studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(backend) simplify roles by returning only the max role

Browse Source 
We were returning the list of roles a user has on a document (direct
and inherited). Now that we introduced priority on roles, we are able
to determine what is the max role and return only this one.

This commit also changes the role that is returned for the restricted
reach: we now return None because the role is not relevant in this
case.
This commit is contained in:
Samuel Paccoud - DINUM
2025-04-25 08:03:12 +02:00
committed by Anthony LC
parent 0a9a583a67
commit 611ba496d2
14 changed files with 406 additions and 351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/core/tests/documents/test_api_documents_children_create.py
View File

@@ -98,7 +98,9 @@ def test_api_documents_children_create_authenticated_success(reach, role, depth)
if i == 0:
document = factories.DocumentFactory(link_reach=reach, link_role=role)
else:
document = factories.DocumentFactory(parent=document, link_role="reader")
document = factories.DocumentFactory(
parent=document, link_reach="restricted"
)
response = client.post(
f"/api/v1.0/documents/{document.id!s}/children/",

125
src/backend/core/tests/documents/test_api_documents_children_list.py
View File

@@ -14,13 +14,18 @@ from core import factories
pytestmark = pytest.mark.django_db
def test_api_documents_children_list_anonymous_public_standalone():
def test_api_documents_children_list_anonymous_public_standalone(
django_assert_num_queries,
):
"""Anonymous users should be allowed to retrieve the children of a public document."""
document = factories.DocumentFactory(link_reach="public")
child1, child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(8):
APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(4):
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
assert response.status_code == 200
assert response.json() == {
@@ -44,7 +49,7 @@ def test_api_documents_children_list_anonymous_public_standalone():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(AnonymousUser()),
@@ -62,13 +67,13 @@ def test_api_documents_children_list_anonymous_public_standalone():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
def test_api_documents_children_list_anonymous_public_parent():
def test_api_documents_children_list_anonymous_public_parent(django_assert_num_queries):
"""
Anonymous users should be allowed to retrieve the children of a document who
has a public ancestor.
@@ -83,7 +88,10 @@ def test_api_documents_children_list_anonymous_public_parent():
child1, child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(9):
APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(5):
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/children/")
assert response.status_code == 200
assert response.json() == {
@@ -107,7 +115,7 @@ def test_api_documents_children_list_anonymous_public_parent():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(AnonymousUser()),
@@ -125,7 +133,7 @@ def test_api_documents_children_list_anonymous_public_parent():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -149,7 +157,7 @@ def test_api_documents_children_list_anonymous_restricted_or_authenticated(reach
@pytest.mark.parametrize("reach", ["public", "authenticated"])
def test_api_documents_children_list_authenticated_unrelated_public_or_authenticated(
reach,
reach, django_assert_num_queries
):
"""
Authenticated users should be able to retrieve the children of a public/authenticated
@@ -163,9 +171,13 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
child1, child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
with django_assert_num_queries(9):
client.get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(5):
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
assert response.status_code == 200
assert response.json() == {
"count": 2,
@@ -188,7 +200,7 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(user),
@@ -206,7 +218,7 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -214,7 +226,7 @@ def test_api_documents_children_list_authenticated_unrelated_public_or_authentic
@pytest.mark.parametrize("reach", ["public", "authenticated"])
def test_api_documents_children_list_authenticated_public_or_authenticated_parent(
reach,
reach, django_assert_num_queries
):
"""
Authenticated users should be allowed to retrieve the children of a document who
@@ -231,7 +243,11 @@ def test_api_documents_children_list_authenticated_public_or_authenticated_paren
child1, child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(10):
client.get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(6):
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
assert response.status_code == 200
assert response.json() == {
@@ -255,7 +271,7 @@ def test_api_documents_children_list_authenticated_public_or_authenticated_paren
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(user),
@@ -273,13 +289,15 @@ def test_api_documents_children_list_authenticated_public_or_authenticated_paren
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
def test_api_documents_children_list_authenticated_unrelated_restricted():
def test_api_documents_children_list_authenticated_unrelated_restricted(
django_assert_num_queries,
):
"""
Authenticated users should not be allowed to retrieve the children of a document that is
restricted and to which they are not related.
@@ -293,16 +311,20 @@ def test_api_documents_children_list_authenticated_unrelated_restricted():
child1, _child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
with django_assert_num_queries(2):
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
def test_api_documents_children_list_authenticated_related_direct():
def test_api_documents_children_list_authenticated_related_direct(
django_assert_num_queries,
):
"""
Authenticated users should be allowed to retrieve the children of a document
to which they are directly related whatever the role.
@@ -319,9 +341,11 @@ def test_api_documents_children_list_authenticated_related_direct():
child1, child2 = factories.DocumentFactory.create_batch(2, parent=document)
factories.UserDocumentAccessFactory(document=child1)
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
with django_assert_num_queries(9):
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
assert response.status_code == 200
assert response.json() == {
"count": 2,
@@ -344,7 +368,7 @@ def test_api_documents_children_list_authenticated_related_direct():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -362,13 +386,15 @@ def test_api_documents_children_list_authenticated_related_direct():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
}
def test_api_documents_children_list_authenticated_related_parent():
def test_api_documents_children_list_authenticated_related_parent(
django_assert_num_queries,
):
"""
Authenticated users should be allowed to retrieve the children of a document if they
are related to one of its ancestors whatever the role.
@@ -389,9 +415,11 @@ def test_api_documents_children_list_authenticated_related_parent():
document=grand_parent, user=user
)
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
with django_assert_num_queries(10):
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
assert response.status_code == 200
assert response.json() == {
"count": 2,
@@ -414,7 +442,7 @@ def test_api_documents_children_list_authenticated_related_parent():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [grand_parent_access.role],
"user_role": grand_parent_access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -432,13 +460,15 @@ def test_api_documents_children_list_authenticated_related_parent():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [grand_parent_access.role],
"user_role": grand_parent_access.role,
},
],
}
def test_api_documents_children_list_authenticated_related_child():
def test_api_documents_children_list_authenticated_related_child(
django_assert_num_queries,
):
"""
Authenticated users should not be allowed to retrieve all the children of a document
as a result of being related to one of its children.
@@ -454,16 +484,20 @@ def test_api_documents_children_list_authenticated_related_child():
factories.UserDocumentAccessFactory(document=child1, user=user)
factories.UserDocumentAccessFactory(document=document)
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
with django_assert_num_queries(2):
response = client.get(
f"/api/v1.0/documents/{document.id!s}/children/",
)
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
def test_api_documents_children_list_authenticated_related_team_none(mock_user_teams):
def test_api_documents_children_list_authenticated_related_team_none(
mock_user_teams, django_assert_num_queries
):
"""
Authenticated users should not be able to retrieve the children of a restricted document
related to teams in which the user is not.
@@ -480,7 +514,9 @@ def test_api_documents_children_list_authenticated_related_team_none(mock_user_t
factories.TeamDocumentAccessFactory(document=document, team="myteam")
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(2):
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
@@ -488,7 +524,7 @@ def test_api_documents_children_list_authenticated_related_team_none(mock_user_t
def test_api_documents_children_list_authenticated_related_team_members(
mock_user_teams,
mock_user_teams, django_assert_num_queries
):
"""
Authenticated users should be allowed to retrieve the children of a document to which they
@@ -506,7 +542,8 @@ def test_api_documents_children_list_authenticated_related_team_members(
access = factories.TeamDocumentAccessFactory(document=document, team="myteam")
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
with django_assert_num_queries(9):
response = client.get(f"/api/v1.0/documents/{document.id!s}/children/")
# pylint: disable=R0801
assert response.status_code == 200
@@ -531,7 +568,7 @@ def test_api_documents_children_list_authenticated_related_team_members(
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -549,7 +586,7 @@ def test_api_documents_children_list_authenticated_related_team_members(
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
}

42
src/backend/core/tests/documents/test_api_documents_descendants.py
View File

@@ -46,7 +46,7 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": grand_child.get_abilities(AnonymousUser()),
@@ -64,7 +64,7 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(AnonymousUser()),
@@ -82,7 +82,7 @@ def test_api_documents_descendants_list_anonymous_public_standalone():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -129,7 +129,7 @@ def test_api_documents_descendants_list_anonymous_public_parent():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": grand_child.get_abilities(AnonymousUser()),
@@ -147,7 +147,7 @@ def test_api_documents_descendants_list_anonymous_public_parent():
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(AnonymousUser()),
@@ -165,7 +165,7 @@ def test_api_documents_descendants_list_anonymous_public_parent():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -231,7 +231,7 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": grand_child.get_abilities(user),
@@ -249,7 +249,7 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(user),
@@ -267,7 +267,7 @@ def test_api_documents_descendants_list_authenticated_unrelated_public_or_authen
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -318,7 +318,7 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": grand_child.get_abilities(user),
@@ -336,7 +336,7 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": child2.get_abilities(user),
@@ -354,7 +354,7 @@ def test_api_documents_descendants_list_authenticated_public_or_authenticated_pa
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
}
@@ -428,7 +428,7 @@ def test_api_documents_descendants_list_authenticated_related_direct():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": grand_child.get_abilities(user),
@@ -446,7 +446,7 @@ def test_api_documents_descendants_list_authenticated_related_direct():
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -464,7 +464,7 @@ def test_api_documents_descendants_list_authenticated_related_direct():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
}
@@ -518,7 +518,7 @@ def test_api_documents_descendants_list_authenticated_related_parent():
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [grand_parent_access.role],
"user_role": grand_parent_access.role,
},
{
"abilities": grand_child.get_abilities(user),
@@ -536,7 +536,7 @@ def test_api_documents_descendants_list_authenticated_related_parent():
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [grand_parent_access.role],
"user_role": grand_parent_access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -554,7 +554,7 @@ def test_api_documents_descendants_list_authenticated_related_parent():
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [grand_parent_access.role],
"user_role": grand_parent_access.role,
},
],
}
@@ -654,7 +654,7 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
"path": child1.path,
"title": child1.title,
"updated_at": child1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": grand_child.get_abilities(user),
@@ -672,7 +672,7 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
"path": grand_child.path,
"title": grand_child.title,
"updated_at": grand_child.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": child2.get_abilities(user),
@@ -690,7 +690,7 @@ def test_api_documents_descendants_list_authenticated_related_team_members(
"path": child2.path,
"title": child2.title,
"updated_at": child2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
}

2
src/backend/core/tests/documents/test_api_documents_favorite_list.py
View File

@@ -74,7 +74,7 @@ def test_api_document_favorite_list_authenticated_with_favorite():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": ["reader"],
"user_role": "reader",
}
],
}

10
src/backend/core/tests/documents/test_api_documents_list.py
View File

@@ -76,7 +76,7 @@ def test_api_documents_list_format():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}
@@ -148,11 +148,11 @@ def test_api_documents_list_authenticated_direct(django_assert_num_queries):
str(child4_with_access.id),
}
with django_assert_num_queries(12):
with django_assert_num_queries(14):
response = client.get("/api/v1.0/documents/")
# nb_accesses should now be cached
with django_assert_num_queries(4):
with django_assert_num_queries(6):
response = client.get("/api/v1.0/documents/")
assert response.status_code == 200
@@ -268,11 +268,11 @@ def test_api_documents_list_authenticated_link_reach_public_or_authenticated(
expected_ids = {str(document1.id), str(document2.id), str(visible_child.id)}
with django_assert_num_queries(10):
with django_assert_num_queries(11):
response = client.get("/api/v1.0/documents/")
# nb_accesses should now be cached
with django_assert_num_queries(4):
with django_assert_num_queries(5):
response = client.get("/api/v1.0/documents/")
assert response.status_code == 200

