[autoform] fix appearance of link to add inlined creation form
On entity creation, if there are some local permissions on the relation,
we have no way of checking them since neither the subject nor the object
of the relation exists yet. In such a case, we should add the link by
default, for consistency (see other places where we use
`may_have_permission`).
Closes #6711900
--- a/web/test/unittest_views_editforms.py Thu Oct 08 11:47:15 2015 +0200
+++ b/web/test/unittest_views_editforms.py Wed Sep 09 08:32:49 2015 +0200
@@ -20,6 +20,8 @@
from cubicweb.devtools.testlib import CubicWebTC
from cubicweb.web.views import uicfg
from cubicweb.web.formwidgets import AutoCompletionWidget
+from cubicweb.schema import RRQLExpression
+
AFFK = uicfg.autoform_field_kwargs
AFS = uicfg.autoform_section
@@ -179,6 +181,29 @@
autoform = self.vreg['forms'].select('edition', req, entity=req.user)
self.assertEqual(list(autoform.inlined_form_views()), [])
+ def test_check_inlined_rdef_permissions(self):
+ # try to check permissions when creating an entity ('user' below is a
+ # fresh entity without an eid)
+ with self.admin_access.web_request() as req:
+ ttype = 'EmailAddress'
+ rschema = self.schema['use_email']
+ rdef = rschema.rdefs[('CWUser', ttype)]
+ tschema = self.schema[ttype]
+ role = 'subject'
+ with self.temporary_permissions((rdef, {'add': ()})):
+ user = self.vreg['etypes'].etype_class('CWUser')(req)
+ autoform = self.vreg['forms'].select('edition', req, entity=user)
+ self.assertFalse(autoform.check_inlined_rdef_permissions(rschema, role,
+ tschema, ttype))
+ # we actually don't care about the actual expression,
+ # may_have_permission only checks the presence of such expressions
+ expr = RRQLExpression('S use_email O')
+ with self.temporary_permissions((rdef, {'add': (expr,)})):
+ user = self.vreg['etypes'].etype_class('CWUser')(req)
+ autoform = self.vreg['forms'].select('edition', req, entity=user)
+ self.assertTrue(autoform.check_inlined_rdef_permissions(rschema, role,
+ tschema, ttype))
+
class FormViewsTC(CubicWebTC):
--- a/web/views/autoform.py Thu Oct 08 11:47:15 2015 +0200
+++ b/web/views/autoform.py Wed Sep 09 08:32:49 2015 +0200
@@ -952,6 +952,8 @@
def check_inlined_rdef_permissions(self, rschema, role, tschema, ttype):
"""return true if permissions are granted on the inlined object and
relation"""
+ if not tschema.has_perm(self._cw, 'add'):
+ return False
entity = self.edited_entity
rdef = entity.e_schema.rdef(rschema, role, ttype)
if entity.has_eid():
@@ -959,10 +961,8 @@
rdefkwargs = {'fromeid': entity.eid}
else:
rdefkwargs = {'toeid': entity.eid}
- else:
- rdefkwargs = {}
- return (tschema.has_perm(self._cw, 'add')
- and rdef.has_perm(self._cw, 'add', **rdefkwargs))
+ return rdef.has_perm(self._cw, 'add', **rdefkwargs)
+ return rdef.may_have_permission('add', self._cw)
def should_hide_add_new_relation_link(self, rschema, card):