Can now create a new note in a read-write-for-only-your-own-notes notebook.
This commit is contained in:
parent
388f2fcb02
commit
384166b4cc
|
@ -98,4 +98,6 @@ class Forums( object ):
|
||||||
return result
|
return result
|
||||||
|
|
||||||
# threads() is just an alias for Notebooks.default()
|
# threads() is just an alias for Notebooks.default()
|
||||||
threads = Notebooks.default
|
def threads( self, *args, **kwargs ):
|
||||||
|
return self.__notebooks.default( *args, **kwargs )
|
||||||
|
threads.exposed = True
|
||||||
|
|
|
@ -748,13 +748,14 @@ class Users( object ):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# if a particular note_id is given, and the notebook is READ_WRITE_FOR_OWN_NOTES, then check
|
# if a particular note_id is given, and the notebook is READ_WRITE_FOR_OWN_NOTES, then check
|
||||||
# that the user is associated with that note
|
# that the user is associated with that note (if the note exists). this prevents a user
|
||||||
|
# from modifying someone else's note in a READ_WRITE_FOR_OWN_NOTES notebook
|
||||||
if note_id and notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
|
if note_id and notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
|
||||||
note = self.__database.load( Note, note_id )
|
note = self.__database.load( Note, note_id )
|
||||||
if not note:
|
if note and (
|
||||||
return None
|
( note.user_id and user_id != note.user_id ) or
|
||||||
|
( note.notebook_id and notebook_id != note.notebook_id )
|
||||||
if user_id != note.user_id or notebook_id != note.notebook_id:
|
):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
return notebook
|
return notebook
|
||||||
|
|
|
@ -2412,6 +2412,48 @@ class Test_notebooks( Test_controller ):
|
||||||
def test_save_new_startup_note( self ):
|
def test_save_new_startup_note( self ):
|
||||||
self.test_save_new_note( startup = True )
|
self.test_save_new_note( startup = True )
|
||||||
|
|
||||||
|
def test_save_new_note_with_notebook_read_write_for_own_notes( self ):
|
||||||
|
self.login()
|
||||||
|
|
||||||
|
self.database.execute( self.user.sql_update_access(
|
||||||
|
self.notebook.object_id, read_write = Notebook.READ_WRITE_FOR_OWN_NOTES, owner = True,
|
||||||
|
) )
|
||||||
|
|
||||||
|
# save a completely new note
|
||||||
|
new_note = Note.create( "55", u"<h3>newest title</h3>foo" )
|
||||||
|
previous_revision = new_note.revision
|
||||||
|
result = self.http_post( "/notebooks/save_note/", dict(
|
||||||
|
notebook_id = self.notebook.object_id,
|
||||||
|
note_id = new_note.object_id,
|
||||||
|
contents = new_note.contents,
|
||||||
|
startup = False,
|
||||||
|
previous_revision = None,
|
||||||
|
), session_id = self.session_id )
|
||||||
|
|
||||||
|
assert result[ "new_revision" ]
|
||||||
|
assert result[ "new_revision" ] != previous_revision
|
||||||
|
assert result[ "new_revision" ].user_id == self.user.object_id
|
||||||
|
assert result[ "new_revision" ].username == self.username
|
||||||
|
assert result[ "previous_revision" ] == None
|
||||||
|
user = self.database.load( User, self.user.object_id )
|
||||||
|
assert user.storage_bytes > 0
|
||||||
|
assert result[ "storage_bytes" ] == user.storage_bytes
|
||||||
|
|
||||||
|
# make sure the new title is now loadable
|
||||||
|
result = self.http_post( "/notebooks/load_note_by_title/", dict(
|
||||||
|
notebook_id = self.notebook.object_id,
|
||||||
|
note_title = new_note.title,
|
||||||
|
), session_id = self.session_id )
|
||||||
|
|
||||||
|
note = result[ "note" ]
|
||||||
|
|
||||||
|
assert note.object_id == new_note.object_id
|
||||||
|
assert note.title == new_note.title
|
||||||
|
assert note.contents == new_note.contents
|
||||||
|
assert note.startup == True # startup is forced to True in READ_WRITE_FOR_OWN_NOTES notebook
|
||||||
|
assert note.user_id == self.user.object_id
|
||||||
|
assert note.rank == 0
|
||||||
|
|
||||||
def test_save_new_note_with_disallowed_tags( self ):
|
def test_save_new_note_with_disallowed_tags( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
||||||
|
|
|
@ -974,7 +974,24 @@ class Test_users( Test_controller ):
|
||||||
notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
|
notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
|
||||||
note_id = u"unknownid" )
|
note_id = u"unknownid" )
|
||||||
|
|
||||||
assert notebook is None
|
# an unknown note id indicates that a new note is being created, which is allowed in a
|
||||||
|
# READ_WRITE_FOR_OWN_NOTES notebooks
|
||||||
|
assert notebook
|
||||||
|
assert notebook.object_id == self.notebooks[ 0 ].object_id
|
||||||
|
|
||||||
|
def test_load_notebook_with_stub_note( self ):
|
||||||
|
# don't fully create a note, but reserve an id for it
|
||||||
|
note_id = self.database.next_id( Note )
|
||||||
|
|
||||||
|
self.database.execute( self.user.sql_update_access(
|
||||||
|
self.notebooks[ 0 ].object_id, read_write = Notebook.READ_WRITE_FOR_OWN_NOTES, owner = False,
|
||||||
|
) )
|
||||||
|
|
||||||
|
notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
|
||||||
|
note_id = note_id )
|
||||||
|
|
||||||
|
assert notebook
|
||||||
|
assert notebook.object_id == self.notebooks[ 0 ].object_id
|
||||||
|
|
||||||
def test_load_notebook_with_note_id_in_another_notebook( self ):
|
def test_load_notebook_with_note_id_in_another_notebook( self ):
|
||||||
self.database.execute( self.user.sql_update_access(
|
self.database.execute( self.user.sql_update_access(
|
||||||
|
|
Reference in New Issue
Block a user