85
src/backend/core/tests/documents/test_api_documents_retrieve.py
View File

@@ -12,7 +12,7 @@ from django.utils import timezone
import pytest
from rest_framework.test import APIClient
from core import factories, models
from core import choices, factories, models
pytestmark = pytest.mark.django_db
@@ -44,7 +44,6 @@ def test_api_documents_retrieve_anonymous_public_standalone():
"favorite": False,
"invite_owner": False,
"link_configuration": False,
"ancestors_links_definitions": {},
"link_select_options": {
"authenticated": ["reader", "editor"],
"public": ["reader", "editor"],
@@ -76,7 +75,7 @@ def test_api_documents_retrieve_anonymous_public_standalone():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -94,7 +93,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
assert response.status_code == 200
links = document.get_ancestors().values("link_reach", "link_role")
links_definitions = document.get_ancestors_links_definitions(links)
links_definition = choices.get_equivalent_link_definition(links)
assert response.json() == {
"id": str(document.id),
"abilities": {
@@ -102,10 +101,6 @@ def test_api_documents_retrieve_anonymous_public_parent():
"accesses_view": False,
"ai_transform": False,
"ai_translate": False,
"ancestors_links_definitions": {
"public": [grand_parent.link_role],
parent.link_reach: [parent.link_role],
},
"attachment_upload": grand_parent.link_role == "editor",
"can_edit": grand_parent.link_role == "editor",
"children_create": False,
@@ -120,7 +115,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
"invite_owner": False,
"link_configuration": False,
"link_select_options": models.LinkReachChoices.get_select_options(
links_definitions
**links_definition
),
"media_auth": True,
"media_check": True,
@@ -148,7 +143,7 @@ def test_api_documents_retrieve_anonymous_public_parent():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -206,7 +201,6 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
"accesses_view": False,
"ai_transform": document.link_role == "editor",
"ai_translate": document.link_role == "editor",
"ancestors_links_definitions": {},
"attachment_upload": document.link_role == "editor",
"can_edit": document.link_role == "editor",
"children_create": document.link_role == "editor",
@@ -250,7 +244,7 @@ def test_api_documents_retrieve_authenticated_unrelated_public_or_authenticated(
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
assert (
models.LinkTrace.objects.filter(document=document, user=user).exists() is True
@@ -276,7 +270,7 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
assert response.status_code == 200
links = document.get_ancestors().values("link_reach", "link_role")
links_definitions = document.get_ancestors_links_definitions(links)
links_definition = choices.get_equivalent_link_definition(links)
assert response.json() == {
"id": str(document.id),
"abilities": {
@@ -284,10 +278,6 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
"accesses_view": False,
"ai_transform": grand_parent.link_role == "editor",
"ai_translate": grand_parent.link_role == "editor",
"ancestors_links_definitions": {
grand_parent.link_reach: [grand_parent.link_role],
"restricted": [parent.link_role],
},
"attachment_upload": grand_parent.link_role == "editor",
"can_edit": grand_parent.link_role == "editor",
"children_create": grand_parent.link_role == "editor",
@@ -301,7 +291,7 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
"invite_owner": False,
"link_configuration": False,
"link_select_options": models.LinkReachChoices.get_select_options(
links_definitions
**links_definition
),
"move": False,
"media_auth": True,
@@ -329,7 +319,7 @@ def test_api_documents_retrieve_authenticated_public_or_authenticated_parent(rea
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -439,7 +429,7 @@ def test_api_documents_retrieve_authenticated_related_direct():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}
@@ -465,8 +455,7 @@ def test_api_documents_retrieve_authenticated_related_parent():
)
assert response.status_code == 200
links = document.get_ancestors().values("link_reach", "link_role")
links_definitions = document.get_ancestors_links_definitions(links)
ancestors_roles = list({grand_parent.link_role, parent.link_role})
