diff --git a/rdmo/accounts/admin.py b/rdmo/accounts/admin.py index 4e4bece4f2..ac5a14342a 100644 --- a/rdmo/accounts/admin.py +++ b/rdmo/accounts/admin.py @@ -1,4 +1,6 @@ from django.contrib import admin +from django.contrib.sites.models import Site +from django.db.models import Count, Value from .models import AdditionalField, AdditionalFieldValue, ConsentFieldValue, Role @@ -20,7 +22,34 @@ def has_add_permission(self, request, obj=None): class RoleAdmin(admin.ModelAdmin): search_fields = ('user__username', 'user__email') - list_filter = ('member', 'manager') + list_filter = ('member', 'manager', 'editor', 'reviewer') + + list_display = ('user', 'members', 'managers', 'editors', 'reviewers') + + def get_queryset(self, request): + return Role.objects.prefetch_related( + 'member', 'manager', 'editor', 'reviewer').annotate( + Count('member'), Count('manager'), Count('editor'), Count('reviewer'), + sites_count=Value(Site.objects.count()) + ) + + @staticmethod + def render_all_sites_or_join(obj, field_name: str) -> str: + if getattr(obj, f'{field_name}__count', 0) == obj.sites_count: + return 'all Sites' + return ', '.join([site.domain for site in getattr(obj, field_name).all()]) + + def members(self, obj): + return self.render_all_sites_or_join(obj, 'member') + + def managers(self, obj): + return self.render_all_sites_or_join(obj, 'manager') + + def editors(self, obj): + return self.render_all_sites_or_join(obj, 'editor') + + def reviewers(self, obj): + return self.render_all_sites_or_join(obj, 'reviewer') admin.site.register(AdditionalField, AdditionalFieldAdmin) diff --git a/rdmo/accounts/apps.py b/rdmo/accounts/apps.py index 2f28eb0b9a..b7c205ad2a 100644 --- a/rdmo/accounts/apps.py +++ b/rdmo/accounts/apps.py @@ -5,6 +5,3 @@ class AccountsConfig(AppConfig): name = 'rdmo.accounts' verbose_name = _('Accounts') - - def ready(self): - from . import rules diff --git a/rdmo/accounts/migrations/0020_add_role_editor_and_reviewer.py b/rdmo/accounts/migrations/0020_add_role_editor_and_reviewer.py new file mode 100644 index 0000000000..566f260410 --- /dev/null +++ b/rdmo/accounts/migrations/0020_add_role_editor_and_reviewer.py @@ -0,0 +1,24 @@ +# Generated by Django 3.2.16 on 2023-02-17 14:25 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('sites', '0002_alter_domain_unique'), + ('accounts', '0019_delete_proxyuser'), + ] + + operations = [ + migrations.AddField( + model_name='role', + name='editor', + field=models.ManyToManyField(blank=True, help_text='The sites for which this user is an editor.', related_name='editors', to='sites.Site', verbose_name='Editor'), + ), + migrations.AddField( + model_name='role', + name='reviewer', + field=models.ManyToManyField(blank=True, help_text='The sites for which this user is a reviewer.', related_name='reviewers', to='sites.Site', verbose_name='Reviewer'), + ), + ] diff --git a/rdmo/accounts/models.py b/rdmo/accounts/models.py index 78ad3a61be..9d9c097a76 100644 --- a/rdmo/accounts/models.py +++ b/rdmo/accounts/models.py @@ -137,6 +137,16 @@ class Role(models.Model): verbose_name=_('Manager'), help_text=_('The sites for which this user is manager.') ) + editor = models.ManyToManyField( + Site, related_name='editors', blank=True, + verbose_name=_('Editor'), + help_text=_('The sites for which this user is an editor.') + ) + reviewer = models.ManyToManyField( + Site, related_name='reviewers', blank=True, + verbose_name=_('Reviewer'), + help_text=_('The sites for which this user is a reviewer.') + ) class Meta: ordering = ('user', ) diff --git a/rdmo/accounts/rules.py b/rdmo/accounts/rules.py deleted file mode 100644 index cd0def179b..0000000000 --- a/rdmo/accounts/rules.py +++ /dev/null @@ -1,16 +0,0 @@ -import rules -from django.contrib.sites.models import Site - -from .utils import is_site_manager as is_site_manager_util - - -@rules.predicate -def is_site_manager(manager, user): - if is_site_manager_util(manager): - current_site = Site.objects.get_current() - return current_site in user.role.member.all() - else: - return False - - -rules.add_perm('auth.view_user_object', is_site_manager) diff --git a/rdmo/accounts/serializers/v1.py b/rdmo/accounts/serializers/v1.py index c78bb001c8..ed9e627b6a 100644 --- a/rdmo/accounts/serializers/v1.py +++ b/rdmo/accounts/serializers/v1.py @@ -34,13 +34,17 @@ class RoleSerializer(serializers.ModelSerializer): member = SiteSerializer(many=True) manager = SiteSerializer(many=True) + editor = SiteSerializer(many=True) + reviewer = SiteSerializer(many=True) class Meta: model = Role fields = ( 'id', 'member', - 'manager' + 'manager', + 'editor', + 'reviewer' ) diff --git a/rdmo/accounts/tests/test_admin.py b/rdmo/accounts/tests/test_admin.py new file mode 100644 index 0000000000..c5d51dc50b --- /dev/null +++ b/rdmo/accounts/tests/test_admin.py @@ -0,0 +1,13 @@ +import pytest + +from django.urls import reverse + + +roles = ('member', 'manager', 'editor', 'reviewer') + + +@pytest.mark.parametrize('role', roles) +def test_admin_accounts_role(admin_client, role): + url = reverse('admin:accounts_role_changelist') + f'?q={role}' + response = admin_client.get(url) + assert response.status_code == 200 diff --git a/rdmo/accounts/tests/test_views.py b/rdmo/accounts/tests/test_views.py index ef06426c68..30ceef5283 100644 --- a/rdmo/accounts/tests/test_views.py +++ b/rdmo/accounts/tests/test_views.py @@ -16,10 +16,24 @@ ('editor', 'editor'), ('reviewer', 'reviewer'), ('user', 'user'), + ('site', 'site'), ('api', 'api'), ('anonymous', None), ) +other_site_users = ( + 'foo-user', + 'foo-manager', + 'foo-editor', + 'foo-reviewer', + 'bar-user', + 'bar-manager', + 'bar-editor', + 'bar-reviewer', +) + +users += tuple(zip(other_site_users, other_site_users)) # add (other site users and passwords) + boolean_toggle = (True, False) diff --git a/rdmo/accounts/tests/test_viewsets.py b/rdmo/accounts/tests/test_viewsets.py index dc648067ab..10fd0369f2 100644 --- a/rdmo/accounts/tests/test_viewsets.py +++ b/rdmo/accounts/tests/test_viewsets.py @@ -3,27 +3,49 @@ from django.urls import reverse users = ( - ('site', 'site'), - ('api', 'api'), + ('site', 'site'), # site manager for all sites + ('editor', 'editor'), # editor for all sites + ('reviewer', 'reviewer'), # reviewer for all sites + ('api', 'api'), # has all roles for all sites, same as superuser + ('admin', 'admin'), # superuser ('user', 'user'), - ('anonymous', None), + ('anonymous', None) +) + +more_example_users = ( + 'example-user', + 'example-manager', + 'example-editor', + 'example-reviewer' +) + +members_from_other_sites = ( + 'other', + 'foo-user', + 'foo-manager', + 'foo-editor', + 'foo-reviewer', + 'bar-user', + 'bar-manager', + 'bar-editor', + 'bar-reviewer', ) status_map = { 'list': { - 'site': 200, 'api': 200, 'user': 200, 'anonymous': 401 + 'editor': 403, 'reviewer': 403, 'site': 403, 'api': 403, 'user': 403, 'anonymous': 401, 'admin' : 200 }, 'detail': { - 'site': 200, 'api': 200, 'user': 404, 'anonymous': 401 + 'editor': 404, 'reviewer': 404, 'site': 404, 'api': 404, 'user': 404, 'anonymous': 401, 'admin' : 200 }, 'create': { - 'site': 405, 'api': 405, 'user': 405, 'anonymous': 401 + 'editor': 403, 'reviewer': 403, 'site': 403, 'api': 403, 'user': 403, 'anonymous': 401, 'admin' : 405 }, 'update': { - 'site': 405, 'api': 405, 'user': 405, 'anonymous': 401 + 'editor': 405, 'reviewer': 405, 'site': 405, 'api': 405, 'user': 405, 'anonymous': 401, 'admin' : 405 }, 'delete': { - 'site': 405, 'api': 405, 'user': 405, 'anonymous': 401 + 'editor': 405, 'reviewer': 405, 'site': 405, 'api': 405, 'user': 405, 'anonymous': 401, 'admin' : 405 } } @@ -41,11 +63,11 @@ def test_list(db, client, username, password): response = client.get(url) assert response.status_code == status_map['list'][username], response.json() if response.status_code == 200: - if username == 'api': - assert len(response.json()) == 11 + if username == 'api' or username == 'admin': + assert len(response.json()) == get_user_model().objects.count() elif username == 'site': - # the site admin must not see the user 'other' - assert len(response.json()) == 10 + # the site manager for example.com must see only the members of example.com + assert len(response.json()) == get_user_model().objects.count() - len(members_from_other_sites) else: assert len(response.json()) == 0 @@ -54,12 +76,11 @@ def test_list(db, client, username, password): def test_detail(db, client, username, password): client.login(username=username, password=password) instances = get_user_model().objects.all() - for instance in instances: url = reverse(urlnames['detail'], args=[instance.pk]) response = client.get(url) - if username == 'site' and instance.username == 'other': - # the site admin must not see the user 'other' + if username == 'site' and not instance.role.member.filter(domain__contains='example.com').exists(): + # the site manager for example.com must see only the members of example.com assert response.status_code == 404, response.json() else: assert response.status_code == status_map['detail'][username], response.json() diff --git a/rdmo/accounts/viewsets.py b/rdmo/accounts/viewsets.py index 8cc62c19cd..baa733cb85 100644 --- a/rdmo/accounts/viewsets.py +++ b/rdmo/accounts/viewsets.py @@ -1,10 +1,11 @@ from django.contrib.auth import get_user_model -from django.contrib.sites.models import Site from django_filters.rest_framework import DjangoFilterBackend from rest_framework.viewsets import ReadOnlyModelViewSet from rdmo.core.permissions import HasModelPermission, HasObjectPermission +from rdmo.management.rules import is_editor, is_reviewer +from .models import Role from .serializers.v1 import UserSerializer from .utils import is_site_manager @@ -16,8 +17,7 @@ def get_users_for_user(self, user): if user.has_perm('auth.view_user'): return get_user_model().objects.all() elif is_site_manager(user): - current_site = Site.objects.get_current() - return get_user_model().objects.filter(role__member=current_site) + return get_user_model().objects.filter(role__member__id__in=user.role.manager.all()).distinct() return get_user_model().objects.none() @@ -36,4 +36,7 @@ class UserViewSet(UserViewSetMixin, ReadOnlyModelViewSet): def get_queryset(self): return self.get_users_for_user(self.request.user) \ - .prefetch_related('groups', 'role__member', 'role__manager', 'memberships') + .prefetch_related('groups', + 'role__member', 'role__manager', + 'role__editor', 'role__reviewer', + 'memberships') diff --git a/rdmo/conditions/admin.py b/rdmo/conditions/admin.py index 12e953f6d9..17db94527c 100644 --- a/rdmo/conditions/admin.py +++ b/rdmo/conditions/admin.py @@ -24,6 +24,7 @@ class ConditionAdmin(admin.ModelAdmin): list_display = ('uri', 'source', 'relation', 'target_text', 'target_option') readonly_fields = ('uri', ) list_filter = ('relation', ) + filter_horizontal = ('editors', ) admin.site.register(Condition, ConditionAdmin) diff --git a/rdmo/conditions/imports.py b/rdmo/conditions/imports.py index 3598459e72..e33edeaf49 100644 --- a/rdmo/conditions/imports.py +++ b/rdmo/conditions/imports.py @@ -1,5 +1,7 @@ import logging +from django.contrib.sites.models import Site + from rdmo.core.imports import (set_common_fields, set_foreign_field, validate_instance) @@ -34,5 +36,6 @@ def import_condition(element, save=False): logger.info('Condition created with uri %s.', element.get('uri')) condition.save() + condition.editors.add(Site.objects.get_current()) return condition diff --git a/rdmo/conditions/migrations/0023_condition_editors.py b/rdmo/conditions/migrations/0023_condition_editors.py new file mode 100644 index 0000000000..981a734920 --- /dev/null +++ b/rdmo/conditions/migrations/0023_condition_editors.py @@ -0,0 +1,19 @@ +# Generated by Django 3.2.16 on 2023-02-24 14:14 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('sites', '0002_alter_domain_unique'), + ('conditions', '0022_condition_locked'), + ] + + operations = [ + migrations.AddField( + model_name='condition', + name='editors', + field=models.ManyToManyField(blank=True, help_text='The sites that can edit this condition (in a multi site setup).', related_name='condition_editors', to='sites.Site', verbose_name='Editors'), + ), + ] diff --git a/rdmo/conditions/models.py b/rdmo/conditions/models.py index b89524cb86..4251305dfb 100644 --- a/rdmo/conditions/models.py +++ b/rdmo/conditions/models.py @@ -1,4 +1,5 @@ from django.conf import settings +from django.contrib.sites.models import Site from django.db import models from django.utils.translation import gettext_lazy as _ @@ -54,6 +55,11 @@ class Condition(models.Model): verbose_name=_('Locked'), help_text=_('Designates whether this condition can be changed.') ) + editors = models.ManyToManyField( + Site, related_name='%(class)s_editors', blank=True, + verbose_name=_('Editors'), + help_text=_('The sites that can edit this condition (in a multi site setup).') + ) source = models.ForeignKey( Attribute, db_constraint=False, blank=True, null=True, on_delete=models.SET_NULL, related_name='conditions', verbose_name=_('Source'), @@ -89,7 +95,7 @@ def save(self, *args, **kwargs): def copy(self, uri_prefix, key): condition = copy_model(self, uri_prefix=uri_prefix, key=key, source=self.source, target_option=self.target_option) - + return condition @property diff --git a/rdmo/conditions/serializers/v1.py b/rdmo/conditions/serializers/v1.py index 264cdf37f4..d262a3b30f 100644 --- a/rdmo/conditions/serializers/v1.py +++ b/rdmo/conditions/serializers/v1.py @@ -1,7 +1,8 @@ from rest_framework import serializers from rdmo.core.serializers import (ElementExportSerializerMixin, - ElementModelSerializerMixin) + ElementModelSerializerMixin, + ReadOnlyObjectPermissionsSerializerMixin) from rdmo.domain.models import Attribute from rdmo.options.models import OptionSet from rdmo.questions.models import Page, Question, QuestionSet @@ -11,7 +12,8 @@ from ..validators import ConditionLockedValidator, ConditionUniqueURIValidator -class ConditionSerializer(ElementModelSerializerMixin, serializers.ModelSerializer): +class ConditionSerializer(ElementModelSerializerMixin, ReadOnlyObjectPermissionsSerializerMixin, + serializers.ModelSerializer): model = serializers.SerializerMethodField() key = serializers.SlugField(required=True) @@ -23,6 +25,8 @@ class ConditionSerializer(ElementModelSerializerMixin, serializers.ModelSerializ questions = serializers.PrimaryKeyRelatedField(queryset=Question.objects.all(), required=False, many=True) tasks = serializers.PrimaryKeyRelatedField(queryset=Task.objects.all(), required=False, many=True) + read_only = serializers.SerializerMethodField() + class Meta: model = Condition fields = ( @@ -33,6 +37,8 @@ class Meta: 'key', 'comment', 'locked', + 'read_only', + 'editors', 'source', 'relation', 'target_text', diff --git a/rdmo/conditions/static/conditions/js/conditions.js b/rdmo/conditions/static/conditions/js/conditions.js index a134a215e1..f0bea5f171 100644 --- a/rdmo/conditions/static/conditions/js/conditions.js +++ b/rdmo/conditions/static/conditions/js/conditions.js @@ -14,6 +14,7 @@ angular.module('conditions', ['core']) attributes: $resource(baseurl + 'api/v1/domain/attributes/:id/'), options: $resource(baseurl + 'api/v1/options/options/:id/'), settings: $resource(baseurl + 'api/v1/core/settings/'), + sites: $resource(baseurl + 'api/v1/core/sites/') }; /* configure factories */ @@ -36,6 +37,7 @@ angular.module('conditions', ['core']) service.init = function(options) { service.relations = resources.relations.query(); service.settings = resources.settings.get(); + service.sites = resources.sites.query(); service.uri_prefixes = [] service.uri_prefix = '' service.filter = sessionStorage.getItem('conditions_filter') || ''; diff --git a/rdmo/conditions/templates/conditions/conditions.html b/rdmo/conditions/templates/conditions/conditions.html index 327ed5d093..e8a7428098 100644 --- a/rdmo/conditions/templates/conditions/conditions.html +++ b/rdmo/conditions/templates/conditions/conditions.html @@ -95,6 +95,9 @@

