From 76d55ff037ccc0601c931409ae82d445d0acb784 Mon Sep 17 00:00:00 2001 From: Nora Wirkola Langli Date: Sun, 20 Oct 2024 01:28:31 +0200 Subject: [PATCH 1/4] fix(feedback): correct permission requirement for removing feedback relation Updated the RemoveFeedbackRelationView which used a permission from the events app, to use the feedback.delete_feedbackrelation permission --- apps/events/dashboard/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/events/dashboard/views.py b/apps/events/dashboard/views.py index 2bf9a6bf4..28bcbd624 100644 --- a/apps/events/dashboard/views.py +++ b/apps/events/dashboard/views.py @@ -185,7 +185,7 @@ def form_valid(self, form): class RemoveFeedbackRelationView(DashboardObjectPermissionMixin, DeleteView): model = FeedbackRelation - permission_required = "events.add_attendanceevent" + permission_required = "feedback.delete_feedbackrelation" def get_success_url(self): return reverse( From 4d6e4572f6a93fed396bdbe9cfe58321585a481d Mon Sep 17 00:00:00 2001 From: Nora Wirkola Langli Date: Tue, 5 Nov 2024 23:37:36 +0100 Subject: [PATCH 2/4] test: add remove feedback test --- apps/events/dashboard/tests.py | 24 ++++++++++++++++++++++++ apps/events/dashboard/views.py | 2 ++ 2 files changed, 26 insertions(+) diff --git a/apps/events/dashboard/tests.py b/apps/events/dashboard/tests.py index d854fab66..8175e95fe 100644 --- a/apps/events/dashboard/tests.py +++ b/apps/events/dashboard/tests.py @@ -1,3 +1,5 @@ +from datetime import timedelta + from django.contrib.auth.models import Permission from django.test import TestCase from django.urls import reverse @@ -7,6 +9,7 @@ from apps.authentication.models import OnlineUser as User from apps.events.models import AttendanceEvent, Event +from apps.feedback.models import Feedback, FeedbackRelation, TextQuestion def create_generic_attendance_event(): @@ -23,6 +26,7 @@ def add_permissions(user): user.user_permissions.add( Permission.objects.filter(codename="view_event").first(), Permission.objects.filter(codename="add_event").first(), + Permission.objects.filter(codename="delete_feedbackrelation").first(), ) @@ -62,3 +66,23 @@ def test_dashboard_events_create(self): response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_dashboard_remove_feedback_from_event(self): + add_permissions(self.user) + # Is staff, view_event and add_event, delete_feedbackrelation permissions + event = create_generic_attendance_event() + + feedback = Feedback.objects.create(author=self.user) + TextQuestion.objects.create(feedback=feedback) + deadline = timezone.now().date() + timedelta(days=4) + + FeedbackRelation.objects.create( + feedback=feedback, content_object=event, deadline=deadline, active=True + ) + + url = reverse( + "dashboard_events_remove_feedback", + kwargs={"event_id": event.id, "pk": feedback.id}, + ) + response = self.client.get(url) + self.assertEqual(response.status_code, status.HTTP_200_OK) diff --git a/apps/events/dashboard/views.py b/apps/events/dashboard/views.py index 28bcbd624..3b26e727b 100644 --- a/apps/events/dashboard/views.py +++ b/apps/events/dashboard/views.py @@ -185,7 +185,9 @@ def form_valid(self, form): class RemoveFeedbackRelationView(DashboardObjectPermissionMixin, DeleteView): model = FeedbackRelation + permission_required = "feedback.delete_feedbackrelation" + # permission_required = "events.add_attendanceevent" def get_success_url(self): return reverse( From afd2897c9c906d81c4f0cd5b1eb7ba8a49872110 Mon Sep 17 00:00:00 2001 From: Nora Wirkola Langli Date: Wed, 6 Nov 2024 18:05:54 +0100 Subject: [PATCH 3/4] Testing stuff --- apps/events/dashboard/tests.py | 17 +++++++++++++++-- apps/events/dashboard/views.py | 1 - 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/apps/events/dashboard/tests.py b/apps/events/dashboard/tests.py index 8175e95fe..167dcb443 100644 --- a/apps/events/dashboard/tests.py +++ b/apps/events/dashboard/tests.py @@ -5,6 +5,7 @@ from django.urls import reverse from django.utils import timezone from django_dynamic_fixture import G +from guardian.shortcuts import assign_perm from rest_framework import status from apps.authentication.models import OnlineUser as User @@ -68,21 +69,33 @@ def test_dashboard_events_create(self): self.assertEqual(response.status_code, status.HTTP_200_OK) def test_dashboard_remove_feedback_from_event(self): + # self.committee = G(Group, name="Arrkom") add_permissions(self.user) - # Is staff, view_event and add_event, delete_feedbackrelation permissions + event = create_generic_attendance_event() + # event = G(Event, event_type=EventType.BEDPRES, organizer=self.committee) + # G(AttendanceEvent, event=event) feedback = Feedback.objects.create(author=self.user) TextQuestion.objects.create(feedback=feedback) deadline = timezone.now().date() + timedelta(days=4) - FeedbackRelation.objects.create( + feedbackrelation = FeedbackRelation.objects.create( feedback=feedback, content_object=event, deadline=deadline, active=True ) + assign_perm("delete_feedbackrelation", self.user, feedbackrelation) + # self.user.groups.add(self.committee) + self.assertTrue(self.user.has_perm("feedback.delete_feedbackrelation")) + url = reverse( "dashboard_events_remove_feedback", kwargs={"event_id": event.id, "pk": feedback.id}, ) response = self.client.get(url) + + """ + django.template.exceptions.TemplateDoesNotExist: feedback/feedbackrelation_confirm_delete.html + """ + self.assertEqual(response.status_code, status.HTTP_200_OK) diff --git a/apps/events/dashboard/views.py b/apps/events/dashboard/views.py index 3b26e727b..8dff83593 100644 --- a/apps/events/dashboard/views.py +++ b/apps/events/dashboard/views.py @@ -187,7 +187,6 @@ class RemoveFeedbackRelationView(DashboardObjectPermissionMixin, DeleteView): model = FeedbackRelation permission_required = "feedback.delete_feedbackrelation" - # permission_required = "events.add_attendanceevent" def get_success_url(self): return reverse( From 2d06abec72a13b1ff9a41dbfbf31aa6afa2b1e98 Mon Sep 17 00:00:00 2001 From: Nora Wirkola Langli Date: Wed, 6 Nov 2024 18:33:28 +0100 Subject: [PATCH 4/4] fix: test for delete_feedbackrelation --- apps/events/dashboard/tests.py | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/apps/events/dashboard/tests.py b/apps/events/dashboard/tests.py index 167dcb443..92b7cbbd6 100644 --- a/apps/events/dashboard/tests.py +++ b/apps/events/dashboard/tests.py @@ -69,13 +69,9 @@ def test_dashboard_events_create(self): self.assertEqual(response.status_code, status.HTTP_200_OK) def test_dashboard_remove_feedback_from_event(self): - # self.committee = G(Group, name="Arrkom") add_permissions(self.user) event = create_generic_attendance_event() - # event = G(Event, event_type=EventType.BEDPRES, organizer=self.committee) - # G(AttendanceEvent, event=event) - feedback = Feedback.objects.create(author=self.user) TextQuestion.objects.create(feedback=feedback) deadline = timezone.now().date() + timedelta(days=4) @@ -85,17 +81,12 @@ def test_dashboard_remove_feedback_from_event(self): ) assign_perm("delete_feedbackrelation", self.user, feedbackrelation) - # self.user.groups.add(self.committee) self.assertTrue(self.user.has_perm("feedback.delete_feedbackrelation")) url = reverse( "dashboard_events_remove_feedback", kwargs={"event_id": event.id, "pk": feedback.id}, ) - response = self.client.get(url) + response = self.client.post(url) - """ - django.template.exceptions.TemplateDoesNotExist: feedback/feedbackrelation_confirm_delete.html - """ - - self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertEqual(response.status_code, status.HTTP_302_FOUND)