link_definition = choices.get_equivalent_link_definition(links)
assert response.json() == {
"id": str(document.id),
"abilities": {
@@ -474,7 +463,6 @@ def test_api_documents_retrieve_authenticated_related_parent():
"accesses_view": True,
"ai_transform": access.role != "reader",
"ai_translate": access.role != "reader",
"ancestors_links_definitions": {"restricted": ancestors_roles},
"attachment_upload": access.role != "reader",
"can_edit": access.role != "reader",
"children_create": access.role != "reader",
@@ -488,7 +476,7 @@ def test_api_documents_retrieve_authenticated_related_parent():
"invite_owner": access.role == "owner",
"link_configuration": access.role in ["administrator", "owner"],
"link_select_options": models.LinkReachChoices.get_select_options(
links_definitions
**link_definition
),
"media_auth": True,
"media_check": True,
@@ -516,7 +504,7 @@ def test_api_documents_retrieve_authenticated_related_parent():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}
@@ -612,16 +600,16 @@ def test_api_documents_retrieve_authenticated_related_team_none(mock_user_teams)
@pytest.mark.parametrize(
"teams,roles",
"teams,role",
[
[["readers"], ["reader"]],
[["unknown", "readers"], ["reader"]],
[["editors"], ["editor"]],
[["unknown", "editors"], ["editor"]],
[["readers"], "reader"],
[["unknown", "readers"], "reader"],
[["editors"], "editor"],
[["unknown", "editors"], "editor"],
],
)
def test_api_documents_retrieve_authenticated_related_team_members(
teams, roles, mock_user_teams
teams, role, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a document to which they
@@ -668,20 +656,20 @@ def test_api_documents_retrieve_authenticated_related_team_members(
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": roles,
"user_role": role,
}
@pytest.mark.parametrize(
"teams,roles",
"teams,role",
[
[["administrators"], ["administrator"]],
[["editors", "administrators"], ["administrator", "editor"]],
[["unknown", "administrators"], ["administrator"]],
[["administrators"], "administrator"],
[["editors", "administrators"], "administrator"],
[["unknown", "administrators"], "administrator"],
],
)
def test_api_documents_retrieve_authenticated_related_team_administrators(
teams, roles, mock_user_teams
teams, role, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a document to which they
@@ -730,21 +718,21 @@ def test_api_documents_retrieve_authenticated_related_team_administrators(
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": roles,
"user_role": role,
}
@pytest.mark.parametrize(
"teams,roles",
"teams,role",
[
[["owners"], ["owner"]],
[["owners", "administrators"], ["owner", "administrator"]],
[["members", "administrators", "owners"], ["owner", "administrator"]],
[["unknown", "owners"], ["owner"]],
[["owners"], "owner"],
[["owners", "administrators"], "owner"],
[["members", "administrators", "owners"], "owner"],
[["unknown", "owners"], "owner"],
],
)
def test_api_documents_retrieve_authenticated_related_team_owners(
teams, roles, mock_user_teams
teams, role, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a restricted document to which
@@ -792,11 +780,11 @@ def test_api_documents_retrieve_authenticated_related_team_owners(
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": roles,
"user_role": role,
}
def test_api_documents_retrieve_user_roles(django_assert_max_num_queries):
def test_api_documents_retrieve_user_role(django_assert_max_num_queries):
"""
Roles should be annotated on querysets taking into account all documents ancestors.
"""
@@ -819,15 +807,14 @@ def test_api_documents_retrieve_user_roles(django_assert_max_num_queries):
factories.UserDocumentAccessFactory(document=parent, user=user),
factories.UserDocumentAccessFactory(document=document, user=user),
)
expected_roles = {access.role for access in accesses}
expected_role = choices.RoleChoices.max(*[access.role for access in accesses])
with django_assert_max_num_queries(14):
response = client.get(f"/api/v1.0/documents/{document.id!s}/")
assert response.status_code == 200
user_roles = response.json()["user_roles"]
assert set(user_roles) == expected_roles
assert response.json()["user_role"] == expected_role
def test_api_documents_retrieve_numqueries_with_link_trace(django_assert_num_queries):

3
src/backend/core/tests/documents/test_api_documents_trashbin.py
View File

@@ -74,7 +74,6 @@ def test_api_documents_trashbin_format():
"accesses_view": True,
"ai_transform": True,
"ai_translate": True,
"ancestors_links_definitions": {},
"attachment_upload": True,
"can_edit": True,
"children_create": True,
@@ -116,7 +115,7 @@ def test_api_documents_trashbin_format():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": ["owner"],
"user_role": "owner",
}

73
src/backend/core/tests/documents/test_api_documents_tree.py
View File

@@ -57,7 +57,7 @@ def test_api_documents_tree_list_anonymous_public_standalone(django_assert_num_q
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": document.created_at.isoformat().replace("+00:00", "Z"),
@@ -74,7 +74,7 @@ def test_api_documents_tree_list_anonymous_public_standalone(django_assert_num_q
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": sibling1.get_abilities(AnonymousUser()),
@@ -93,7 +93,7 @@ def test_api_documents_tree_list_anonymous_public_standalone(django_assert_num_q
"path": sibling1.path,
"title": sibling1.title,
"updated_at": sibling1.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": sibling2.get_abilities(AnonymousUser()),
@@ -112,7 +112,7 @@ def test_api_documents_tree_list_anonymous_public_standalone(django_assert_num_q
"path": sibling2.path,
"title": sibling2.title,
"updated_at": sibling2.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -129,7 +129,7 @@ def test_api_documents_tree_list_anonymous_public_standalone(django_assert_num_q
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -163,7 +163,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
response = APIClient().get(f"/api/v1.0/documents/{document.id!s}/tree/")
assert response.status_code == 200
assert response.json() == {
expected_tree = {
"abilities": grand_parent.get_abilities(AnonymousUser()),
"children": [
{
@@ -193,7 +193,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": document.created_at.isoformat().replace(
@@ -214,7 +214,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
"updated_at": document.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
{
"abilities": document_sibling.get_abilities(AnonymousUser()),
@@ -237,7 +237,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
"updated_at": document_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -254,7 +254,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": parent_sibling.get_abilities(AnonymousUser()),
@@ -277,7 +277,7 @@ def test_api_documents_tree_list_anonymous_public_parent():
"updated_at": parent_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": grand_parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -294,8 +294,9 @@ def test_api_documents_tree_list_anonymous_public_parent():
"path": grand_parent.path,
"title": grand_parent.title,
"updated_at": grand_parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
assert response.json() == expected_tree
@pytest.mark.parametrize("reach", ["restricted", "authenticated"])
@@ -366,7 +367,7 @@ def test_api_documents_tree_list_authenticated_unrelated_public_or_authenticated
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": document.created_at.isoformat().replace("+00:00", "Z"),
@@ -383,7 +384,7 @@ def test_api_documents_tree_list_authenticated_unrelated_public_or_authenticated
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": sibling.get_abilities(user),
@@ -402,7 +403,7 @@ def test_api_documents_tree_list_authenticated_unrelated_public_or_authenticated
"path": sibling.path,
"title": sibling.title,
"updated_at": sibling.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -419,7 +420,7 @@ def test_api_documents_tree_list_authenticated_unrelated_public_or_authenticated
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -488,7 +489,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": document.created_at.isoformat().replace(
@@ -509,7 +510,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"updated_at": document.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
{
"abilities": document_sibling.get_abilities(user),
@@ -532,7 +533,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"updated_at": document_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -549,7 +550,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
},
{
"abilities": parent_sibling.get_abilities(user),
@@ -572,7 +573,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"updated_at": parent_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [],
"user_role": None,
},
],
"created_at": grand_parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -589,7 +590,7 @@ def test_api_documents_tree_list_authenticated_public_or_authenticated_parent(
"path": grand_parent.path,
"title": grand_parent.title,
"updated_at": grand_parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [],
"user_role": None,
}
@@ -664,7 +665,7 @@ def test_api_documents_tree_list_authenticated_related_direct():
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": document.created_at.isoformat().replace("+00:00", "Z"),
@@ -681,7 +682,7 @@ def test_api_documents_tree_list_authenticated_related_direct():
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": sibling.get_abilities(user),
@@ -700,7 +701,7 @@ def test_api_documents_tree_list_authenticated_related_direct():
"path": sibling.path,
"title": sibling.title,
"updated_at": sibling.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -717,7 +718,7 @@ def test_api_documents_tree_list_authenticated_related_direct():
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}
@@ -790,7 +791,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": document.created_at.isoformat().replace(
@@ -811,7 +812,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"updated_at": document.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": document_sibling.get_abilities(user),
@@ -834,7 +835,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"updated_at": document_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -851,7 +852,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": parent_sibling.get_abilities(user),
@@ -874,7 +875,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"updated_at": parent_sibling.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": grand_parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -891,7 +892,7 @@ def test_api_documents_tree_list_authenticated_related_parent():
"path": grand_parent.path,
"title": grand_parent.title,
"updated_at": grand_parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}
@@ -974,7 +975,7 @@ def test_api_documents_tree_list_authenticated_related_team_members(
"updated_at": child.updated_at.isoformat().replace(
"+00:00", "Z"
),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": document.created_at.isoformat().replace("+00:00", "Z"),
@@ -991,7 +992,7 @@ def test_api_documents_tree_list_authenticated_related_team_members(
"path": document.path,
"title": document.title,
"updated_at": document.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
{
"abilities": sibling.get_abilities(user),
@@ -1010,7 +1011,7 @@ def test_api_documents_tree_list_authenticated_related_team_members(
"path": sibling.path,
"title": sibling.title,
"updated_at": sibling.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
},
],
"created_at": parent.created_at.isoformat().replace("+00:00", "Z"),
@@ -1027,5 +1028,5 @@ def test_api_documents_tree_list_authenticated_related_team_members(
"path": parent.path,
"title": parent.title,
"updated_at": parent.updated_at.isoformat().replace("+00:00", "Z"),
"user_roles": [access.role],
"user_role": access.role,
}

85
src/backend/core/tests/test_models_documents.py
View File

@@ -154,7 +154,6 @@ def test_models_documents_get_abilities_forbidden(
"accesses_view": False,
"ai_transform": False,
"ai_translate": False,
"ancestors_links_definitions": {},
"attachment_upload": False,
"can_edit": False,
"children_create": False,
@@ -217,7 +216,6 @@ def test_models_documents_get_abilities_reader(
"accesses_view": False,
"ai_transform": False,
"ai_translate": False,
"ancestors_links_definitions": {},
"attachment_upload": False,
"can_edit": False,
"children_create": False,
@@ -256,7 +254,7 @@ def test_models_documents_get_abilities_reader(
assert all(
value is False
for key, value in document.get_abilities(user).items()
if key not in ["link_select_options", "ancestors_links_definitions"]
if key not in ["link_select_options", "ancestors_links_definition"]
)
@@ -282,7 +280,6 @@ def test_models_documents_get_abilities_editor(
"accesses_view": False,
"ai_transform": is_authenticated,
"ai_translate": is_authenticated,
"ancestors_links_definitions": {},
"attachment_upload": True,
"can_edit": True,
"children_create": is_authenticated,
@@ -320,7 +317,7 @@ def test_models_documents_get_abilities_editor(
assert all(
value is False
for key, value in document.get_abilities(user).items()
if key not in ["link_select_options", "ancestors_links_definitions"]
if key not in ["link_select_options", "ancestors_links_definition"]
)
@@ -336,7 +333,6 @@ def test_models_documents_get_abilities_owner(django_assert_num_queries):
"accesses_view": True,
"ai_transform": True,
"ai_translate": True,
"ancestors_links_definitions": {},
"attachment_upload": True,
"can_edit": True,
"children_create": True,
@@ -387,7 +383,6 @@ def test_models_documents_get_abilities_administrator(django_assert_num_queries)
"accesses_view": True,
"ai_transform": True,
"ai_translate": True,
"ancestors_links_definitions": {},
"attachment_upload": True,
"can_edit": True,
"children_create": True,
@@ -425,7 +420,7 @@ def test_models_documents_get_abilities_administrator(django_assert_num_queries)
assert all(
value is False
for key, value in document.get_abilities(user).items()
if key not in ["link_select_options", "ancestors_links_definitions"]
if key not in ["link_select_options", "ancestors_links_definition"]
)
@@ -441,7 +436,6 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
"accesses_view": True,
"ai_transform": True,
"ai_translate": True,
"ancestors_links_definitions": {},
"attachment_upload": True,
"can_edit": True,
"children_create": True,
@@ -479,7 +473,7 @@ def test_models_documents_get_abilities_editor_user(django_assert_num_queries):
assert all(
value is False
for key, value in document.get_abilities(user).items()
if key not in ["link_select_options", "ancestors_links_definitions"]
if key not in ["link_select_options", "ancestors_links_definition"]
)
@@ -502,7 +496,6 @@ def test_models_documents_get_abilities_reader_user(
# You should not access AI if it's restricted to users with specific access
"ai_transform": access_from_link and ai_access_setting != "restricted",
"ai_translate": access_from_link and ai_access_setting != "restricted",
"ancestors_links_definitions": {},
"attachment_upload": access_from_link,
"can_edit": access_from_link,
"children_create": access_from_link,
@@ -542,7 +535,7 @@ def test_models_documents_get_abilities_reader_user(
assert all(
value is False
for key, value in document.get_abilities(user).items()
if key not in ["link_select_options", "ancestors_links_definitions"]
