Process multiple documents in the tag attach views as querysets not as list of objects. AccessControlList.objects.filter_by_access only supports querysets now. Closes GL issue #228.

mayan/apps/tags/tests/test_views.py

@@ -19,7 +19,7 @@ from user_management.tests import (
 )
 
 from ..models import Tag
-from ..permissions import permission_tag_view
+from ..permissions import permission_tag_attach, permission_tag_view
 
 from .literals import TEST_TAG_COLOR, TEST_TAG_LABEL
 
@@ -36,6 +36,8 @@ class TagViewTestCase(TestCase):
         )
         self.group = Group.objects.create(name=TEST_GROUP)
         self.role = Role.objects.create(label=TEST_ROLE_LABEL)
+        self.group.user_set.add(self.user)
+        self.role.groups.add(self.group)
         Permission.invalidate_cache()
 
         self.document_type = DocumentType.objects.create(
@@ -54,11 +56,6 @@ class TagViewTestCase(TestCase):
             color=TEST_TAG_COLOR, label=TEST_TAG_LABEL
         )
 
-        self.tag.documents.add(self.document)
-
-        self.group.user_set.add(self.user)
-        self.role.groups.add(self.group)
-
     def tearDown(self):
         self.admin_user.delete()
         self.document_type
@@ -74,9 +71,9 @@ class TagViewTestCase(TestCase):
         self.assertTrue(logged_in)
         self.assertTrue(self.user.is_authenticated())
 
+        self.tag.documents.add(self.document)
         response = self.client.get(reverse('documents:document_list'))
         self.assertNotContains(response, text=TEST_TAG_LABEL, status_code=200)
-        # TODO: Verify this test's logic
 
     def test_document_tags_widget_with_permissions(self):
         logged_in = self.client.login(
@@ -85,9 +82,107 @@ class TagViewTestCase(TestCase):
         self.assertTrue(logged_in)
         self.assertTrue(self.user.is_authenticated())
 
+        self.tag.documents.add(self.document)
         self.role.permissions.add(permission_tag_view.stored_permission)
+        self.role.permissions.add(permission_document_view.stored_permission)
         response = self.client.get(reverse('documents:document_list'))
+
         self.assertContains(
             response, text=TEST_TAG_LABEL.replace(' ', ' '),
             status_code=200
         )
+
+    def test_document_attach_tag_user_view(self):
+        logged_in = self.client.login(
+            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
+        )
+        self.assertTrue(logged_in)
+        self.assertTrue(self.user.is_authenticated())
+
+        self.assertEqual(
+            self.document.tags.count(), 0
+        )
+
+        response = self.client.post(
+            reverse(
+                'tags:tag_attach',
+                args=(self.document.pk,)
+            ), data={
+                'tag': self.tag.pk,
+                'user': self.user.pk
+            }, follow=True
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        self.assertEqual(
+            self.document.tags.count(), 0
+        )
+
+        self.role.permissions.add(permission_tag_attach.stored_permission)
+        # permission_tag_view is needed because the form filters the
+        # choices
+        self.role.permissions.add(permission_tag_view.stored_permission)
+
+        response = self.client.post(
+            reverse(
+                'tags:tag_attach',
+                args=(self.document.pk,)
+            ), data={
+                'tag': self.tag.pk,
+                'user': self.user.pk
+            }, follow=True
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        self.assertQuerysetEqual(
+            self.document.tags.all(), (repr(self.tag),)
+        )
+
+    def test_document_multiple_attach_tag_user_view(self):
+        logged_in = self.client.login(
+            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
+        )
+        self.assertTrue(logged_in)
+        self.assertTrue(self.user.is_authenticated())
+
+        self.assertEqual(
+            self.document.tags.count(), 0
+        )
+
+        response = self.client.post(
+            reverse(
+                'tags:multiple_documents_tag_attach',
+            ), data={
+                'id_list': self.document.pk, 'tag': self.tag.pk,
+                'user': self.user.pk
+            }, follow=True
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        self.assertEqual(
+            self.document.tags.count(), 0
+        )
+
+        self.role.permissions.add(permission_tag_attach.stored_permission)
+
+        # permission_tag_view is needed because the form filters the
+        # choices
+        self.role.permissions.add(permission_tag_view.stored_permission)
+
+        response = self.client.post(
+            reverse(
+                'tags:multiple_documents_tag_attach',
+            ), data={
+                'id_list': self.document.pk, 'tag': self.tag.pk,
+                'user': self.user.pk
+            }, follow=True
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        self.assertQuerysetEqual(
+            self.document.tags.all(), (repr(self.tag),)
+        )

mayan/apps/tags/views.py

@@ -40,13 +40,12 @@ class TagCreateView(SingleObjectCreateView):
 
 def tag_attach(request, document_id=None, document_id_list=None):
     if document_id:
-        documents = [get_object_or_404(Document, pk=document_id)]
+        queryset = Document.objects.filter(pk=document_id)
         post_action_redirect = reverse('tags:tag_list')
     elif document_id_list:
-        documents = [
-            get_object_or_404(Document, pk=document_id) for document_id in document_id_list.split(',')
-        ]
-    else:
+        queryset = Document.objects.filter(pk__in=document_id_list)
+
+    if not queryset:
         messages.error(request, _('Must provide at least one document.'))
         return HttpResponseRedirect(
             request.META.get(
@@ -57,8 +56,8 @@ def tag_attach(request, document_id=None, document_id_list=None):
     try:
         Permission.check_permissions(request.user, (permission_tag_attach,))
     except PermissionDenied:
-        documents = AccessControlList.objects.filter_by_access(
-            permission_tag_attach, request.user, documents
+        queryset = AccessControlList.objects.filter_by_access(
+            permission_tag_attach, request.user, queryset
         )
 
     post_action_redirect = None
@@ -73,7 +72,7 @@ def tag_attach(request, document_id=None, document_id_list=None):
         form = TagListForm(request.POST, user=request.user)
         if form.is_valid():
             tag = form.cleaned_data['tag']
-            for document in documents:
+            for document in queryset:
                 if tag in document.attached_tags().all():
                     messages.warning(
                         request, _(
@@ -103,12 +102,12 @@ def tag_attach(request, document_id=None, document_id_list=None):
         'title': ungettext(
             'Attach tag to document',
             'Attach tag to documents',
-            len(documents)
+            queryset.count()
         )
     }
 
-    if len(documents) == 1:
-        context['object'] = documents[0]
+    if queryset.count() == 1:
+        context['object'] = queryset.first()
 
     return render_to_response(
         'appearance/generic_form.html', context,
@@ -118,7 +117,9 @@ def tag_attach(request, document_id=None, document_id_list=None):
 
 def tag_multiple_attach(request):
     return tag_attach(
-        request, document_id_list=request.GET.get('id_list', [])
+        request, document_id_list=request.GET.get(
+            'id_list', request.POST.get('id_list', '')
+        ).split(',')
     )