{% trans 'Conditions' %}

+ + {% trans 'Conditions' %} ng-click="service.openDeleteModal('conditions', condition)">
- {% trans 'Condition' %} + + {% trans 'Condition' %} + {$ condition.uri $}
@@ -136,6 +141,27 @@

{% trans 'Conditions' %}

{$ condition.description $} + {% if settings.MULTISITE %} +
+
+
+ {% trans 'Editors' %} +
+
+
    +
  • + {$ editor.name $} +
    • +
  • + {% trans 'All sites' %} +
    • +
+
+
+
+ {% endif %} + diff --git a/rdmo/conditions/templates/conditions/conditions_modal_delete_conditions.html b/rdmo/conditions/templates/conditions/conditions_modal_delete_conditions.html index 62c9f79c1c..91ce2063c9 100644 --- a/rdmo/conditions/templates/conditions/conditions_modal_delete_conditions.html +++ b/rdmo/conditions/templates/conditions/conditions_modal_delete_conditions.html @@ -36,10 +36,14 @@

+ diff --git a/rdmo/conditions/templates/conditions/conditions_modal_form_conditions.html b/rdmo/conditions/templates/conditions/conditions_modal_form_conditions.html index 8aac1247f9..94481dcb13 100644 --- a/rdmo/conditions/templates/conditions/conditions_modal_form_conditions.html +++ b/rdmo/conditions/templates/conditions/conditions_modal_form_conditions.html @@ -128,14 +128,32 @@

data-options-null="1" data-quicksearch="true"> + {% if settings.MULTISITE %} +
+ + +
+ {% endif %}