if key not in ["link_select_options", "ancestors_links_definition"]
)
@@ -561,7 +554,6 @@ def test_models_documents_get_abilities_preset_role(django_assert_num_queries):
"accesses_view": True,
"ai_transform": False,
"ai_translate": False,
"ancestors_links_definitions": {},
"attachment_upload": False,
"can_edit": False,
"children_create": False,
@@ -1269,45 +1261,60 @@ def test_models_documents_get_select_options(reach, role, select_options):
assert models.LinkReachChoices.get_select_options(reach, role) == select_options
def test_models_documents_compute_ancestors_links_no_highest_readable():
"""Test the compute_ancestors_links method."""
document = factories.DocumentFactory(link_reach="public")
assert document.compute_ancestors_links(user=AnonymousUser()) == []
def test_models_documents_compute_ancestors_links_highest_readable(
def test_models_documents_compute_ancestors_links_paths_mapping_single(
django_assert_num_queries,
):
"""Test the compute_ancestors_links method."""
"""Test the compute_ancestors_links_paths_mapping method on a single document."""
document = factories.DocumentFactory(link_reach="public")
with django_assert_num_queries(1):
assert document.compute_ancestors_links_paths_mapping() == {
document.path: [{"link_reach": "public", "link_role": document.link_role}]
}
def test_models_documents_compute_ancestors_links_paths_mapping_structure(
django_assert_num_queries,
):
"""Test the compute_ancestors_links_paths_mapping method on a tree of documents."""
user = factories.UserFactory()
other_user = factories.UserFactory()
root = factories.DocumentFactory(
link_reach="restricted", link_role="reader", users=[user]
)
factories.DocumentFactory(
parent=root, link_reach="public", link_role="reader", users=[user]
)
child2 = factories.DocumentFactory(
root = factories.DocumentFactory(link_reach="restricted", users=[user])
document = factories.DocumentFactory(
parent=root,
link_reach="authenticated",
link_role="editor",
users=[user, other_user],
)
child3 = factories.DocumentFactory(
parent=child2,
sibling = factories.DocumentFactory(parent=root, link_reach="public", users=[user])
child = factories.DocumentFactory(
parent=document,
link_reach="authenticated",
link_role="reader",
users=[user, other_user],
)
with django_assert_num_queries(2):
assert child3.compute_ancestors_links(user=user) == [
{"link_reach": root.link_reach, "link_role": root.link_role},
{"link_reach": child2.link_reach, "link_role": child2.link_role},
]
# Child
with django_assert_num_queries(1):
assert child.compute_ancestors_links_paths_mapping() == {
root.path: [{"link_reach": "restricted", "link_role": root.link_role}],
document.path: [
{"link_reach": "restricted", "link_role": root.link_role},
{"link_reach": document.link_reach, "link_role": document.link_role},
],
child.path: [
{"link_reach": "restricted", "link_role": root.link_role},
{"link_reach": document.link_reach, "link_role": document.link_role},
{"link_reach": child.link_reach, "link_role": child.link_role},
],
}
with django_assert_num_queries(2):
assert child3.compute_ancestors_links(user=other_user) == [
{"link_reach": child2.link_reach, "link_role": child2.link_role},
]
# Sibling
with django_assert_num_queries(1):
assert sibling.compute_ancestors_links_paths_mapping() == {
root.path: [{"link_reach": "restricted", "link_role": root.link_role}],
sibling.path: [
{"link_reach": "restricted", "link_role": root.link_role},
{"link_reach": sibling.link_reach, "link_role": sibling.link_role},
],
}