Don't raise error for AnonymousUser permissions

Instead return always False. Signed-off-by: Roberto Rosario <roberto.rosario@mayan-edms.com>
2019-10-27 20:12:40 -04:00
parent 7e5aad7714
commit 491de98356
5 changed files with 122 additions and 1 deletions
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -7,6 +7,8 @@
 - Language translations update.
 - Add target to run all translations targets.
 - Backport color log formatter from branch version/next.
+- Don't raise error checking AnonymousUser for permissions.
+  Instead return always False.

 3.2.8 (2019-10-01)
 ==================
--- a/docs/releases/3.2.9.rst
+++ b/docs/releases/3.2.9.rst
@@ -0,0 +1,105 @@
+Version 3.2.9
+=============
+
+Released: October XX, 2019
+
+
+Changes
+-------
+
+
+Removals
+--------
+
+- None
+
+
+Upgrading from a previous version
+---------------------------------
+
+If installed via Python's PIP
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Remove deprecated requirements::
+
+    sudo -u mayan curl https://gitlab.com/mayan-edms/mayan-edms/raw/master/removals.txt -o /tmp/removals.txt && sudo -u mayan /opt/mayan-edms/bin/pip uninstall -y -r /tmp/removals.txt
+
+Type in the console::
+
+    sudo -u mayan /opt/mayan-edms/bin/pip install mayan-edms==3.2.9
+
+the requirements will also be updated automatically.
+
+
+Using Git
+^^^^^^^^^
+
+If you installed Mayan EDMS by cloning the Git repository issue the commands::
+
+    $ git reset --hard HEAD
+    $ git pull
+
+otherwise download the compressed archived and uncompress it overriding the
+existing installation.
+
+Remove deprecated requirements::
+
+    $ pip uninstall -y -r removals.txt
+
+Next upgrade/add the new requirements::
+
+    $ pip install --upgrade -r requirements.txt
+
+
+Common steps
+^^^^^^^^^^^^
+
+Perform these steps after updating the code from either step above.
+
+Make a backup of your supervisord file::
+
+    sudo cp /etc/supervisor/conf.d/mayan.conf /etc/supervisor/conf.d/mayan.conf.bck
+
+Update the supervisord configuration file. Replace the environment
+variables values show here with your respective settings. This step will refresh
+the supervisord configuration file with the new queues and the latest
+recommended layout::
+
+    sudo MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
+    MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
+    MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
+    /opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord > /etc/supervisor/conf.d/mayan.conf
+
+Edit the supervisord configuration file and update any setting the template
+generator missed::
+
+    sudo vi /etc/supervisor/conf.d/mayan.conf
+
+Migrate existing database schema with::
+
+    sudo -u mayan MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan \
+    MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan \
+    MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
+    /opt/mayan-edms/bin/mayan-edms.py performupgrade
+
+Add new static media::
+
+    sudo -u mayan MAYAN_MEDIA_ROOT=/opt/mayan-edms/media \
+    /opt/mayan-edms/bin/mayan-edms.py preparestatic --noinput
+
+The upgrade procedure is now complete.
+
+
+Backward incompatible changes
+-----------------------------
+
+- None
+
+
+Bugs fixed or issues closed
+---------------------------
+
+- :gitlab-issue:`666` Chinese document such as .doc can't display well.
+- :forum-topic:`1347` Workflow state action: perform a POST request
+
+.. _PyPI: https://pypi.python.org/pypi/mayan-edms/
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@@ -19,7 +19,8 @@ versions of the documentation contain the release notes for any later releases.
 **********
 .. toctree::
   :maxdepth: 1
-
+   
+   3.2.9
   3.2.8
   3.2.7
   3.2.6
--- a/mayan/apps/permissions/models.py
+++ b/mayan/apps/permissions/models.py
@@ -76,6 +76,9 @@ class StoredPermission(models.Model):
            )
            return True

+        if not user.is_authenticated():
+            return False
+
        if Role.objects.filter(groups__user=user, permissions=self).exists():
            return True
        else:
--- a/mayan/apps/permissions/tests/test_models.py
+++ b/mayan/apps/permissions/tests/test_models.py
@@ -1,5 +1,6 @@
 from __future__ import unicode_literals

+from django.contrib.auth.models import AnonymousUser
 from django.core.exceptions import PermissionDenied

 from mayan.apps.common.tests import BaseTestCase
@@ -44,6 +45,15 @@ class PermissionTestCase(
        except PermissionDenied:
            self.fail('PermissionDenied exception was not expected.')

+    def test_anonymous_user_permissions(self):
+        self.auto_login_user = False
+        test_anonymous_user = AnonymousUser()
+
+        with self.assertRaises(PermissionDenied):
+            Permission.check_user_permissions(
+                permissions=(self.test_permission,), user=test_anonymous_user
+            )
+

 class StoredPermissionManagerTestCase(BaseTestCase):
    create_test_case_superuser = False