+ diff --git a/rdmo/conditions/tests/test_validator_unique_uri.py b/rdmo/conditions/tests/test_validator_unique_uri.py index a21db47eb7..d3ee53bfaf 100644 --- a/rdmo/conditions/tests/test_validator_unique_uri.py +++ b/rdmo/conditions/tests/test_validator_unique_uri.py @@ -20,7 +20,7 @@ def test_unique_uri_validator_create_error(db): with pytest.raises(ValidationError): ConditionUniqueURIValidator()({ 'uri_prefix': settings.DEFAULT_URI_PREFIX, - 'key': Condition.objects.last().key + 'uri_path': Condition.objects.last().key }) @@ -39,7 +39,7 @@ def test_unique_uri_validator_update_error(db): with pytest.raises(ValidationError): ConditionUniqueURIValidator(condition)({ 'uri_prefix': condition.uri_prefix, - 'key': Condition.objects.last().key + 'uri_path': Condition.objects.last().key }) @@ -60,7 +60,7 @@ def test_unique_uri_validator_serializer_create_error(db): with pytest.raises(RestFameworkValidationError): validator({ 'uri_prefix': settings.DEFAULT_URI_PREFIX, - 'key': Condition.objects.last().key + 'uri_path': Condition.objects.last().key }) @@ -85,5 +85,5 @@ def test_unique_uri_validator_serializer_update_error(db): with pytest.raises(RestFameworkValidationError): validator({ 'uri_prefix': condition.uri_prefix, - 'key': Condition.objects.last().key + 'uri_path': Condition.objects.last().key }) diff --git a/rdmo/conditions/tests/test_viewset_condition.py b/rdmo/conditions/tests/test_viewset_condition.py index ac38453c4b..478e699439 100644 --- a/rdmo/conditions/tests/test_viewset_condition.py +++ b/rdmo/conditions/tests/test_viewset_condition.py @@ -7,7 +7,7 @@ users = ( ('editor', 'editor'), - ('editor', 'editor'), + ('reviewer', 'reviewer'), ('user', 'user'), ('api', 'api'), ('anonymous', None), @@ -18,16 +18,19 @@ 'editor': 200, 'reviewer': 200, 'api': 200, 'user': 403, 'anonymous': 401 }, 'detail': { - 'editor': 200, 'reviewer': 200, 'api': 200, 'user': 403, 'anonymous': 401 + 'editor': 200, 'reviewer': 200, 'api': 200, 'user': 404, 'anonymous': 401 }, 'create': { 'editor': 201, 'reviewer': 403, 'api': 201, 'user': 403, 'anonymous': 401 }, 'update': { - 'editor': 200, 'reviewer': 403, 'api': 200, 'user': 403, 'anonymous': 401 + 'editor': 200, 'reviewer': 403, 'api': 200, 'user': 404, 'anonymous': 401 }, 'delete': { - 'editor': 204, 'reviewer': 403, 'api': 204, 'user': 403, 'anonymous': 401 + 'editor': 204, 'reviewer': 403, 'api': 204, 'user': 404, 'anonymous': 401 + }, + 'copy': { + 'editor': 201, 'reviewer': 403, 'api': 201, 'user': 404, 'anonymous': 401 } } @@ -282,7 +285,7 @@ def test_detail_export(db, client, username, password, export_format): url = reverse(urlnames['detail_export'], args=[instance.pk]) + export_format + '/' response = client.get(url) - assert response.status_code == status_map['list'][username], response.content + assert response.status_code == status_map['detail'][username], response.content if response.status_code == 200 and export_format == 'xml': root = et.fromstring(response.content) @@ -303,7 +306,7 @@ def test_copy(db, client, username, password): 'key': instance.key + '-' } response = client.put(url, data, content_type='application/json') - assert response.status_code == status_map['create'][username], response.json() + assert response.status_code == status_map['copy'][username], response.json() @pytest.mark.parametrize('username,password', users) @@ -318,7 +321,7 @@ def test_copy_wrong(db, client, username, password): } response = client.put(url, data, content_type='application/json') - if status_map['create'][username] == 201: + if status_map['copy'][username] == 201: assert response.status_code == 400, response.json() else: - assert response.status_code == status_map['create'][username], response.json() + assert response.status_code == status_map['copy'][username], response.json() diff --git a/rdmo/conditions/tests/test_viewset_condition_multisite.py b/rdmo/conditions/tests/test_viewset_condition_multisite.py new file mode 100644 index 0000000000..08d064c049 --- /dev/null +++ b/rdmo/conditions/tests/test_viewset_condition_multisite.py @@ -0,0 +1,295 @@ +import xml.etree.ElementTree as et + +import pytest +from django.urls import reverse + +from ..models import Condition + +from .test_viewset_condition import export_formats + +from ...core.tests import multisite_status_map as status_map +from ...core.tests import multisite_users as users +from ...core.tests import get_obj_perms_status_code + +from .test_viewset_condition import urlnames + + +@pytest.mark.parametrize('username,password', users) +def test_list(db, client, username, password): + client.login(username=username, password=password) + + url = reverse(urlnames['list']) + response = client.get(url) + assert response.status_code == status_map['list'][username], response.json() + + +@pytest.mark.parametrize('username,password', users) +def test_index(db, client, username, password): + client.login(username=username, password=password) + + url = reverse(urlnames['index']) + response = client.get(url) + assert response.status_code == status_map['list'][username], response.json() + + +@pytest.mark.parametrize('username,password', users) +@pytest.mark.parametrize('export_format', export_formats) +def test_export(db, client, username, password, export_format): + client.login(username=username, password=password) + + url = reverse(urlnames['export']) + export_format + '/' + response = client.get(url) + assert response.status_code == status_map['list'][username], response.content + + if response.status_code == 200 and export_format == 'xml': + root = et.fromstring(response.content) + assert root.tag == 'rdmo' + for child in root: + assert child.tag in ['condition'] + + +@pytest.mark.parametrize('username,password', users) +def test_detail(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + url = reverse(urlnames['detail'], args=[instance.pk]) + response = client.get(url) + assert response.status_code == status_map['detail'][username], response.json() + + +@pytest.mark.parametrize('username,password', users) +def test_create(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '' + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + +@pytest.mark.parametrize('username,password', users) +def test_create_optionset(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + optionset = instance.optionsets.first() + if optionset: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '', + 'optionsets': [optionset.id] + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + if response.status_code == 201: + new_instance = Condition.objects.get(id=response.json().get('id')) + assert [optionset.id] == [optionset.id for optionset in new_instance.optionsets.all()] + + +@pytest.mark.parametrize('username,password', users) +def test_create_page(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + page = instance.pages.first() + if page: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '', + 'pages': [page.id] + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + if response.status_code == 201: + new_instance = Condition.objects.get(id=response.json().get('id')) + assert [page.id] == [page.id for page in