[web/views] Fix `has_editable_relation` predicate wrt inlined relations
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 08 Oct 2015 12:13:35 +0200
changeset 10635 2b1cb1ba8df5
parent 10634 06a43f727601
child 10636 a9e9daf77598
[web/views] Fix `has_editable_relation` predicate wrt inlined relations Prevents the "modify" action from being shown when there is nothing to edit.
web/test/unittest_views_actions.py
web/views/actions.py
--- a/web/test/unittest_views_actions.py	Wed Sep 02 15:31:18 2015 +0200
+++ b/web/test/unittest_views_actions.py	Thu Oct 08 12:13:35 2015 +0200
@@ -21,6 +21,7 @@
 from cubicweb.devtools.testlib import CubicWebTC
 from cubicweb.web.views import actions, uicfg
 
+
 class ActionsTC(CubicWebTC):
     def test_view_action(self):
         with self.admin_access.web_request(vid='rss', rql='CWUser X') as req:
@@ -33,12 +34,31 @@
         """ensure has_editable_relation predicate used by ModifyAction
         return positive score if there is only some inlined forms
         """
+        # The schema only allows the anonymous user to modify his/her own
+        # EmailAddress if it is set, not to create one. Since the 'anon' CWUser
+        # entity is created without any associated EmailAddress entities, there
+        # are no attributes nor relations that can be edited: the "modify"
+        # action should not appear.
+        with self.new_access('anon').web_request() as req:
+            predicate = actions.has_editable_relation()
+            self.assertEqual(predicate(None, req, rset=req.user.as_rset()),
+                             0)
+        # being allowed to 'add' the relation is not enough
         use_email = self.schema['use_email'].rdefs['CWUser', 'EmailAddress']
         with self.temporary_permissions((use_email, {'add': ('guests',)})):
             with self.new_access('anon').web_request() as req:
                 predicate = actions.has_editable_relation()
                 self.assertEqual(predicate(None, req, rset=req.user.as_rset()),
+                                 0)
+        # if we also allow creating the target etype, then the "modify" action
+        # should appear
+        with self.temporary_permissions((use_email, {'add': ('guests',)}),
+                                        EmailAddress={'add': ('guests',)}):
+            with self.new_access('anon').web_request() as req:
+                predicate = actions.has_editable_relation()
+                self.assertEqual(predicate(None, req, rset=req.user.as_rset()),
                                  1)
 
+
 if __name__ == '__main__':
     unittest_main()
--- a/web/views/actions.py	Wed Sep 02 15:31:18 2015 +0200
+++ b/web/views/actions.py	Thu Oct 08 12:13:35 2015 +0200
@@ -50,7 +50,7 @@
                                                entity=entity, mainform=False)
         for dummy in form.editable_relations():
             return 1
-        for dummy in form.inlined_relations():
+        for dummy in form.inlined_form_views():
             return 1
         for dummy in form.editable_attributes(strict=True):
             return 1