paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-02 13:45:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: correct set owner API location in docs, additional test (#4366)

Browse Source 
* Fix location of owner in API documentation

* Add additional test for setting another owner
This commit is contained in:
shamoon 2023-10-13 09:16:17 -07:00 committed by GitHub
parent 226c771735
commit e4054d684c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 58 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/api.md
View File

@ -272,11 +272,12 @@ consumption including the ID of a created document if consumption succeeded.
## Permissions ## Permissions
All objects (documents, tags, etc.) allow setting object-level permissions All objects (documents, tags, etc.) allow setting object-level permissions
with an optional `set_permissions` parameter which is of the form: with optional `owner` and / or a `set_permissions` parameters which are of
the form:
``` ```
{ "owner": ...,
"owner": user_id, "set_permissions": {
"view": { "view": {
"users": [...], "users": [...],
"groups": [...], "groups": [...],
@ -292,7 +293,7 @@ with an optional `set_permissions` parameter which is of the form:
Arrays should contain user or group ID numbers. Arrays should contain user or group ID numbers.
If this parameter is supplied the object's permissions will be overwritten, If these parameters are supplied the object's permissions will be overwritten,
assuming the authenticated user has permission to do so (the user must be assuming the authenticated user has permission to do so (the user must be
the object owner or a superuser). the object owner or a superuser).

45
src/documents/tests/test_api.py
View File

@ -4154,6 +4154,51 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertEqual(checker.has_perm("view_tag", tag1), True) self.assertEqual(checker.has_perm("view_tag", tag1), True)
self.assertIn("view_tag", get_perms(group1, tag1)) self.assertIn("view_tag", get_perms(group1, tag1))
def test_api_set_other_owner_w_permissions(self):
"""
GIVEN:
- API request to create an object (Tag)
WHEN:
- a different owner than is logged in is set
- view > groups is set
THEN:
- Object permissions are set appropriately
"""
user1 = User.objects.create_superuser(username="user1")
user2 = User.objects.create(username="user2")
group1 = Group.objects.create(name="group1")
self.client.force_authenticate(user1)
response = self.client.post(
"/api/tags/",
json.dumps(
{
"name": "test1",
"matching_algorithm": MatchingModel.MATCH_AUTO,
"owner": user2.id,
"set_permissions": {
"view": {
"users": None,
"groups": [group1.id],
},
"change": {
"users": None,
"groups": None,
},
},
},
),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
tag1 = Tag.objects.filter(name="test1").first()
self.assertEqual(tag1.owner, user2)
self.assertIn("view_tag", get_perms(group1, tag1))
def test_api_set_doc_permissions(self): def test_api_set_doc_permissions(self):
""" """
GIVEN: GIVEN: