From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Wed, 10 May 2023 15:18:08 +0000 (-0700) Subject: Merge pull request #3347 from paperless-ngx/fix/issue-3346 X-Git-Tag: v1.14.5~1^2~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f78f212a77b3e485b1de3e85dfc8f540666d3cef;p=thirdparty%2Fpaperless-ngx.git Merge pull request #3347 from paperless-ngx/fix/issue-3346 Fix: default frontend to current owner, allow setting no owner on create --- f78f212a77b3e485b1de3e85dfc8f540666d3cef diff --cc src/documents/tests/test_api.py index dd872fe78e,325ba38147..6c08b69555 --- a/src/documents/tests/test_api.py +++ b/src/documents/tests/test_api.py @@@ -3550,29 -3532,81 +3550,100 @@@ class TestApiAuth(DirectoriesMixin, API status.HTTP_404_NOT_FOUND, ) + def test_api_set_permissions(self): + """ + GIVEN: + - API request to create an object (Tag) that supplies set_permissions object + WHEN: + - owner is passed as null or as a user id + - view > users is set + THEN: + - Object permissions are set appropriately + """ + user1 = User.objects.create_superuser(username="user1") + user2 = User.objects.create(username="user2") + + self.client.force_authenticate(user1) + + response = self.client.post( + "/api/tags/", + json.dumps( + { + "name": "test1", + "matching_algorithm": MatchingModel.MATCH_AUTO, + "set_permissions": { + "owner": None, + "view": { + "users": None, + "groups": None, + }, + "change": { + "users": None, + "groups": None, + }, + }, + }, + ), + content_type="application/json", + ) + + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + + tag1 = Tag.objects.filter(name="test1").first() + self.assertEqual(tag1.owner, None) + + response = self.client.post( + "/api/tags/", + json.dumps( + { + "name": "test2", + "matching_algorithm": MatchingModel.MATCH_AUTO, + "set_permissions": { + "owner": user1.id, + "view": { + "users": [user2.id], + "groups": None, + }, + "change": { + "users": None, + "groups": None, + }, + }, + }, + ), + content_type="application/json", + ) + + tag2 = Tag.objects.filter(name="test2").first() + + from guardian.core import ObjectPermissionChecker + + checker = ObjectPermissionChecker(user2) + self.assertEqual(checker.has_perm("view_tag", tag2), True) + def test_dynamic_permissions_fields(self): + user1 = User.objects.create_user(username="user1") + user1.user_permissions.add(*Permission.objects.filter(codename="view_document")) + user2 = User.objects.create_user(username="user2") + Document.objects.create(title="Test", content="content 1", checksum="1") + doc2 = Document.objects.create( + title="Test2", + content="content 2", + checksum="2", + owner=user2, + ) + doc3 = Document.objects.create( + title="Test3", + content="content 3", + checksum="3", + owner=user2, + ) + + assign_perm("view_document", user1, doc2) + assign_perm("view_document", user1, doc3) + assign_perm("change_document", user1, doc3) - user1 = User.objects.create_superuser(username="test1") self.client.force_authenticate(user1) response = self.client.get(