paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-19 10:19:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix PassUserMixin not properly being used in DocumentViewSet

Browse Source
This commit is contained in:
shamoon 2023-05-07 16:07:48 -07:00
parent 02b2bcafc5
commit b783d2e210
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/documents/tests/test_api.py
View File

@ -3533,9 +3533,28 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
) )
def test_dynamic_permissions_fields(self): def test_dynamic_permissions_fields(self):
Document.objects.create(title="Test", content="content 1", checksum="1") user1 = User.objects.create_user(username="user1")
user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
user2 = User.objects.create_user(username="user2")
Document.objects.create(title="Test", content="content 1", checksum="1")
doc2 = Document.objects.create(
title="Test2",
content="content 2",
checksum="2",
owner=user2,
)
doc3 = Document.objects.create(
title="Test3",
content="content 3",
checksum="3",
owner=user2,
)
assign_perm("view_document", user1, doc2)
assign_perm("view_document", user1, doc3)
assign_perm("change_document", user1, doc3)
user1 = User.objects.create_superuser(username="test1")
self.client.force_authenticate(user1) self.client.force_authenticate(user1)
response = self.client.get( response = self.client.get(
@ -3549,6 +3568,9 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertNotIn("permissions", resp_data["results"][0]) self.assertNotIn("permissions", resp_data["results"][0])
self.assertIn("user_can_change", resp_data["results"][0]) self.assertIn("user_can_change", resp_data["results"][0])
self.assertEqual(resp_data["results"][0]["user_can_change"], True) # doc1
self.assertEqual(resp_data["results"][1]["user_can_change"], False) # doc2
self.assertEqual(resp_data["results"][2]["user_can_change"], True) # doc3
response = self.client.get( response = self.client.get(
"/api/documents/?full_perms=true", "/api/documents/?full_perms=true",

4
src/documents/views.py
View File

@ -270,11 +270,9 @@ class DocumentViewSet(
return Document.objects.distinct().annotate(num_notes=Count("notes")) return Document.objects.distinct().annotate(num_notes=Count("notes"))
def get_serializer(self, *args, **kwargs): def get_serializer(self, *args, **kwargs):
super().get_serializer(*args, **kwargs)
fields_param = self.request.query_params.get("fields", None) fields_param = self.request.query_params.get("fields", None)
fields = fields_param.split(",") if fields_param else None fields = fields_param.split(",") if fields_param else None
truncate_content = self.request.query_params.get("truncate_content", "False") truncate_content = self.request.query_params.get("truncate_content", "False")
serializer_class = self.get_serializer_class()
kwargs.setdefault("context", self.get_serializer_context()) kwargs.setdefault("context", self.get_serializer_context())
kwargs.setdefault("fields", fields) kwargs.setdefault("fields", fields)
kwargs.setdefault("truncate_content", truncate_content.lower() in ["true", "1"]) kwargs.setdefault("truncate_content", truncate_content.lower() in ["true", "1"])
@ -282,7 +280,7 @@ class DocumentViewSet(
"full_perms", "full_perms",
self.request.query_params.get("full_perms", False), self.request.query_params.get("full_perms", False),
) )
return serializer_class(*args, **kwargs) return super().get_serializer(*args, **kwargs)
def update(self, request, *args, **kwargs): def update(self, request, *args, **kwargs):
response = super().update(request, *args, **kwargs) response = super().update(request, *args, **kwargs)