Make sure only owner see the delete map button

This commit is contained in:
Yohan Boniface 2023-09-13 12:00:20 +02:00
parent ddada8fb2b
commit 6b269125d4
2 changed files with 52 additions and 16 deletions

View file

@ -1713,20 +1713,28 @@ L.U.Map.include({
_advancedActions: function (container) { _advancedActions: function (container) {
const advancedActions = L.DomUtil.createFieldset(container, L._('Advanced actions')) const advancedActions = L.DomUtil.createFieldset(container, L._('Advanced actions'))
const advancedButtons = L.DomUtil.create('div', 'button-bar half', advancedActions) const advancedButtons = L.DomUtil.create('div', 'button-bar half', advancedActions)
const del = L.DomUtil.create('a', 'button umap-delete', advancedButtons) if (this.permissions.isOwner()) {
del.href = '#' const del = L.DomUtil.create('a', 'button umap-delete', advancedButtons)
del.textContent = L._('Delete') del.href = '#'
L.DomEvent.on(del, 'click', L.DomEvent.stop).on(del, 'click', this.del, this) del.title = L._('Delete map')
del.textContent = L._('Delete')
L.DomEvent.on(del, 'click', L.DomEvent.stop).on(del, 'click', this.del, this)
const empty = L.DomUtil.create('a', 'button umap-empty', advancedButtons)
empty.href = '#'
empty.textContent = L._('Empty')
empty.title = L._('Delete all layers')
L.DomEvent.on(empty, 'click', L.DomEvent.stop).on(
empty,
'click',
this.empty,
this
)
}
const clone = L.DomUtil.create('a', 'button umap-clone', advancedButtons) const clone = L.DomUtil.create('a', 'button umap-clone', advancedButtons)
clone.href = '#' clone.href = '#'
clone.textContent = L._('Clone') clone.textContent = L._('Clone')
clone.title = L._('Clone this map') clone.title = L._('Clone this map')
L.DomEvent.on(clone, 'click', L.DomEvent.stop).on(clone, 'click', this.clone, this) L.DomEvent.on(clone, 'click', L.DomEvent.stop).on(clone, 'click', this.clone, this)
const empty = L.DomUtil.create('a', 'button umap-empty', advancedButtons)
empty.href = '#'
empty.textContent = L._('Empty')
empty.title = L._('Delete all layers')
L.DomEvent.on(empty, 'click', L.DomEvent.stop).on(empty, 'click', this.empty, this)
const download = L.DomUtil.create('a', 'button umap-download', advancedButtons) const download = L.DomUtil.create('a', 'button umap-download', advancedButtons)
download.href = '#' download.href = '#'
download.textContent = L._('Download') download.textContent = L._('Download')

View file

@ -9,15 +9,15 @@ pytestmark = pytest.mark.django_db
@pytest.fixture @pytest.fixture
def login(context, user, settings, live_server): def login(context, settings, live_server):
def do_login(username): def do_login(user):
# TODO use storage state to do login only once per session # TODO use storage state to do login only once per session
# https://playwright.dev/python/docs/auth # https://playwright.dev/python/docs/auth
settings.ENABLE_ACCOUNT_LOGIN = True settings.ENABLE_ACCOUNT_LOGIN = True
page = context.new_page() page = context.new_page()
page.goto(f"{live_server.url}/en/") page.goto(f"{live_server.url}/en/")
page.locator(".login").click() page.locator(".login").click()
page.get_by_placeholder("Username").fill(username) page.get_by_placeholder("Username").fill(user.username)
page.get_by_placeholder("Password").fill("123123") page.get_by_placeholder("Password").fill("123123")
page.locator('#login_form input[type="submit"]').click() page.locator('#login_form input[type="submit"]').click()
sleep(1) # Time for ajax login POST to proceed sleep(1) # Time for ajax login POST to proceed
@ -27,7 +27,7 @@ def login(context, user, settings, live_server):
def test_map_update_with_owner(map, live_server, login): def test_map_update_with_owner(map, live_server, login):
page = login(map.owner.username) page = login(map.owner)
page.goto(f"{live_server.url}{map.get_absolute_url()}") page.goto(f"{live_server.url}{map.get_absolute_url()}")
map_el = page.locator("#map") map_el = page.locator("#map")
expect(map_el).to_be_visible() expect(map_el).to_be_visible()
@ -74,7 +74,7 @@ def test_map_update_with_anonymous_but_editable_datalayer(
def test_owner_permissions_form(map, datalayer, live_server, login): def test_owner_permissions_form(map, datalayer, live_server, login):
page = login(map.owner.username) page = login(map.owner)
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit") page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
edit_permissions = page.get_by_title("Update permissions and editors") edit_permissions = page.get_by_title("Update permissions and editors")
expect(edit_permissions).to_be_visible() expect(edit_permissions).to_be_visible()
@ -93,7 +93,7 @@ def test_owner_permissions_form(map, datalayer, live_server, login):
def test_map_update_with_editor(map, live_server, login, user): def test_map_update_with_editor(map, live_server, login, user):
map.editors.add(user) map.editors.add(user)
map.save() map.save()
page = login(user.username) page = login(user)
page.goto(f"{live_server.url}{map.get_absolute_url()}") page.goto(f"{live_server.url}{map.get_absolute_url()}")
map_el = page.locator("#map") map_el = page.locator("#map")
expect(map_el).to_be_visible() expect(map_el).to_be_visible()
@ -115,7 +115,7 @@ def test_map_update_with_editor(map, live_server, login, user):
def test_permissions_form_with_editor(map, datalayer, live_server, login, user): def test_permissions_form_with_editor(map, datalayer, live_server, login, user):
map.editors.add(user) map.editors.add(user)
map.save() map.save()
page = login(user.username) page = login(user)
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit") page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
edit_permissions = page.get_by_title("Update permissions and editors") edit_permissions = page.get_by_title("Update permissions and editors")
expect(edit_permissions).to_be_visible() expect(edit_permissions).to_be_visible()
@ -129,3 +129,31 @@ def test_permissions_form_with_editor(map, datalayer, live_server, login, user):
expect(editors_field).to_be_visible() expect(editors_field).to_be_visible()
datalayer_label = page.get_by_text('Who can edit "Donau"') datalayer_label = page.get_by_text('Who can edit "Donau"')
expect(datalayer_label).to_be_visible() expect(datalayer_label).to_be_visible()
def test_owner_has_delete_map_button(map, live_server, login):
page = login(map.owner)
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
settings = page.get_by_title("Edit map settings")
expect(settings).to_be_visible()
settings.click()
advanced = page.get_by_text("Advanced actions")
expect(advanced).to_be_visible()
advanced.click()
delete = page.get_by_role("link", name="Delete")
expect(delete).to_be_visible()
def test_editor_do_not_have_delete_map_button(map, live_server, login, user):
map.editors.add(user)
map.save()
page = login(user)
page.goto(f"{live_server.url}{map.get_absolute_url()}?edit")
settings = page.get_by_title("Edit map settings")
expect(settings).to_be_visible()
settings.click()
advanced = page.get_by_text("Advanced actions")
expect(advanced).to_be_visible()
advanced.click()
delete = page.get_by_role("link", name="Delete")
expect(delete).to_be_hidden()