diff --git a/controller/Users.py b/controller/Users.py
index dcc6ba5..10de251 100644
--- a/controller/Users.py
+++ b/controller/Users.py
@@ -736,16 +736,17 @@ class Users( object ):
@return: the loaded notebook if the user has access to it, None otherwise
"""
anonymous = self.__database.select_one( User, User.sql_load_by_username( u"anonymous" ), use_cache = True )
- notebook = self.__database.select_one( Notebook, anonymous.sql_load_notebooks( notebook_id = notebook_id ) )
- user = None
-
- if not notebook and user_id:
- user = self.__database.load( User, user_id )
- if not user:
- return None
+ user = user_id and self.__database.load( User, user_id ) or anonymous
+ notebook = None
+ # first try loading the notebook as the given user (if any)
+ if user:
notebook = self.__database.select_one( Notebook, user.sql_load_notebooks( notebook_id = notebook_id ) )
+ # if that doesn't work, try loading the notebook as the anonymous user
+ if notebook is None:
+ notebook = self.__database.select_one( Notebook, anonymous.sql_load_notebooks( notebook_id = notebook_id ) )
+
# if the user has no access to this notebook, bail
if notebook is None:
return None
diff --git a/controller/test/Test_users.py b/controller/test/Test_users.py
index b27b83f..b3c924c 100644
--- a/controller/test/Test_users.py
+++ b/controller/test/Test_users.py
@@ -1065,6 +1065,19 @@ class Test_users( Test_controller ):
assert notebook
assert notebook.object_id == self.notebooks[ 0 ].object_id
+ def test_load_notebook_read_write_own_notes_inherit_anonymous( self ):
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False, own_notes_only = True,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id, read_write = True )
+
+ assert notebook
+ assert notebook.object_id == self.notebooks[ 0 ].object_id
+
def test_load_notebook_read_write_own_notes_anonymous( self ):
self.database.execute( self.anonymous.sql_update_access(
self.notebooks[ 0 ].object_id, read_write = Notebook.READ_WRITE_FOR_OWN_NOTES, owner = False,
@@ -1113,6 +1126,18 @@ class Test_users( Test_controller ):
assert notebook is None
+ def test_load_notebook_owner_own_notes_inherit_anonymous( self ):
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False, own_notes_only = True,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id, owner = True )
+
+ assert notebook is None
+
def test_load_notebook_owner_own_notes_anonymous( self ):
self.database.execute( self.anonymous.sql_update_access(
self.notebooks[ 0 ].object_id, read_write = Notebook.READ_WRITE_FOR_OWN_NOTES, owner = False,
@@ -1161,6 +1186,18 @@ class Test_users( Test_controller ):
assert notebook is None
+ def test_load_notebook_full_own_notes_inherit_anonymous( self ):
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False, own_notes_only = True,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id, read_write = True, owner = True )
+
+ assert notebook is None
+
def test_load_notebook_full_own_notes_anonymous( self ):
self.database.execute( self.anonymous.sql_update_access(
self.notebooks[ 0 ].object_id, read_write = Notebook.READ_WRITE_FOR_OWN_NOTES, owner = False,
@@ -1197,6 +1234,27 @@ class Test_users( Test_controller ):
assert notebook
assert notebook.object_id == self.notebooks[ 0 ].object_id
+ def test_load_notebook_with_note_id_own_notes_inherit_anonymous( self ):
+ note = Note.create(
+ self.database.next_id( Note ), u"hi
",
+ notebook_id = self.notebooks[ 0 ].object_id,
+ user_id = self.user.object_id,
+ )
+ self.database.save( note )
+
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False, own_notes_only = True,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
+ note_id = note.object_id )
+
+ assert notebook
+ assert notebook.object_id == self.notebooks[ 0 ].object_id
+
def test_load_notebook_with_note_id_own_notes_anonymous( self ):
note = Note.create(
self.database.next_id( Note ), u"hi
",
@@ -1289,6 +1347,23 @@ class Test_users( Test_controller ):
assert notebook
assert notebook.object_id == self.notebooks[ 0 ].object_id
+ def test_load_notebook_with_stub_note_own_notes_inherit_anonymous( self ):
+ # don't fully create a note, but reserve an id for it
+ note_id = self.database.next_id( Note )
+
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False, own_notes_only = True,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
+ note_id = note_id )
+
+ assert notebook
+ assert notebook.object_id == self.notebooks[ 0 ].object_id
+
def test_load_notebook_with_stub_note_own_notes_anonymous( self ):
# don't fully create a note, but reserve an id for it
note_id = self.database.next_id( Note )
@@ -1353,6 +1428,27 @@ class Test_users( Test_controller ):
assert notebook
assert notebook.object_id == self.notebooks[ 0 ].object_id
+ def test_load_notebook_read_write_with_note_id_inherit_anonymous( self ):
+ note = Note.create(
+ self.database.next_id( Note ), u"hi
",
+ notebook_id = self.notebooks[ 0 ].object_id,
+ user_id = self.anonymous.object_id,
+ )
+ self.database.save( note )
+
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = True, owner = False,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
+ note_id = note.object_id )
+
+ assert notebook
+ assert notebook.object_id == self.notebooks[ 0 ].object_id
+
def test_load_notebook_read_write_with_note_id_anonymous( self ):
note = Note.create(
self.database.next_id( Note ), u"hi
",
@@ -1439,6 +1535,27 @@ class Test_users( Test_controller ):
assert notebook
assert notebook.object_id == self.notebooks[ 0 ].object_id
+ def test_load_notebook_read_only_with_note_id_inherit_anonymous( self ):
+ note = Note.create(
+ self.database.next_id( Note ), u"hi
",
+ notebook_id = self.notebooks[ 0 ].object_id,
+ user_id = self.anonymous.object_id,
+ )
+ self.database.save( note )
+
+ self.database.execute( self.anonymous.sql_save_notebook(
+ self.notebooks[ 0 ].object_id, read_write = False, owner = False,
+ ) )
+ self.database.execute( self.user.sql_remove_notebook(
+ self.notebooks[ 0 ].object_id
+ ) )
+
+ notebook = cherrypy.root.users.load_notebook( self.user.object_id, self.notebooks[ 0 ].object_id,
+ note_id = note.object_id )
+
+ assert notebook
+ assert notebook.object_id == self.notebooks[ 0 ].object_id
+
def test_load_notebook_read_only_with_note_id_anonymous( self ):
note = Note.create(
self.database.next_id( Note ), u"hi
",