studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛(backend) fix dysfunctional permissions on document create

Browse Source 
When creating a document access, users were benefitting on the targeted
document from the highest access right they have among all documents.
This is because we forgot to filter on the document ID when retrieving
the role of the user. We improved all tests to secure this issue.
This commit is contained in:
Samuel Paccoud - DINUM
2024-10-11 20:42:16 +02:00
committed by Samuel Paccoud
parent bbcb5e0cf1
commit 1fc3029d12
14 changed files with 114 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/core/factories.py
View File

@@ -27,6 +27,24 @@ class UserFactory(factory.django.DjangoModelFactory):
language = factory.fuzzy.FuzzyChoice([lang[0] for lang in settings.LANGUAGES])
password = make_password("password")
@factory.post_generation
def with_owned_document(self, create, extracted, **kwargs):
"""
Create a document for which the user is owner to check
that there is no interference
"""
if create and (extracted is True):
UserDocumentAccessFactory(user=self, role="owner")
@factory.post_generation
def with_owned_template(self, create, extracted, **kwargs):
"""
Create a template for which the user is owner to check
that there is no interference
"""
if create and (extracted is True):
UserTemplateAccessFactory(user=self, role="owner")
class DocumentFactory(factory.django.DjangoModelFactory):
"""A factory to create documents"""