diff --git a/mayan/apps/tags/api_views.py b/mayan/apps/tags/api_views.py index a060fe707e..1421c8f815 100644 --- a/mayan/apps/tags/api_views.py +++ b/mayan/apps/tags/api_views.py @@ -117,7 +117,9 @@ class APIDocumentTagListView(generics.ListCreateAPIView): user=self.request.user ) - return document.attached_tags().all() + return document.get_tags( + permission=permission_tag_view, user=self.request.user + ).all() def get_serializer(self, *args, **kwargs): if not self.request: @@ -162,7 +164,9 @@ class APIDocumentTagView(generics.RetrieveDestroyAPIView): serializer_class = DocumentTagSerializer def get_document(self): - document = get_object_or_404(klass=Document, pk=self.kwargs['document_pk']) + document = get_object_or_404( + klass=Document, pk=self.kwargs['document_pk'] + ) AccessControlList.objects.check_access( obj=document, permissions=(permission_document_view,), @@ -171,7 +175,7 @@ class APIDocumentTagView(generics.RetrieveDestroyAPIView): return document def get_queryset(self): - return self.get_document().attached_tags().all() + return self.get_document().tags.all() def get_serializer(self, *args, **kwargs): if not self.request: diff --git a/mayan/apps/tags/html_widgets.py b/mayan/apps/tags/html_widgets.py index 847b1c3e8e..37c09cbe7a 100644 --- a/mayan/apps/tags/html_widgets.py +++ b/mayan/apps/tags/html_widgets.py @@ -1,6 +1,5 @@ from __future__ import absolute_import, unicode_literals -from django.apps import apps from django.template.loader import render_to_string from .permissions import permission_tag_view @@ -10,17 +9,12 @@ def widget_document_tags(document, user): """ A tag widget that displays the tags for the given document """ - AccessControlList = apps.get_model( - app_label='acls', model_name='AccessControlList' - ) - - tags = AccessControlList.objects.restrict_queryset( - permission=permission_tag_view, queryset=document.attached_tags().all(), - user=user - ) - return render_to_string( - template_name='tags/document_tags_widget.html', context={'tags': tags} + template_name='tags/document_tags_widget.html', context={ + 'tags': document.get_tags( + permission=permission_tag_view, user=user + ) + } ) diff --git a/mayan/apps/tags/tests/test_views.py b/mayan/apps/tags/tests/test_views.py index 79c53d6234..23189d7635 100644 --- a/mayan/apps/tags/tests/test_views.py +++ b/mayan/apps/tags/tests/test_views.py @@ -162,10 +162,12 @@ class TagDocumentViewTestCase(TagTestMixin, TagViewTestMixin, GenericDocumentVie self.test_tag.documents.add(self.test_document) - self.grant_access(obj=self.test_tag, permission=permission_tag_view) self.grant_access( obj=self.test_document, permission=permission_tag_view ) + self.grant_access( + obj=self.test_tag, permission=permission_tag_view + ) response = self._request_test_document_tag_list_view() self.assertContains( diff --git a/mayan/apps/tags/tests/test_widgets.py b/mayan/apps/tags/tests/test_widgets.py new file mode 100644 index 0000000000..8f6fcc18c3 --- /dev/null +++ b/mayan/apps/tags/tests/test_widgets.py @@ -0,0 +1,80 @@ +from __future__ import unicode_literals + +from django.utils.encoding import force_text + +from mayan.apps.documents.tests import GenericDocumentViewTestCase +from mayan.apps.documents.tests.mixins import DocumentViewTestMixin +from mayan.apps.documents.permissions import permission_document_view + +from ..permissions import permission_tag_view + +from .mixins import TagTestMixin + + +class DocumentTagHTMLWidgetTestCase(DocumentViewTestMixin, TagTestMixin, GenericDocumentViewTestCase): + def test_document_tags_widget_no_permissions(self): + self._create_test_tag() + + self.test_tag.documents.add(self.test_document) + + response = self._request_test_document_list_view() + self.assertNotContains( + response=response, text=self.test_document.label, status_code=200 + ) + self.assertNotContains( + response=response, text=self.test_tag.label, status_code=200 + ) + + def test_document_tags_widget_with_document_access(self): + self._create_test_tag() + + self.test_tag.documents.add(self.test_document) + + self.grant_access( + obj=self.test_document, permission=permission_document_view + ) + + response = self._request_test_document_list_view() + self.assertContains( + response=response, text=self.test_document.label, status_code=200 + ) + self.assertNotContains( + response=response, text=force_text(self.test_tag), status_code=200 + ) + + def test_document_tags_widget_with_tag_access(self): + self._create_test_tag() + + self.test_tag.documents.add(self.test_document) + + self.grant_access( + obj=self.test_tag, permission=permission_tag_view + ) + + response = self._request_test_document_list_view() + self.assertNotContains( + response=response, text=self.test_document.label, status_code=200 + ) + self.assertNotContains( + response=response, text=self.test_tag.label, status_code=200 + ) + + def test_document_tags_widget_with_full_access(self): + self._create_test_tag() + + self.test_tag.documents.add(self.test_document) + + self.grant_access( + obj=self.test_document, permission=permission_document_view + ) + self.grant_access( + obj=self.test_tag, permission=permission_tag_view + ) + + response = self._request_test_document_list_view() + self.assertContains( + response=response, text=self.test_document.label, status_code=200 + ) + self.assertContains( + response=response, text=self.test_tag.label, status_code=200 + )