diff --git a/mayan/apps/checkouts/links.py b/mayan/apps/checkouts/links.py index fe5568d524..db4cd628ae 100644 --- a/mayan/apps/checkouts/links.py +++ b/mayan/apps/checkouts/links.py @@ -11,11 +11,19 @@ from .permissions import ( def is_checked_out(context): - return context['object'].is_checked_out() + try: + return context['object'].is_checked_out() + except KeyError: + # Might not have permissions + return False def is_not_checked_out(context): - return not context['object'].is_checked_out() + try: + return not context['object'].is_checked_out() + except KeyError: + # Might not have permissions + return True link_checkout_list = Link( diff --git a/mayan/apps/checkouts/tests/test_views.py b/mayan/apps/checkouts/tests/test_views.py index b622e7cee0..c0e0c8f42a 100644 --- a/mayan/apps/checkouts/tests/test_views.py +++ b/mayan/apps/checkouts/tests/test_views.py @@ -23,7 +23,8 @@ from user_management.tests import ( from ..models import DocumentCheckout from ..permissions import ( - permission_document_checkin, permission_document_checkout + permission_document_checkin, permission_document_checkin_override, + permission_document_checkout ) @@ -163,3 +164,72 @@ class DocumentCheckoutViewTestCase(GenericDocumentViewTestCase): resolved_link = link_upload_version.resolve(context=response.context) self.assertEqual(resolved_link, None) + + def test_forcefull_check_in_document_view_no_permission(self): + # Gitlab issue #237 + # Forcefully checking in a document by a user without adequate + # permissions throws out an error + + expiration_datetime = now() + datetime.timedelta(days=1) + + DocumentCheckout.objects.checkout_document( + document=self.document, expiration_datetime=expiration_datetime, + user=self.admin_user, block_new_version=True + ) + + self.assertTrue(self.document.is_checked_out()) + + self.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD + ) + + self.role.permissions.add( + permission_document_checkin.stored_permission + ) + self.role.permissions.add( + permission_document_checkout.stored_permission + ) + + response = self.post( + 'checkouts:checkin_document', args=(self.document.pk,), follow=True + ) + + self.assertContains( + response, text='Insufficient permissions', status_code=403 + ) + + self.assertTrue(self.document.is_checked_out()) + + def test_forcefull_check_in_document_view_with_permission(self): + expiration_datetime = now() + datetime.timedelta(days=1) + + DocumentCheckout.objects.checkout_document( + document=self.document, expiration_datetime=expiration_datetime, + user=self.admin_user, block_new_version=True + ) + + self.assertTrue(self.document.is_checked_out()) + + self.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD + ) + + self.role.permissions.add( + permission_document_checkin.stored_permission + ) + self.role.permissions.add( + permission_document_checkin.stored_permission + ) + self.role.permissions.add( + permission_document_checkin_override.stored_permission + ) + + response = self.post( + 'checkouts:checkin_document', args=(self.document.pk,), follow=True + ) + + self.assertContains( + response, text='hecked in successfully', status_code=200 + ) + + self.assertFalse(self.document.is_checked_out()) diff --git a/mayan/apps/navigation/classes.py b/mayan/apps/navigation/classes.py index dcf55d0c3b..0515991962 100644 --- a/mayan/apps/navigation/classes.py +++ b/mayan/apps/navigation/classes.py @@ -285,7 +285,12 @@ class Link(object): view_name=view_name, args=args, kwargs=kwargs, asvar=None ) - resolved_link.url = node.render(context) + try: + resolved_link.url = node.render(context) + except Exception as exception: + logger.error( + 'Error resolving link "%s" URL; %s', self.text, exception + ) # This is for links that should be displayed but that are not clickable if self.conditional_disable: