Browse Source

remove acesso não permitido via url ao crud tipoautor

pull/1631/head
LeandroRoberto 7 years ago
parent
commit
adac6e3b7e
  1. 18
      sapl/base/views.py
  2. 7
      sapl/test_urls.py

18
sapl/base/views.py

@ -2,7 +2,7 @@ from django.conf import settings
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.contrib.auth.tokens import default_token_generator from django.contrib.auth.tokens import default_token_generator
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
from django.core.mail import send_mail from django.core.mail import send_mail
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.db.models import Count from django.db.models import Count
@ -80,6 +80,22 @@ class TipoAutorCrud(CrudAux):
return context return context
class TipoAutorMixin:
def dispatch(self, request, *args, **kwargs):
object = self.get_object()
if object.content_type:
raise PermissionDenied()
return super().get(request, *args, **kwargs)
class UpdateView(TipoAutorMixin, CrudAux.UpdateView):
pass
class DetailView(TipoAutorMixin, CrudAux.DetailView):
pass
class DeleteView(TipoAutorMixin, CrudAux.DeleteView):
pass
class AutorCrud(CrudAux): class AutorCrud(CrudAux):
model = Autor model = Autor

7
sapl/test_urls.py

@ -1,12 +1,12 @@
import pytest
from django.apps import apps from django.apps import apps
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.management import _get_all_permissions from django.contrib.auth.management import _get_all_permissions
from django.contrib.auth.models import Permission from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.db import transaction from django.db import transaction
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import string_concat from django.utils.translation import string_concat
from django.utils.translation import ugettext_lazy as _
import pytest
from sapl.crud.base import PermissionRequiredForAppCrudMixin from sapl.crud.base import PermissionRequiredForAppCrudMixin
from sapl.rules.apps import AppConfig, update_groups from sapl.rules.apps import AppConfig, update_groups
@ -14,6 +14,7 @@ from scripts.lista_urls import lista_urls
from .settings import SAPL_APPS from .settings import SAPL_APPS
pytestmark = pytest.mark.django_db pytestmark = pytest.mark.django_db
sapl_appconfs = [apps.get_app_config(n[5:]) for n in SAPL_APPS] sapl_appconfs = [apps.get_app_config(n[5:]) for n in SAPL_APPS]
@ -72,6 +73,7 @@ def create_perms_post_migrate(sapl_app_config):
] ]
Permission.objects.bulk_create(perms) Permission.objects.bulk_create(perms)
btn_login = ('<input class="btn btn-success btn-sm" ' btn_login = ('<input class="btn btn-success btn-sm" '
'type="submit" value="login" />') 'type="submit" value="login" />')
@ -259,7 +261,6 @@ apps_url_patterns_prefixs_and_users = {
} }
@pytest.mark.skip(reason="TODO: Lento demais. Precisa ser refatorado")
@pytest.mark.parametrize('url_item', _lista_urls) @pytest.mark.parametrize('url_item', _lista_urls)
def test_urlpatterns(url_item, admin_client): def test_urlpatterns(url_item, admin_client):

Loading…
Cancel
Save