new_instance.pages.all()] + + +@pytest.mark.parametrize('username,password', users) +def test_create_questionset(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + questionset = instance.questionsets.first() + if questionset: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '', + 'questionsets': [questionset.id] + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + if response.status_code == 201: + new_instance = Condition.objects.get(id=response.json().get('id')) + assert [questionset.id] == [questionset.id for questionset in new_instance.questionsets.all()] + + +@pytest.mark.parametrize('username,password', users) +def test_create_question(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + question = instance.questions.first() + if question: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '', + 'questions': [question.id] + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + if response.status_code == 201: + new_instance = Condition.objects.get(id=response.json().get('id')) + assert [question.id] == [question.id for question in new_instance.questions.all()] + + +@pytest.mark.parametrize('username,password', users) +def test_create_task(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + task = instance.tasks.first() + if task: + url = reverse(urlnames['list']) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': '%s_new_%s' % (instance.key, username), + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else '', + 'tasks': [task.id] + } + response = client.post(url, data) + assert response.status_code == status_map['create'][username], response.json() + + if response.status_code == 201: + new_instance = Condition.objects.get(id=response.json().get('id')) + assert [task.id] == [task.id for task in new_instance.tasks.all()] + + +@pytest.mark.parametrize('username,password', users) +def test_update(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + url = reverse(urlnames['detail'], args=[instance.pk]) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': instance.key, + 'comment': instance.comment, + 'source': instance.source.pk, + 'relation': instance.relation, + 'target_text': instance.target_text, + 'target_option': instance.target_option.pk if instance.target_option else None + } + response = client.put(url, data, content_type='application/json') + assert response.status_code == get_obj_perms_status_code(instance, username, 'update'), response.json() + + +@pytest.mark.parametrize('username,password', users) +def test_delete(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + url = reverse(urlnames['detail'], args=[instance.pk]) + response = client.delete(url) + assert response.status_code == get_obj_perms_status_code(instance, username, 'delete'), response.json() + + +@pytest.mark.parametrize('username,password', users) +@pytest.mark.parametrize('export_format', export_formats) +def test_detail_export(db, client, username, password, export_format): + client.login(username=username, password=password) + instance = Condition.objects.first() + + url = reverse(urlnames['detail_export'], args=[instance.pk]) + export_format + '/' + response = client.get(url) + assert response.status_code == status_map['detail'][username], response.content + + if response.status_code == 200 and export_format == 'xml': + root = et.fromstring(response.content) + assert root.tag == 'rdmo' + for child in root: + assert child.tag in ['condition'] + + +@pytest.mark.parametrize('username,password', users) +def test_copy(db, client, username, password): + client.login(username=username, password=password) + instances = Condition.objects.all() + + for instance in instances: + url = reverse(urlnames['copy'], args=[instance.pk]) + data = { + 'uri_prefix': instance.uri_prefix + '-', + 'key': instance.key + '-' + } + response = client.put(url, data, content_type='application/json') + assert response.status_code == get_obj_perms_status_code(instance, username, 'copy'), response.json() + + +@pytest.mark.parametrize('username,password', users) +def test_copy_wrong(db, client, username, password): + client.login(username=username, password=password) + instance = Condition.objects.first() + + url = reverse(urlnames['copy'], args=[instance.pk]) + data = { + 'uri_prefix': instance.uri_prefix, + 'key': instance.key + } + response = client.put(url, data, content_type='application/json') + + if status_map['copy'][username] == 201: + assert response.status_code == 400, response.json() + else: + assert response.status_code == get_obj_perms_status_code(instance, username, 'copy'), response.json() diff --git a/rdmo/conditions/tests/test_viewset_relation.py b/rdmo/conditions/tests/test_viewset_relation.py index 65cbf647e7..7ff7baefcf 100644 --- a/rdmo/conditions/tests/test_viewset_relation.py +++ b/rdmo/conditions/tests/test_viewset_relation.py @@ -3,7 +3,7 @@ users = ( ('editor', 'editor'), - ('editor', 'editor'), + ('reviewer', 'reviewer'), ('user', 'user'), ('api', 'api'), ('anonymous', None), diff --git a/rdmo/conditions/viewsets.py b/rdmo/conditions/viewsets.py index 42d4974542..6334c30c6d 100644 --- a/rdmo/conditions/viewsets.py +++ b/rdmo/conditions/viewsets.py @@ -6,7 +6,7 @@ from rest_framework.viewsets import ModelViewSet from rdmo.core.exports import XMLResponse -from rdmo.core.permissions import HasModelPermission +from rdmo.core.permissions import HasModelPermission, HasObjectPermission from rdmo.core.utils import is_truthy, render_to_format from rdmo.core.views import ChoicesViewSet from rdmo.core.viewsets import CopyModelMixin @@ -19,9 +19,10 @@ class ConditionViewSet(CopyModelMixin, ModelViewSet): - permission_classes = (HasModelPermission, ) + permission_classes = (HasModelPermission | HasObjectPermission, ) queryset = Condition.objects.select_related('source', 'target_option') \ - .prefetch_related('optionsets', 'pages', 'questionsets', 'questions', 'tasks') + .prefetch_related('optionsets', 'pages', 'questionsets', + 'questions', 'tasks', 'editors') filter_backends = (SearchFilter, DjangoFilterBackend) search_fields = ('uri', ) @@ -44,7 +45,7 @@ def index(self, request): serializer = ConditionIndexSerializer(queryset, many=True) return Response(serializer.data) - @action(detail=False, url_path='export(/(?P[a-z]+))?', permission_classes=[HasModelPermission]) + @action(detail=False, url_path='export(/(?P[a-z]+))?') def export(self, request, export_format='xml'): queryset = self.filter_queryset(self.get_queryset()) if export_format == 'xml': @@ -56,7 +57,7 @@ def export(self, request, export_format='xml'): 'conditions': queryset }) - @action(detail=True, url_path='export(/(?P[a-z]+))?', permission_classes=[HasModelPermission]) + @action(detail=True, url_path='export(/(?P[a-z]+))?') def detail_export(self, request, pk=None, export_format='xml'): if export_format == 'xml': serializer = ConditionExportSerializer(self.get_object()) diff --git a/rdmo/core/assets/js/api/BaseApi.js b/rdmo/core/assets/js/api/BaseApi.js index bb12a748c6..0f12feacb9 100644 --- a/rdmo/core/assets/js/api/BaseApi.js +++ b/rdmo/core/assets/js/api/BaseApi.js @@ -16,14 +16,14 @@ function ValidationError(errors) { class BaseApi { static get(url) { - return fetch(url).then(response => { + return fetch(url).catch(error => { + throw new ApiError(error.message) + }).then(response => { if (response.ok) { return response.json() } else { throw new ApiError(response.statusText, response.status) } - }).catch(error => { - throw new ApiError(error.message) }) } @@ -35,6 +35,8 @@ class BaseApi { 'X-CSRFToken': Cookies.get('csrftoken') }, body: JSON.stringify(data) + }).catch(error => { + throw new ApiError(error.message) }).then(response => { if (response.ok) { return response.json() @@ -45,8 +47,6 @@ class BaseApi { } else { throw new ApiError(response.statusText, response.status) } - }).catch(error => { - throw new ApiError(error.message) }) } @@ -58,6 +58,8 @@ class BaseApi { 'X-CSRFToken': Cookies.get('csrftoken') }, body: JSON.stringify(data) + }).catch(error => { + throw new ApiError(error.message) }).then(response => { if (response.ok) { return response.json() @@ -68,8 +70,6 @@ class BaseApi { } else { throw new ApiError(response.statusText, response.status) } - }).catch(error => { - throw new ApiError(error.message) }) } @@ -80,6 +80,8 @@ class BaseApi { 'Content-Type': 'application/json', 'X-CSRFToken': Cookies.get('csrftoken') } + }).catch(error => { + throw new ApiError(error.message) }).then(response => { if (response.ok) { return null @@ -90,8 +92,6 @@ class BaseApi { } else { throw new ApiError(response.statusText, response.status) } - }).catch(error => { - throw new ApiError(error.message) }) } @@ -105,6 +105,8 @@ class BaseApi { 'X-CSRFToken': Cookies.get('csrftoken') }, body: formData + }).catch(error => { + throw new ApiError(error.message) }).then(response => { if (response.ok) { return response.json() @@ -115,8 +117,6 @@ class BaseApi { } else { throw new ApiError(response.statusText, response.status) } - }).catch(error => { - throw new ApiError(error.message) }) } diff --git a/rdmo/core/assets/js/components/Link.js b/rdmo/core/assets/js/components/Link.js index 670e6e08b7..220eceb4db 100644 --- a/rdmo/core/assets/js/components/Link.js +++ b/rdmo/core/assets/js/components/Link.js @@ -1,14 +1,21 @@ import React from 'react' import PropTypes from 'prop-types' +import classNames from 'classnames' -const Link = ({ href='', title, className, onClick, children }) => { +const Link = ({ href='', title, className, disabled=false, onClick, children }) => { const handleClick = (event) => { event.preventDefault() - onClick() + if (!disabled) onClick() } + const classnames = classNames({ + [className]: true, + disabled: disabled + }) + return ( - handleClick(event)}> + handleClick(event)}> {children} ) @@ -18,6 +25,7 @@ Link.propTypes = { href: PropTypes.string, title: PropTypes.string, className: PropTypes.string, + disabled: PropTypes.bool, onClick: PropTypes.func.isRequired, children: PropTypes.oneOfType([PropTypes.arrayOf(PropTypes.node), PropTypes.node]) } diff --git a/rdmo/core/permissions.py b/rdmo/core/permissions.py index 7e87b8cedf..d86bcb1b44 100644 --- a/rdmo/core/permissions.py +++ b/rdmo/core/permissions.py @@ -1,6 +1,5 @@ import logging -from django.core.exceptions import ObjectDoesNotExist from rest_framework.permissions import (DjangoModelPermissions, DjangoObjectPermissions) @@ -38,6 +37,9 @@ class HasModelPermission(DjangoModelPermissions): @log_result def has_permission(self, request, view): + if not (request.user and request.user.is_authenticated): + return False + return super().has_permission(request, view) @log_result @@ -72,28 +74,4 @@ def has_permission(self, request, view): # the permission will be checked on object level (in the next step) return True else: - try: - # for list or create we need to check the permission object from the view - # and check that the user has the correct permission on this object - permission_object = view.get_list_permission_object() - return super().has_object_permission(request, view, permission_object) - except ObjectDoesNotExist: - # return False if the database query fails - return False - except AttributeError: - # return True if the function is not defined in the view - # the permission will be checked on object level (in the next step) - return True - - @log_result - def has_object_permission(self, request, view, obj): - # get the permission object from the view - try: - permission_object = view.get_detail_permission_object(obj) - return super().has_object_permission(request, view, permission_object) - except ObjectDoesNotExist: - # return False if the database query fails return False - except AttributeError: - # just take the input obj if the function is not defined in the view - return super().has_object_permission(request, view, obj) diff --git a/rdmo/core/serializers.py b/rdmo/core/serializers.py index e1a07cee79..d56859ff55 100644 --- a/rdmo/core/serializers.py +++ b/rdmo/core/serializers.py @@ -1,3 +1,5 @@ +import logging + from django.contrib.auth.models import Group from django.contrib.sites.models import Site from django.db.models import Max @@ -7,6 +9,7 @@ from rdmo.core.utils import get_language_warning, get_languages, markdown2html +logger = logging.getLogger(__name__) class RecursiveField(serializers.Serializer): @@ -189,6 +192,38 @@ def get_warning(self, obj): return any([get_language_warning(obj, field_name) for field_name in self.Meta.warning_fields]) +class ReadOnlyObjectPermissionsSerializerMixin: + ''' + A mixin class for Serializers that adds a boolean field with the name read_only. + It checks the object permissions based on the model of the serializer. + + Requires: + - the request object in the context kwargs of the Serializer call: + ..., context={'request': request} + - so that this mixin has self.context['request'] + + In the Serializer class add: + read_only = serializers.SerializerMethodField(read_only=True) + and the field to fields: + read_only + ''' + + OBJECT_PERMISSION_ACTION_NAMES = ('change', 'delete') + + @staticmethod + def construct_object_permission(model, action_name: str) -> str: + model_app_label = model._meta.app_label + model_name = model._meta.model_name + perm = '%s.%s_%s_object' % (model_app_label, action_name, model_name) + return perm + + def get_read_only(self, obj) -> bool: + user = self.context['request'].user + perms = (self.construct_object_permission(self.Meta.model, action_name) + for action_name in self.OBJECT_PERMISSION_ACTION_NAMES) + return not all(user.has_perm(perm, obj) for perm in perms) + + class SiteSerializer(serializers.ModelSerializer): class Meta: diff --git a/rdmo/core/templates/core/base_navigation.html b/rdmo/core/templates/core/base_navigation.html index 1cb7a2da4a..48fafd5498 100644 --- a/rdmo/core/templates/core/base_navigation.html +++ b/rdmo/core/templates/core/base_navigation.html @@ -14,18 +14,14 @@ {{ request.site.name }}
+ - {% trans 'Attribute' %} + + {% trans 'Attribute' %} + {$ attribute.uri $} diff --git a/rdmo/domain/templates/domain/domain_modal_delete_attributes.html b/rdmo/domain/templates/domain/domain_modal_delete_attributes.html index daa15898e6..f2a63ece1c 100644 --- a/rdmo/domain/templates/domain/domain_modal_delete_attributes.html +++ b/rdmo/domain/templates/domain/domain_modal_delete_attributes.html @@ -64,10 +64,14 @@

