Merge pull request #398 from UW-GAC/release/v0.18

Release/v0.18

CHANGELOG.md

@@ -1,6 +1,6 @@
 # Change log
 
-## Devel
+## 0.18 (2023-10-03)
 
 * Include a workspace_data_object context variable for the `WorkspaceDetail` and `WorkspaceUpdate` views.
 * Refactor auditing classes.

anvil_consortium_manager/__init__.py

@@ -1 +1 @@
-__version__ = "0.18dev3"
+__version__ = "0.18"

anvil_consortium_manager/auth.py

@@ -1,9 +1,24 @@
-from django.contrib.auth.mixins import PermissionRequiredMixin
+from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
 from django.contrib.contenttypes.models import ContentType
 
 from .models import AnVILProjectManagerAccess
 
 
+class AnVILConsortiumManagerLimitedViewRequired(UserPassesTestMixin):
+    """AnVIL global app limited view permission required mixin.
+
+    This mixin allows anyone with either LIMITED_VIEW or VIEW permission to access a view."""
+
+    def test_func(self):
+        apm_content_type = ContentType.objects.get_for_model(AnVILProjectManagerAccess)
+        perm_1 = f"{apm_content_type.app_label}.{AnVILProjectManagerAccess.LIMITED_VIEW_PERMISSION_CODENAME}"
+        perm_2 = f"{apm_content_type.app_label}.{AnVILProjectManagerAccess.VIEW_PERMISSION_CODENAME}"
+        has_perms = self.request.user.has_perms(
+            (perm_1,)
+        ) or self.request.user.has_perms((perm_2,))
+        return has_perms
+
+
 class AnVILConsortiumManagerViewRequired(PermissionRequiredMixin):
     """AnVIL global app view permission required mixin"""
 

anvil_consortium_manager/tests/test_auth.py

@@ -0,0 +1,64 @@
+"""Tests for the auth.py source file classes that aren't tested elsewhere."""
+from django.contrib.auth.models import Permission, User
+from django.test import RequestFactory, TestCase
+
+from .. import auth, models
+
+
+class AnVILConsortiumManagerLimitedViewRequiredTest(TestCase):
+    """(Temporary) class to test the AnVILConsortiumManagerLimitedViewRequired mixin."""
+
+    def setUp(self):
+        """Set up test class."""
+        self.factory = RequestFactory()
+        self.user = User.objects.create_user(username="test", password="test")
+
+    def get_view_class(self):
+        return auth.AnVILConsortiumManagerLimitedViewRequired
+
+    def test_user_with_limited_view_perms(self):
+        """test_func returns True for a user with limited view permission."""
+        self.user.user_permissions.add(
+            Permission.objects.get(
+                codename=models.AnVILProjectManagerAccess.LIMITED_VIEW_PERMISSION_CODENAME
+            )
+        )
+        inst = self.get_view_class()()
+        request = self.factory.get("")
+        request.user = self.user
+        inst.request = request
+        self.assertTrue(inst.test_func())
+
+    def test_user_with_view_perms(self):
+        """test_func returns True for a user with view permission."""
+        self.user.user_permissions.add(
+            Permission.objects.get(
+                codename=models.AnVILProjectManagerAccess.VIEW_PERMISSION_CODENAME
+            )
+        )
+        inst = self.get_view_class()()
+        request = self.factory.get("")
+        request.user = self.user
+        inst.request = request
+        self.assertTrue(inst.test_func())
+
+    def test_user_with_edit_perms(self):
+        """test_func returns False for a user with edit permission."""
+        self.user.user_permissions.add(
+            Permission.objects.get(
+                codename=models.AnVILProjectManagerAccess.EDIT_PERMISSION_CODENAME
+            )
+        )
+        inst = self.get_view_class()()
+        request = self.factory.get("")
+        request.user = self.user
+        inst.request = request
+        self.assertFalse(inst.test_func())
+
+    def test_user_with_no_perms(self):
+        """test_func returns False for a user with no permissions."""
+        inst = self.get_view_class()()
+        request = self.factory.get("")
+        request.user = self.user
+        inst.request = request
+        self.assertFalse(inst.test_func())