Normalize perms to root

This commit is contained in:
shamoon
2026-02-12 19:58:03 -08:00
parent d9603840ac
commit 1df0201a2f
2 changed files with 41 additions and 4 deletions

View File

@@ -465,6 +465,39 @@ class TestDocumentVersioningApi(DirectoriesMixin, APITestCase):
self.assertEqual(overrides.version_label, "New Version") self.assertEqual(overrides.version_label, "New Version")
self.assertEqual(overrides.actor_id, self.user.id) self.assertEqual(overrides.actor_id, self.user.id)
def test_update_version_with_version_pk_normalizes_to_root(self) -> None:
root = Document.objects.create(
title="root",
checksum="root",
mime_type="application/pdf",
)
version = Document.objects.create(
title="v1",
checksum="v1",
mime_type="application/pdf",
root_document=root,
)
upload = self._make_pdf_upload()
async_task = mock.Mock()
async_task.id = "task-123"
with mock.patch("documents.views.consume_file") as consume_mock:
consume_mock.delay.return_value = async_task
resp = self.client.post(
f"/api/documents/{version.id}/update_version/",
{"document": upload, "version_label": " New Version "},
format="multipart",
)
self.assertEqual(resp.status_code, status.HTTP_200_OK)
self.assertEqual(resp.data, "task-123")
consume_mock.delay.assert_called_once()
input_doc, overrides = consume_mock.delay.call_args[0]
self.assertEqual(input_doc.root_document_id, root.id)
self.assertEqual(overrides.version_label, "New Version")
self.assertEqual(overrides.actor_id, self.user.id)
def test_update_version_returns_500_on_consume_failure(self) -> None: def test_update_version_returns_500_on_consume_failure(self) -> None:
root = Document.objects.create( root = Document.objects.create(
title="root", title="root",

View File

@@ -1573,11 +1573,15 @@ class DocumentViewSet(
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
try: try:
doc = Document.objects.select_related("owner").get(pk=pk) request_doc = Document.objects.select_related(
"owner",
"root_document",
).get(pk=pk)
root_doc = get_root_document(request_doc)
if request.user is not None and not has_perms_owner_aware( if request.user is not None and not has_perms_owner_aware(
request.user, request.user,
"change_document", "change_document",
doc, root_doc,
): ):
return HttpResponseForbidden("Insufficient permissions") return HttpResponseForbidden("Insufficient permissions")
except Document.DoesNotExist: except Document.DoesNotExist:
@@ -1602,7 +1606,7 @@ class DocumentViewSet(
input_doc = ConsumableDocument( input_doc = ConsumableDocument(
source=DocumentSource.ApiUpload, source=DocumentSource.ApiUpload,
original_file=temp_file_path, original_file=temp_file_path,
root_document_id=doc.pk, root_document_id=root_doc.pk,
) )
overrides = DocumentMetadataOverrides() overrides = DocumentMetadataOverrides()
@@ -1616,7 +1620,7 @@ class DocumentViewSet(
overrides, overrides,
) )
logger.debug( logger.debug(
f"Updated document {doc.id} with new version", f"Updated document {root_doc.id} with new version",
) )
return Response(async_task.id) return Response(async_task.id)
except Exception as e: except Exception as e: