Skip to content

Commit f307e44

Browse files
committed
CDD-3441 Use shared check page permissions
1 parent 78615d8 commit f307e44

2 files changed

Lines changed: 16 additions & 40 deletions

File tree

cms/dynamic_content/blocks.py

Lines changed: 3 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
from django.core.exceptions import ValidationError
22
from django.db import models
3+
from common.auth.permissions import check_page_permissions
34
from wagtail import blocks
45
from wagtail.blocks import (
56
CharBlock,
@@ -30,31 +31,6 @@
3031
METRIC_NUMBER_BLOCK_DATE_PREFIX_DEFAULT_TEXT = "Up to"
3132

3233

33-
def check_permissions(user_permissions, theme_id, sub_theme_id, topic_id) -> bool:
34-
if not isinstance(user_permissions, list):
35-
return False
36-
37-
for permission in user_permissions:
38-
permission_theme_id = permission.get("theme", {}).get("id")
39-
permission_sub_theme_id = permission.get("sub_theme", {}).get("id")
40-
permission_topic_id = permission.get("topic", {}).get("id")
41-
42-
if permission_theme_id == "-1":
43-
return True
44-
45-
if permission_theme_id == theme_id and permission_sub_theme_id == "-1":
46-
return True
47-
48-
if (
49-
permission_theme_id == theme_id
50-
and permission_sub_theme_id == sub_theme_id
51-
and (permission_topic_id in {"-1", topic_id})
52-
):
53-
return True
54-
55-
return False
56-
57-
5834
class HeadlineNumberBlockTypes(StreamBlock):
5935
headline_number = HeadlineNumberComponent(help_text=help_texts.HEADLINE_BLOCK_FIELD)
6036
trend_number = TrendNumberComponent(help_text=help_texts.TREND_BLOCK_FIELD)
@@ -251,8 +227,8 @@ def get_api_representation(self, value, context=None):
251227
full_user_permissions = (
252228
user_permissions.get("permission_sets") if user_permissions else None
253229
)
254-
if not check_permissions(
255-
user_permissions=full_user_permissions,
230+
if not check_page_permissions(
231+
permission_sets=full_user_permissions,
256232
theme_id=getattr(page, "theme", None),
257233
sub_theme_id=getattr(page, "sub_theme", None),
258234
topic_id=getattr(page, "topic", None),

tests/unit/cms/dynamic_content/test_blocks.py

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
import pytest
77
from wagtail.blocks import StructBlock, StructValue
88

9-
from cms.dynamic_content.blocks import PageLink, SourceLinkBlock, check_permissions
9+
from cms.dynamic_content.blocks import PageLink, SourceLinkBlock
1010

1111

1212
class TestSourceLinkBlockClean:
@@ -182,14 +182,14 @@ def test_public_page_is_always_authorised(self):
182182
assert result["title"] == "Test title"
183183
assert result["sub_title"] == "Test subtitle"
184184

185-
@mock.patch("cms.dynamic_content.blocks.check_permissions")
186-
def test_non_public_page_permission_denied(self, mock_check_permissions):
185+
@mock.patch("cms.dynamic_content.blocks.check_page_permissions")
186+
def test_non_public_page_permission_denied(self, mock_check_page_permissions):
187187
"""
188188
Given a non-public page and permissions are denied
189189
When get_api_representation() is called
190190
Then the response is unauthorised and fields are blanked.
191191
"""
192-
mock_check_permissions.return_value = False
192+
mock_check_page_permissions.return_value = False
193193

194194
block = PageLink()
195195

@@ -222,16 +222,16 @@ def test_non_public_page_permission_denied(self, mock_check_permissions):
222222
assert result["sub_title"] == ""
223223
assert result["page"] == ""
224224

225-
mock_check_permissions.assert_called_once()
225+
mock_check_page_permissions.assert_called_once()
226226

227-
@mock.patch("cms.dynamic_content.blocks.check_permissions")
228-
def test_non_public_page_permission_granted(self, mock_check_permissions):
227+
@mock.patch("cms.dynamic_content.blocks.check_page_permissions")
228+
def test_non_public_page_permission_granted(self, mock_check_page_permissions):
229229
"""
230230
Given a non-public page and permissions are granted
231231
When get_api_representation() is called
232232
Then the response is authorised and fields are preserved.
233233
"""
234-
mock_check_permissions.return_value = True
234+
mock_check_page_permissions.return_value = True
235235

236236
block = PageLink()
237237

@@ -265,16 +265,16 @@ def test_non_public_page_permission_granted(self, mock_check_permissions):
265265
assert result["sub_title"] == "Test subtitle"
266266
assert result["page"] == "https://test-page-url"
267267

268-
mock_check_permissions.assert_called_once()
268+
mock_check_page_permissions.assert_called_once()
269269

270-
@mock.patch("cms.dynamic_content.blocks.check_permissions")
271-
def test_non_public_page_missing_request(self, mock_check_permissions):
270+
@mock.patch("cms.dynamic_content.blocks.check_page_permissions")
271+
def test_non_public_page_missing_request(self, mock_check_page_permissions):
272272
"""
273273
Given a non-public page and no request in context
274274
When get_api_representation() is called
275275
Then the response is unauthorised and fields are blanked.
276276
"""
277-
mock_check_permissions.return_value = False
277+
mock_check_page_permissions.return_value = False
278278

279279
block = PageLink()
280280

@@ -298,4 +298,4 @@ def test_non_public_page_missing_request(self, mock_check_permissions):
298298
assert result["sub_title"] == ""
299299
assert result["page"] == ""
300300

301-
mock_check_permissions.assert_called_once()
301+
mock_check_page_permissions.assert_called_once()

0 commit comments

Comments
 (0)