @@ -25,7 +25,7 @@ from .permissions import ( permission_document_restore, permission_document_trash, permission_document_view, permission_document_type_create, permission_document_type_delete, permission_document_type_edit, - permission_document_type_view + permission_document_type_view, permission_document_version_view ) from .runtime import cache_storage_backend from .serializers import ( @@ -529,7 +529,7 @@ class APIDocumentVersionsListView(generics.ListCreateAPIView): """ mayan_object_permissions = { - 'GET': (permission_document_view,), + 'GET': (permission_document_version_view,), } mayan_permission_attribute_check = 'document' mayan_view_permissions = {'POST': (permission_document_new_version,)} diff --git a/mayan/apps/documents/links.py b/mayan/apps/documents/links.py index 1bd78996e2..29ce7ffaf2 100644 --- a/mayan/apps/documents/links.py +++ b/mayan/apps/documents/links.py @@ -14,7 +14,8 @@ from .permissions import ( permission_document_version_revert, permission_document_view, permission_document_trash, permission_document_type_create, permission_document_type_delete, permission_document_type_edit, - permission_document_type_view, permission_empty_trash + permission_document_type_view, permission_empty_trash, + permission_document_version_view ) from .settings import setting_zoom_max_level, setting_zoom_min_level @@ -58,7 +59,7 @@ link_document_properties = Link( args='resolved_object.id' ) link_document_version_list = Link( - icon='fa fa-code-fork', permissions=(permission_document_view,), + icon='fa fa-code-fork', permissions=(permission_document_version_view,), text=_('Versions'), view='documents:document_version_list', args='resolved_object.pk' ) diff --git a/mayan/apps/documents/permissions.py b/mayan/apps/documents/permissions.py index c428188da4..c928a1a909 100644 --- a/mayan/apps/documents/permissions.py +++ b/mayan/apps/documents/permissions.py @@ -40,6 +40,10 @@ permission_document_version_revert = namespace.add_permission( name='document_version_revert', label=_('Revert documents to a previous version') ) +permission_document_version_view = namespace.add_permission( + name='document_version_view', + label=_('View documents\' versions list') +) permission_document_view = namespace.add_permission( name='document_view', label=_('View documents') ) diff --git a/mayan/apps/documents/tests/literals.py b/mayan/apps/documents/tests/literals.py index 16a877af0e..c282c5783d 100644 --- a/mayan/apps/documents/tests/literals.py +++ b/mayan/apps/documents/tests/literals.py @@ -75,3 +75,4 @@ TEST_SMALL_DOCUMENT_PATH = os.path.join( settings.BASE_DIR, 'apps', 'documents', 'tests', 'contrib', 'sample_documents', TEST_SMALL_DOCUMENT_FILENAME ) +TEST_VERSION_COMMENT = 'test version comment' diff --git a/mayan/apps/documents/tests/test_api.py b/mayan/apps/documents/tests/test_api.py index f30ebf7f2c..95fd104978 100644 --- a/mayan/apps/documents/tests/test_api.py +++ b/mayan/apps/documents/tests/test_api.py @@ -213,6 +213,32 @@ class DocumentAPITestCase(BaseAPITestCase): self.assertEqual(document.versions.first(), document.latest_version) + def test_document_version_list(self): + with open(TEST_SMALL_DOCUMENT_PATH) as file_object: + document = self.document_type.new_document( + file_object=file_object, + ) + + # Needed by MySQL as milliseconds value is not store in timestamp field + time.sleep(1) + + with open(TEST_DOCUMENT_PATH) as file_object: + document.new_version(file_object=file_object) + + self.assertEqual(document.versions.count(), 2) + + last_version = document.versions.last() + + response = self.client.get( + reverse( + 'rest_api:document-version-list', + args=(document.pk,) + ) + ) + self.assertEqual( + response.data['results'][1]['checksum'], last_version.checksum + ) + def test_document_download(self): with open(TEST_SMALL_DOCUMENT_PATH) as file_object: document = self.document_type.new_document( diff --git a/mayan/apps/documents/tests/test_views.py b/mayan/apps/documents/tests/test_views.py index 169f8b8833..bdeb16fabd 100644 --- a/mayan/apps/documents/tests/test_views.py +++ b/mayan/apps/documents/tests/test_views.py @@ -21,13 +21,14 @@ from ..permissions import ( permission_document_tools, permission_document_trash, permission_document_type_create, permission_document_type_delete, permission_document_type_edit, permission_document_type_view, - permission_document_version_revert, permission_document_view, - permission_empty_trash + permission_document_version_revert, permission_document_version_view, + permission_document_view, permission_empty_trash ) from .literals import ( TEST_DOCUMENT_TYPE, TEST_DOCUMENT_TYPE_QUICK_LABEL, - TEST_SMALL_DOCUMENT_FILENAME, TEST_SMALL_DOCUMENT_PATH + TEST_SMALL_DOCUMENT_FILENAME, TEST_SMALL_DOCUMENT_PATH, + TEST_VERSION_COMMENT ) @@ -434,39 +435,6 @@ class DocumentsViewsTestCase(GenericDocumentViewTestCase): self.assertEqual(DeletedDocument.objects.count(), 0) self.assertEqual(Document.objects.count(), 0) - def test_document_version_revert_no_permission(self): - first_version = self.document.latest_version - - with open(TEST_SMALL_DOCUMENT_PATH) as file_object: - self.document.new_version( - file_object=file_object - ) - - response = self.post( - 'documents:document_version_revert', args=(first_version.pk,) - ) - - self.assertEqual(response.status_code, 403) - self.assertEqual(self.document.versions.count(), 2) - - def test_document_version_revert_with_permission(self): - first_version = self.document.latest_version - - with open(TEST_SMALL_DOCUMENT_PATH) as file_object: - self.document.new_version( - file_object=file_object - ) - - self.grant(permission=permission_document_version_revert) - - response = self.post( - 'documents:document_version_revert', args=(first_version.pk,), - follow=True - ) - - self.assertContains(response, 'reverted', status_code=200) - self.assertEqual(self.document.versions.count(), 1) - def test_document_page_view_no_permissions(self): response = self.get( 'documents:document_page_view', args=( @@ -664,6 +632,73 @@ class DocumentTypeViewsTestCase(GenericDocumentViewTestCase): self.assertEqual(self.document_type.filenames.count(), 1) +class DocumentVersionTestCase(GenericDocumentViewTestCase): + def setUp(self): + super(DocumentVersionTestCase, self).setUp() + self.login_user() + + def test_document_version_list_no_permission(self): + with open(TEST_SMALL_DOCUMENT_PATH) as file_object: + self.document.new_version( + comment=TEST_VERSION_COMMENT, file_object=file_object + ) + + response = self.get( + 'documents:document_version_list', args=(self.document.pk,) + ) + + self.assertEqual(response.status_code, 403) + + def test_document_version_list_with_permission(self): + self.grant(permission=permission_document_version_view) + + with open(TEST_SMALL_DOCUMENT_PATH) as file_object: + self.document.new_version( + comment=TEST_VERSION_COMMENT, file_object=file_object + ) + + response = self.get( + 'documents:document_version_list', args=(self.document.pk,) + ) + + self.assertContains(response, TEST_VERSION_COMMENT, status_code=200) + + def test_document_version_revert_no_permission(self): + first_version = self.document.latest_version + + with open(TEST_SMALL_DOCUMENT_PATH) as file_object: + self.document.new_version( + file_object=file_object + ) + + response = self.post( + 'documents:document_version_revert', args=(first_version.pk,) + ) + + self.assertEqual(response.status_code, 403) + self.assertEqual(self.document.versions.count(), 2) + + def test_document_version_revert_with_permission(self): + first_version = self.document.latest_version + + with open(TEST_SMALL_DOCUMENT_PATH) as file_object: + self.document.new_version( + file_object=file_object + ) + + self.grant(permission=permission_document_version_revert) + + response = self.post( + 'documents:document_version_revert', args=(first_version.pk,), + follow=True + ) + + self.assertContains(response, 'reverted', status_code=200) + self.assertEqual(self.document.versions.count(), 1) + + + + class DeletedDocumentTestCase(GenericDocumentViewTestCase): def setUp(self): super(DeletedDocumentTestCase, self).setUp() diff --git a/mayan/apps/documents/views/document_version_views.py b/mayan/apps/documents/views/document_version_views.py index 47f41cc42d..2faefe9ae5 100644 --- a/mayan/apps/documents/views/document_version_views.py +++ b/mayan/apps/documents/views/document_version_views.py @@ -12,7 +12,7 @@ from common.generics import ConfirmView, SingleObjectListView from ..models import Document, DocumentVersion from ..permissions import ( permission_document_download, permission_document_version_revert, - permission_document_view + permission_document_version_view, permission_document_view ) from .document_views import DocumentDownloadFormView, DocumentDownloadView @@ -23,7 +23,7 @@ logger = logging.getLogger(__name__) class DocumentVersionListView(SingleObjectListView): def dispatch(self, request, *args, **kwargs): AccessControlList.objects.check_access( - permissions=permission_document_view, user=request.user, + permissions=permission_document_version_view, user=request.user, obj=self.get_document() )