Skip to content

Commit

Permalink
[fix] Admin actions require model permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
pandafy committed Jun 18, 2024
1 parent 0f5727d commit 9d57cda
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 2 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@ jobs:
run: |
pip install -U -e .
pip install ${{ matrix.django-version }}
# TODO: Remove before merging
pip install --force-reinstall --no-cache-dir --no-deps --upgrade https://github.com/openwisp/openwisp-utils/tarball/admin-action-perm
- name: QA checks
run: |
Expand Down
7 changes: 7 additions & 0 deletions openwisp_firmware_upgrader/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,14 @@ def organization(self, obj):

organization.short_description = _('organization')

@admin.action(
description=_('Mass-upgrade devices related to the selected build'),
permissions=['change'],
)
def upgrade_selected(self, request, queryset):
import ipdb

ipdb.set_trace()
opts = self.model._meta
app_label = opts.app_label
# multiple concurrent batch upgrades are not supported
Expand Down
38 changes: 36 additions & 2 deletions openwisp_firmware_upgrader/tests/test_admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import swapper
from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Permission
from django.test import RequestFactory, TestCase, TransactionTestCase
from django.urls import reverse
from django.utils.timezone import localtime
Expand All @@ -21,7 +22,7 @@
admin,
)
from openwisp_users.tests.utils import TestMultitenantAdminMixin
from openwisp_utils.tests import capture_stderr
from openwisp_utils.tests import AdminActionPermTestMixin, capture_stderr

from ..hardware import REVERSE_FIRMWARE_IMAGE_MAP
from ..swapper import load_model
Expand All @@ -35,6 +36,7 @@
DeviceFirmware = load_model('DeviceFirmware')
FirmwareImage = load_model('FirmwareImage')
UpgradeOperation = load_model('UpgradeOperation')
BatchUpgradeOperation = load_model('BatchUpgradeOperation')
Device = swapper.load_model('config', 'Device')


Expand Down Expand Up @@ -348,7 +350,39 @@ def test_device_firmware_upgrade_without_device_connection(

@mock.patch(_mock_updrade, return_value=True)
@mock.patch(_mock_connect, return_value=True)
class TestAdminTransaction(BaseTestAdmin, TransactionTestCase):
class TestAdminTransaction(
BaseTestAdmin, AdminActionPermTestMixin, TransactionTestCase
):
def test_upgrade_selected_action_perms(self, *args):
env = self._create_upgrade_env()
org = env['d1'].organization
self._create_firmwareless_device(organization=org)
user = self._create_user(is_staff=True)
self._create_org_user(user=user, organization=org, is_admin=True)
# The user is redirected to the BatchUpgradeOperation page after success operation.
# Thus, we need to add the permission to the user.
user.user_permissions.add(
Permission.objects.get(
codename=f'change_{BatchUpgradeOperation._meta.model_name}'
)
)
self._test_action_permission(
path=self.build_list_url,
action='upgrade_selected',
user=user,
obj=env['build1'],
message=(
'You can track the progress of this mass upgrade operation '
'in this page. Refresh the page from time to time to check '
'its progress.'
),
required_perms=['change'],
extra_payload={
'upgrade_all': 'upgrade_all',
'upgrade_options': '{"c": true}',
},
)

def test_upgrade_related(self, *args):
self._login()
env = self._create_upgrade_env()
Expand Down

0 comments on commit 9d57cda

Please sign in to comment.