Make sure only owner see the delete map button
This commit is contained in:
parent
ddada8fb2b
commit
6b269125d4
2 changed files with 52 additions and 16 deletions
|
@ -1713,20 +1713,28 @@ L.U.Map.include({
|
||||||
_advancedActions: function (container) {
|
_advancedActions: function (container) {
|
||||||
const advancedActions = L.DomUtil.createFieldset(container, L._('Advanced actions'))
|
const advancedActions = L.DomUtil.createFieldset(container, L._('Advanced actions'))
|
||||||
const advancedButtons = L.DomUtil.create('div', 'button-bar half', advancedActions)
|
const advancedButtons = L.DomUtil.create('div', 'button-bar half', advancedActions)
|
||||||
|
if (this.permissions.isOwner()) {
|
||||||
const del = L.DomUtil.create('a', 'button umap-delete', advancedButtons)
|
const del = L.DomUtil.create('a', 'button umap-delete', advancedButtons)
|
||||||
del.href = '#'
|
del.href = '#'
|
||||||
|
del.title = L._('Delete map')
|
||||||
del.textContent = L._('Delete')
|
del.textContent = L._('Delete')
|
||||||
L.DomEvent.on(del, 'click', L.DomEvent.stop).on(del, 'click', this.del, this)
|
L.DomEvent.on(del, 'click', L.DomEvent.stop).on(del, 'click', this.del, this)
|
||||||
|
const empty = L.DomUtil.create('a', 'button umap-empty', advancedButtons)
|
||||||
|
empty.href = '#'
|
||||||
|
empty.textContent = L._('Empty')
|
||||||
|
empty.title = L._('Delete all layers')
|
||||||
|
L.DomEvent.on(empty, 'click', L.DomEvent.stop).on(
|
||||||
|
empty,
|
||||||
|
'click',
|
||||||
|
this.empty,
|
||||||
|
this
|
||||||
|
)
|
||||||
|
}
|
||||||
const clone = L.DomUtil.create('a', 'button umap-clone', advancedButtons)
|
const clone = L.DomUtil.create('a', 'button umap-clone', advancedButtons)
|
||||||
clone.href = '#'
|
clone.href = '#'
|
||||||
clone.textContent = L._('Clone')
|
clone.textContent = L._('Clone')
|
||||||
clone.title = L._('Clone this map')
|
clone.title = L._('Clone this map')
|
||||||
L.DomEvent.on(clone, 'click', L.DomEvent.stop).on(clone, 'click', this.clone, this)
|
L.DomEvent.on(clone, 'click', L.DomEvent.stop).on(clone, 'click', this.clone, this)
|
||||||
const empty = L.DomUtil.create('a', 'button umap-empty', advancedButtons)
|
|
||||||
empty.href = '#'
|
|
||||||
empty.textContent = L._('Empty')
|
|
||||||
empty.title = L._('Delete all layers')
|
|
||||||
L.DomEvent.on(empty, 'click', L.DomEvent.stop).on(empty, 'click', this.empty, this)
|
|
||||||
const download = L.DomUtil.create('a', 'button umap-download', advancedButtons)
|
const download = L.DomUtil.create('a', 'button umap-download', advancedButtons)
|
||||||
download.href = '#'
|
download.href = '#'
|
||||||
download.textContent = L._('Download')
|
download.textContent = L._('Download')
|
||||||
|
|
|
@ -9,15 +9,15 @@ pytestmark = pytest.mark.django_db
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def login(context, user, settings, live_server):
|
def login(context, settings, live_server):
|
||||||
def do_login(username):
|
def do_login(user):
|
||||||
# TODO use storage state to do login only once per session
|
# TODO use storage state to do login only once per session
|
||||||
# https://playwright.dev/python/docs/auth
|
# https://playwright.dev/python/docs/auth
|
||||||
settings.ENABLE_ACCOUNT_LOGIN = True
|
settings.ENABLE_ACCOUNT_LOGIN = True
|
||||||
page = context.new_page()
|
page = context.new_page()
|
||||||
page.goto(f"{live_server.url}/en/")
|
page.goto(f"{live_server.url}/en/")
|
||||||
page.locator(".login").click()
|
page.locator(".login").click()
|
||||||
page.get_by_placeholder("Username").fill(username)
|
page.get_by_placeholder("Username").fill(user.username)
|
||||||
page.get_by_placeholder("Password").fill("123123")
|
page.get_by_placeholder("Password").fill("123123")
|
||||||
page.locator('#login_form input[type="submit"]').click()
|
page.locator('#login_form input[type="submit"]').click()
|
||||||
sleep(1) # Time for ajax login POST to proceed
|
sleep(1) # Time for ajax login POST to proceed
|
||||||
|
@ -27,7 +27,7 @@ def login(context, user, settings, live_server):
|
||||||
|
|
||||||
|
|
||||||
def test_map_update_with_owner(map, live_server, login):
|
def test_map_update_with_owner(map, live_server, login):
|
||||||
page = login(map.owner.username)
|
page = login(map.owner)
|
||||||
page.goto(f"{live_server.url}{map.get_absolute_url()}")
|
page.goto(f"{live_server.url}{map.get_absolute_url()}")
|
||||||
map_el = page.locator("#map")
|
map_el = page.locator("#map")
|
||||||
expect(map_el).to_be_visible()
|
expect(map_el).to_be_visible()
|
||||||
|
@ -74,7 +74,7 @@ def test_map_update_with_anonymous_but_editable_datalayer(
|
||||||
|
|
||||||
|
|
||||||
def test_owner_permissions_form(map, datalayer, live_server, login):
|
def test_owner_permissions_form(map, datalayer, live_server, login):
|
||||||
page = login(map.owner.username)
|
page = login(map.owner)
|
||||||
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
||||||
edit_permissions = page.get_by_title("Update permissions and editors")
|
edit_permissions = page.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
|
@ -93,7 +93,7 @@ def test_owner_permissions_form(map, datalayer, live_server, login):
|
||||||
def test_map_update_with_editor(map, live_server, login, user):
|
def test_map_update_with_editor(map, live_server, login, user):
|
||||||
map.editors.add(user)
|
map.editors.add(user)
|
||||||
map.save()
|
map.save()
|
||||||
page = login(user.username)
|
page = login(user)
|
||||||
page.goto(f"{live_server.url}{map.get_absolute_url()}")
|
page.goto(f"{live_server.url}{map.get_absolute_url()}")
|
||||||
map_el = page.locator("#map")
|
map_el = page.locator("#map")
|
||||||
expect(map_el).to_be_visible()
|
expect(map_el).to_be_visible()
|
||||||
|
@ -115,7 +115,7 @@ def test_map_update_with_editor(map, live_server, login, user):
|
||||||
def test_permissions_form_with_editor(map, datalayer, live_server, login, user):
|
def test_permissions_form_with_editor(map, datalayer, live_server, login, user):
|
||||||
map.editors.add(user)
|
map.editors.add(user)
|
||||||
map.save()
|
map.save()
|
||||||
page = login(user.username)
|
page = login(user)
|
||||||
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
||||||
edit_permissions = page.get_by_title("Update permissions and editors")
|
edit_permissions = page.get_by_title("Update permissions and editors")
|
||||||
expect(edit_permissions).to_be_visible()
|
expect(edit_permissions).to_be_visible()
|
||||||
|
@ -129,3 +129,31 @@ def test_permissions_form_with_editor(map, datalayer, live_server, login, user):
|
||||||
expect(editors_field).to_be_visible()
|
expect(editors_field).to_be_visible()
|
||||||
datalayer_label = page.get_by_text('Who can edit "Donau"')
|
datalayer_label = page.get_by_text('Who can edit "Donau"')
|
||||||
expect(datalayer_label).to_be_visible()
|
expect(datalayer_label).to_be_visible()
|
||||||
|
|
||||||
|
|
||||||
|
def test_owner_has_delete_map_button(map, live_server, login):
|
||||||
|
page = login(map.owner)
|
||||||
|
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
||||||
|
settings = page.get_by_title("Edit map settings")
|
||||||
|
expect(settings).to_be_visible()
|
||||||
|
settings.click()
|
||||||
|
advanced = page.get_by_text("Advanced actions")
|
||||||
|
expect(advanced).to_be_visible()
|
||||||
|
advanced.click()
|
||||||
|
delete = page.get_by_role("link", name="Delete")
|
||||||
|
expect(delete).to_be_visible()
|
||||||
|
|
||||||
|
|
||||||
|
def test_editor_do_not_have_delete_map_button(map, live_server, login, user):
|
||||||
|
map.editors.add(user)
|
||||||
|
map.save()
|
||||||
|
page = login(user)
|
||||||
|
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
|
||||||
|
settings = page.get_by_title("Edit map settings")
|
||||||
|
expect(settings).to_be_visible()
|
||||||
|
settings.click()
|
||||||
|
advanced = page.get_by_text("Advanced actions")
|
||||||
|
expect(advanced).to_be_visible()
|
||||||
|
advanced.click()
|
||||||
|
delete = page.get_by_role("link", name="Delete")
|
||||||
|
expect(delete).to_be_hidden()
|
||||||
|
|
Loading…
Reference in a new issue