Skip to content

Commit

Permalink
Move redirect for anonymous in the frontend (#21)
Browse files Browse the repository at this point in the history 
* Move redirect for anonymous in the frontend

* flake8

* fix tests
  • Loading branch information
@mamico
mamico authored Sep 5, 2023
1 parent 211190f commit dea814a
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 30 deletions.
3 changes: 2 additions & 1 deletion CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ Changelog
1.1.5 (unreleased)
------------------

- Nothing changed yet.
- Move redirect for anonymous in the frontend
[mamico]


1.1.4 (2023-08-31)
Expand Down
2 changes: 1 addition & 1 deletion src/design/plone/ioprenoto/adapters/stringinterp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,4 @@ def safe_call(self):
booking_folder_path = "/".join(
booking_folder.getPhysicalPath()[len(portal.getPhysicalPath()) :] # noqa
)
return f"{portal_url}/{booking_folder_path}?tab=search&SearchableText={self.context.getBookingCode()}"
return f"{portal_url}/{booking_folder_path}?tab=search&SearchableText={self.context.getBookingCode()}&login=1"
38 changes: 24 additions & 14 deletions src/design/plone/ioprenoto/restapi/serializers/ovverrides/prenotazioniFolder.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,31 +18,41 @@
@adapter(IPrenotazioniFolder, IDesignPloneIoprenotoLayer)
class SerializePrenotazioniFolderToJsonSummary(DefaultJSONSummarySerializer):
def __call__(self, *args, **kwargs):
resp = super().__call__(*args, **kwargs)
if not api.user.has_permission(
PRENOTAZIONI_MANAGE_PERMISSION,
obj=self.context,
):
self.request.response.redirect(
self.context.portal_url() + "/" + PRENOTAZIONE_APPUNTAMENTO_ADDRESS
)

return

return super().__call__(*args, **kwargs)
# XXX: this is a workaround to avoid the Unauthorized exception
return {
"@components": resp["@components"],
"@id": resp["@id"],
"@type": resp["@type"],
"layout": resp["layout"],
"title": resp["title"],
"error": "Unauthorized",
"anonymous": api.user.is_anonymous(),
}
return resp


@implementer(ISerializeToJson)
@adapter(IPrenotazioniFolder, IDesignPloneIoprenotoLayer)
class SerializePrenotazioniFolderToJson(SerializeFolderToJson):
def __call__(self, *args, **kwargs):
resp = super().__call__(*args, **kwargs)
if not api.user.has_permission(
PRENOTAZIONI_MANAGE_PERMISSION,
obj=self.context,
):
self.request.response.redirect(
self.context.portal_url() + "/" + PRENOTAZIONE_APPUNTAMENTO_ADDRESS
)

return

return super().__call__(*args, **kwargs)
# XXX: this is a workaround to avoid the Unauthorized exception
return {
"@components": resp["@components"],
"@id": resp["@id"],
"@type": resp["@type"],
"layout": resp["layout"],
"title": resp["title"],
"error": "Unauthorized",
"anonymous": api.user.is_anonymous(),
}
return resp
35 changes: 22 additions & 13 deletions src/design/plone/ioprenoto/tests/test_restapi_serializers_ovverrides_prenotazioni_folder.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,25 +67,34 @@ def tearDown(self):
self.api_session_anon.close()

def test_anon_redirected(self):
self.assertIn(
"prenotazione-appuntamenti-uffici",
self.api_session_anon.get(self.prenotazioni_folder.absolute_url()).url,
)
# self.assertIn(
# "prenotazione-appuntamenti-uffici",
# self.api_session_anon.get(self.prenotazioni_folder.absolute_url()).url,
# )
res = self.api_session_anon.get(self.prenotazioni_folder.absolute_url())
self.assertEqual(res.json()["error"], "Unauthorized")
self.assertEqual(res.json()["anonymous"], True)

def test_user_redirected(self):
self.assertIn(
"prenotazione-appuntamenti-uffici",
self.api_session_user.get(self.prenotazioni_folder.absolute_url()).url,
)
# self.assertIn(
# "prenotazione-appuntamenti-uffici",
# self.api_session_user.get(self.prenotazioni_folder.absolute_url()).url,
# )
res = self.api_session_user.get(self.prenotazioni_folder.absolute_url())
self.assertEqual(res.json()["error"], "Unauthorized")
self.assertEqual(res.json()["anonymous"], False)

def test_editor_redirected_where_cant_edit(self):
self.assertIn(
"prenotazione-appuntamenti-uffici",
self.api_session_editor.get(self.prenotazioni_folder2.absolute_url()).url,
)
# self.assertIn(
# "prenotazione-appuntamenti-uffici",
# self.api_session_editor.get(self.prenotazioni_folder2.absolute_url()).url,
# )
res = self.api_session_editor.get(self.prenotazioni_folder2.absolute_url())
self.assertEqual(res.json()["error"], "Unauthorized")
self.assertEqual(res.json()["anonymous"], False)

def test_editor_can_access_if_have_permission(self):
self.assertEquals(
self.assertEqual(
self.api_session_editor.get(self.prenotazioni_folder.absolute_url()).json()[
"@id"
],
Expand Down
2 changes: 1 addition & 1 deletion src/design/plone/ioprenoto/tests/test_stringinterp_overrides.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ def test_booking_operator_url_override(self):
getAdapter(
self.prenotazione, IStringSubstitution, "booking_operator_url"
)(),
f"{self.portal_url}/prenota-foo?tab=search&SearchableText={self.prenotazione.getBookingCode()}",
f"{self.portal_url}/prenota-foo?tab=search&SearchableText={self.prenotazione.getBookingCode()}&login=1",
)

def test_booking_print_url_override_with_custom_frontend_domain(
Expand Down

0 comments on commit dea814a

Please sign in to comment.