+ diff --git a/rdmo/domain/templates/domain/domain_modal_form_attributes.html b/rdmo/domain/templates/domain/domain_modal_form_attributes.html index c845e5c91c..ee43510e5b 100644 --- a/rdmo/domain/templates/domain/domain_modal_form_attributes.html +++ b/rdmo/domain/templates/domain/domain_modal_form_attributes.html @@ -100,13 +100,30 @@

data-quicksearch="true">

+ {% if settings.MULTISITE %} +
+ + +
+ {% endif %} -
+ - diff --git a/rdmo/domain/templates/domain/domain_options.html b/rdmo/domain/templates/domain/domain_options.html index e95110215c..c04be18824 100644 --- a/rdmo/domain/templates/domain/domain_options.html +++ b/rdmo/domain/templates/domain/domain_options.html @@ -1,6 +1,9 @@ {% load i18n %} + + ( ) -const SaveButton = ({ elementAction, onClick, back }) => { +const SaveButton = ({ elementAction, onClick, disabled=false, back=false }) => { let text, className = 'element-button btn btn-xs' if (elementAction == 'create') { text = back ? gettext('Create') : gettext('Create and continue editing') @@ -21,7 +21,7 @@ const SaveButton = ({ elementAction, onClick, back }) => { } return ( - ) @@ -30,6 +30,7 @@ const SaveButton = ({ elementAction, onClick, back }) => { SaveButton.propTypes = { elementAction: PropTypes.string, onClick: PropTypes.func.isRequired, + disabled: PropTypes.bool, back: PropTypes.bool } @@ -43,14 +44,15 @@ NewButton.propTypes = { onClick: PropTypes.func.isRequired } -const DeleteButton = ({ onClick }) => ( - ) DeleteButton.propTypes = { - onClick: PropTypes.func.isRequired + onClick: PropTypes.func.isRequired, + disabled: PropTypes.bool } export { BackButton, SaveButton, NewButton, DeleteButton } diff --git a/rdmo/management/assets/js/components/common/DragAndDrop.js b/rdmo/management/assets/js/components/common/DragAndDrop.js index 9abd89c476..5281290b46 100644 --- a/rdmo/management/assets/js/components/common/DragAndDrop.js +++ b/rdmo/management/assets/js/components/common/DragAndDrop.js @@ -3,7 +3,7 @@ import { useDrag, useDrop } from 'react-dnd' import PropTypes from 'prop-types' import classNames from 'classnames' -const Drag = ({ element }) => { +const Drag = ({ element, show=true }) => { const dragRef = useRef(null) const [{}, drag] = useDrag(() => ({ @@ -13,13 +13,14 @@ const Drag = ({ element }) => { drag(dragRef) - return + return show && } Drag.propTypes = { - element: PropTypes.object.isRequired + element: PropTypes.object.isRequired, + show: PropTypes.bool } const Drop = ({ element, elementActions, indent=0, mode='in', children=null }) => { diff --git a/rdmo/management/assets/js/components/common/Icons.js b/rdmo/management/assets/js/components/common/Icons.js new file mode 100644 index 0000000000..6456be6de4 --- /dev/null +++ b/rdmo/management/assets/js/components/common/Icons.js @@ -0,0 +1,15 @@ +import React from 'react' +import PropTypes from 'prop-types' + +const ReadOnlyIcon = ({ title, show }) => { + return show && ( + + ) +} + +ReadOnlyIcon.propTypes = { + title: PropTypes.string.isRequired, + show: PropTypes.bool +} + +export { ReadOnlyIcon } diff --git a/rdmo/management/assets/js/components/common/Links.js b/rdmo/management/assets/js/components/common/Links.js index 22c33d9ce6..df0c99b0f5 100644 --- a/rdmo/management/assets/js/components/common/Links.js +++ b/rdmo/management/assets/js/components/common/Links.js @@ -7,14 +7,15 @@ import isUndefined from 'lodash/isUndefined' import Link from 'rdmo/core/assets/js/components/Link' import LinkButton from 'rdmo/core/assets/js/components/LinkButton' -const NestedLink = ({ href, title, onClick }) => { - return +const NestedLink = ({ href, title, onClick, show=true }) => { + return show && } NestedLink.propTypes = { href: PropTypes.string.isRequired, title: PropTypes.string.isRequired, - onClick: PropTypes.func.isRequired + onClick: PropTypes.func.isRequired, + show: PropTypes.bool } const EditLink = ({ href, title, onClick }) => { @@ -27,7 +28,7 @@ EditLink.propTypes = { onClick: PropTypes.func.isRequired } -const CopyLink = ({ href, title, onClick}) => { +const CopyLink = ({ href, title, onClick }) => { return } @@ -37,9 +38,9 @@ CopyLink.propTypes = { onClick: PropTypes.func.isRequired } -const AddLink = ({ title, altTitle, onClick, onAltClick }) => { +const AddLink = ({ title, altTitle, onClick, onAltClick, disabled }) => { if (isUndefined(onAltClick)) { - return + return } else { return ( @@ -61,10 +62,11 @@ AddLink.propTypes = { title: PropTypes.string.isRequired, altTitle: PropTypes.string, onClick: PropTypes.func.isRequired, - onAltClick: PropTypes.func + onAltClick: PropTypes.func, + disabled: PropTypes.bool } -const AvailableLink = ({ available, locked, title, onClick }) => { +const AvailableLink = ({ available, locked, title, onClick, disabled }) => { const className = classNames({ 'element-btn-link fa': true, 'fa-toggle-on': available, @@ -72,30 +74,32 @@ const AvailableLink = ({ available, locked, title, onClick }) => { }) return + disabled={locked || disabled} onClick={onClick} /> } AvailableLink.propTypes = { available: PropTypes.bool.isRequired, locked: PropTypes.bool.isRequired, title: PropTypes.string.isRequired, - onClick: PropTypes.func.isRequired + onClick: PropTypes.func.isRequired, + disabled: PropTypes.bool } -const LockedLink = ({ locked, title, onClick }) => { +const LockedLink = ({ locked, title, onClick, disabled }) => { const className = classNames({ 'element-btn-link fa': true, 'fa-lock text-danger': locked, 'fa-unlock-alt': !locked }) - return + return } LockedLink.propTypes = { locked: PropTypes.bool.isRequired, title: PropTypes.string.isRequired, - onClick: PropTypes.func.isRequired + onClick: PropTypes.func.isRequired, + disabled: PropTypes.bool } const ExportLink = ({ exportUrl, title, exportFormats, csv=false, full=false }) => { diff --git a/rdmo/management/assets/js/components/edit/EditAttribute.js b/rdmo/management/assets/js/components/edit/EditAttribute.js index 39893fbbb2..8355caf91c 100644 --- a/rdmo/management/assets/js/components/edit/EditAttribute.js +++ b/rdmo/management/assets/js/components/edit/EditAttribute.js @@ -1,5 +1,6 @@ import React from 'react' import PropTypes from 'prop-types' +import get from 'lodash/get' import Checkbox from './common/Checkbox' import Select from './common/Select' @@ -8,6 +9,7 @@ import Textarea from './common/Textarea' import UriPrefix from './common/UriPrefix' import { BackButton, SaveButton, DeleteButton } from '../common/Buttons' +import { ReadOnlyIcon } from '../common/Icons' import AttributeInfo from '../info/AttributeInfo' import DeleteAttributeModal from '../modals/DeleteAttributeModal' @@ -16,6 +18,7 @@ import useDeleteModal from '../../hooks/useDeleteModal' const EditAttribute = ({ config, attribute, elements, elementActions }) => { + const { sites } = config const { elementAction, parent, attributes } = elements const editAttribute = (attribute) => elementActions.fetchElement('attributes', attribute) @@ -31,9 +34,10 @@ const EditAttribute = ({ config, attribute, elements, elementActions }) => {
+ - - + +
{ attribute.id ? <> @@ -106,15 +110,18 @@ const EditAttribute = ({ config, attribute, elements, elementActions }) => { }
- - + +
- {attribute.id && } + {attribute.id && }
{
+ - - + +
{ catalog.id ? <> @@ -102,15 +104,18 @@ const EditCatalog = ({ config, catalog, elements, elementActions }) => { {get(config, 'settings.multisite') && }
- - + +
- {catalog.id && } + {catalog.id && }
{ - const { relations } = config + const { sites, relations } = config const { elementAction, parent, attributes, options } = elements const updateCondition = (key, value) => elementActions.updateElement(condition, {[key]: value}) @@ -36,9 +38,10 @@ const EditCondition = ({ config, condition, elements, elementActions }) => {
+ - - + +
{ condition.id ? <> @@ -118,15 +121,18 @@ const EditCondition = ({ config, condition, elements, elementActions }) => { }
- - + +
- {condition.id && } + {condition.id && }
{ + const { sites } = config const { elementAction, parent } = elements const updateOption = (key, value) => elementActions.updateElement(option, {[key]: value}) @@ -30,9 +34,10 @@ const EditOption = ({ config, option, elements, elementActions }) => {
+ - - + +
{ option.id ? <> @@ -96,15 +101,18 @@ const EditOption = ({ config, option, elements, elementActions }) => { )) } + + {get(config, 'settings.multisite') && + + {get(config, 'settings.multisite') && }
- - + +
- {page.id && } + {page.id && }
{ - const { widgetTypes, valueTypes } = config + const { sites, widgetTypes, valueTypes } = config const { elementAction, parent, attributes, optionsets, options, conditions } = elements const updateQuestion = (key, value) => elementActions.updateElement(question, {[key]: value}) @@ -42,9 +44,10 @@ const EditQuestion = ({ config, question, elements, elementActions}) => {
+ - - + +
{ question.id ? <> @@ -199,16 +202,23 @@ const EditQuestion = ({ config, question, elements, elementActions}) => {
+ { + get(config, 'settings.multisite') && + + }
- - + +
- {questionset.id && } + {questionset.id && }
{ + const { sites } = config const { elementAction, parent, pages } = elements const updateSection = (key, value) => elementActions.updateElement(section, {[key]: value}) @@ -34,9 +38,10 @@ const EditSection = ({ config, section, elements, elementActions }) => {
+ - - + +
{ section.id ? <> @@ -92,15 +97,18 @@ const EditSection = ({ config, section, elements, elementActions }) => { + + {get(config, 'settings.multisite') && } + + {get(config, 'settings.multisite') && } + {get(config, 'settings.multisite') && onChange(field, !checked)} /> {label} diff --git a/rdmo/management/assets/js/components/edit/common/CodeMirror.js b/rdmo/management/assets/js/components/edit/common/CodeMirror.js index 08f54502cb..9c402b8b27 100644 --- a/rdmo/management/assets/js/components/edit/common/CodeMirror.js +++ b/rdmo/management/assets/js/components/edit/common/CodeMirror.js @@ -29,7 +29,7 @@ const CodeMirror = ({ config, element, field, onChange }) => { onChange(field, value)} /> + onChange={(value) => onChange(field, value)} disabled={element.read_only} /> {help &&

{help}

} diff --git a/rdmo/management/assets/js/components/edit/common/MultiSelect.js b/rdmo/management/assets/js/components/edit/common/MultiSelect.js index 908240e43f..0feb6a2d38 100644 --- a/rdmo/management/assets/js/components/edit/common/MultiSelect.js +++ b/rdmo/management/assets/js/components/edit/common/MultiSelect.js @@ -67,12 +67,13 @@ const MultiSelect = ({ config, element, field, options, verboseName, onChange, o { onEdit &&
handleEdit(index)} /> - handleRemove(index)} /> + handleRemove(index)} + disabled={element.read_only} />
} handleChange(option, index)} />
) @@ -80,12 +81,12 @@ const MultiSelect = ({ config, element, field, options, verboseName, onChange, o }
- { - onCreate && } diff --git a/rdmo/management/assets/js/components/edit/common/Number.js b/rdmo/management/assets/js/components/edit/common/Number.js index 5a47330764..10488d3ac4 100644 --- a/rdmo/management/assets/js/components/edit/common/Number.js +++ b/rdmo/management/assets/js/components/edit/common/Number.js @@ -26,7 +26,7 @@ const Number = ({ config, element, field, onChange }) => {
- onChange(field, event.target.value)} /> {help &&

{help}

} diff --git a/rdmo/management/assets/js/components/edit/common/OrderedMultiSelect.js b/rdmo/management/assets/js/components/edit/common/OrderedMultiSelect.js index 504ae806f5..7609663927 100644 --- a/rdmo/management/assets/js/components/edit/common/OrderedMultiSelect.js +++ b/rdmo/management/assets/js/components/edit/common/OrderedMultiSelect.js @@ -15,7 +15,7 @@ import Link from 'rdmo/core/assets/js/components/Link' import { getId, getLabel, getHelp } from 'rdmo/management/assets/js/utils/forms' -const OrderedMultiSelectItem = ({ index, field, selectValue, selectOptions, errors, +const OrderedMultiSelectItem = ({ index, field, selectValue, selectOptions, errors, disabled, handleChange, handleEdit, handleRemove, handleDrag }) => { const dragRef = useRef(null) const dropRef = useRef(null) @@ -42,8 +42,15 @@ const OrderedMultiSelectItem = ({ index, field, selectValue, selectOptions, erro 'over': isOver }) - drag(dragRef) - drop(dropRef) + const dragClassName = classNames({ + 'fa fa-arrows drag': true, + disabled: disabled + }) + + if (!disabled) { + drag(dragRef) + drop(dropRef) + } const styles = { container: provided => ({...provided, marginRight: 8 + 12 + 4 + 11 + 4 + 14}) @@ -53,15 +60,17 @@ const OrderedMultiSelectItem = ({ index, field, selectValue, selectOptions, erro <>
- handleEdit(index)} /> - handleRemove(index)} /> - + handleEdit(index)} /> + !disabled && handleRemove(index)} /> +
handleChange(option, index)} - menuPortalTarget={document.body} styles={styles} /> + menuPortalTarget={document.body} styles={styles} isDisabled={disabled} />
{ errors && errors[index] && @@ -222,22 +231,25 @@ class OrderedMultiSelect extends Component { selectValue={selectValue} selectOptions={selectOptions} errors={errors} handleChange={this.handleChange} handleEdit={this.handleEdit} handleRemove={this.handleRemove} - handleDrag={this.handleDrag} /> + handleDrag={this.handleDrag} disabled={element.read_only} /> ) }) }
- { - onCreate && } { - onAltCreate && } @@ -254,6 +266,7 @@ OrderedMultiSelectItem.propTypes = { selectValue: PropTypes.object, selectOptions: PropTypes.array, errors: PropTypes.object, + disabled: PropTypes.bool, handleChange: PropTypes.func, handleEdit: PropTypes.func, handleRemove: PropTypes.func, diff --git a/rdmo/management/assets/js/components/edit/common/Select.js b/rdmo/management/assets/js/components/edit/common/Select.js index 9fa916ae73..8998798047 100644 --- a/rdmo/management/assets/js/components/edit/common/Select.js +++ b/rdmo/management/assets/js/components/edit/common/Select.js @@ -60,7 +60,7 @@ const Select = ({ config, element, field, options, verboseName, isMulti, onChang + onChange={handleChange} styles={styles} isDisabled={element.read_only} />
{ diff --git a/rdmo/management/assets/js/components/edit/common/Text.js b/rdmo/management/assets/js/components/edit/common/Text.js index 20f20fd6d1..c249bd11fb 100644 --- a/rdmo/management/assets/js/components/edit/common/Text.js +++ b/rdmo/management/assets/js/components/edit/common/Text.js @@ -26,7 +26,7 @@ const Text = ({ config, element, field, onChange }) => {
- onChange(field, event.target.value)} /> {help &&

{help}

} diff --git a/rdmo/management/assets/js/components/edit/common/Textarea.js b/rdmo/management/assets/js/components/edit/common/Textarea.js index 4690a2260d..b6530f2c74 100644 --- a/rdmo/management/assets/js/components/edit/common/Textarea.js +++ b/rdmo/management/assets/js/components/edit/common/Textarea.js @@ -26,7 +26,7 @@ const Textarea = ({ config, element, field, rows, onChange }) => {
-