diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 30c7c88926..1f4cd540bc 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -12,6 +12,17 @@ * Emails : - Some permissions checks in the mail history brick were missing. + Developers side : + ----------------- + + Non breaking changes : + ---------------------- + # Apps : + * Email : + - The class-view 'views.sending.SendingBricksReloading' now checks permissions. + * Commercial : + - The class-view 'views.strategy.MatrixBricksReloading' now checks permissions. + == Version 2.3.17 == diff --git a/creme/commercial/tests/test_strategy.py b/creme/commercial/tests/test_strategy.py index 0bac323c9b..3410a7f649 100644 --- a/creme/commercial/tests/test_strategy.py +++ b/creme/commercial/tests/test_strategy.py @@ -1017,6 +1017,13 @@ def test_reload_assets_matrix(self): self.assertEqual(brick_id, result[0]) self.get_brick_node(self.get_html_tree(result[1]), brick_id) + def test_reload_assets_matrix__no_app_perm(self): + self.login(is_superuser=False, allowed_apps=('persons',)) # No 'commercial' + self.assertGET403( + reverse('commercial__reload_matrix_brick', args=(self.UNUSED_PK, self.UNUSED_PK)), + data={'brick_id': 'whatever'}, + ) + @skipIfCustomOrganisation def test_reload_charms_matrix(self): user = self.login() diff --git a/creme/commercial/views/strategy.py b/creme/commercial/views/strategy.py index f79206bcab..ae14aa886e 100644 --- a/creme/commercial/views/strategy.py +++ b/creme/commercial/views/strategy.py @@ -2,7 +2,7 @@ ################################################################################ # Creme is a free/open-source Customer Relationship Management software -# Copyright (C) 2009-2021 Hybird +# Copyright (C) 2009-2024 Hybird # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -290,6 +290,7 @@ def post(self, request, **kwargs): class MatrixBricksReloading(bricks_views.BricksReloading): + permissions = 'commercial' check_bricks_permission = False strategy_id_url_kwarg = 'strategy_id' orga_id_url_kwarg = 'orga_id' diff --git a/creme/emails/tests/test_sending.py b/creme/emails/tests/test_sending.py index c9b5ab810a..0d5be7025e 100644 --- a/creme/emails/tests/test_sending.py +++ b/creme/emails/tests/test_sending.py @@ -790,8 +790,9 @@ def test_reload_sending_bricks01(self): # TODO: test other bricks def test_reload_sending_bricks02(self): - "Can not see the campaign" + "Can not see the campaign." self.login(is_superuser=False) + SetCredentials.objects.create( role=self.role, value=EntityCredentials.VIEW, @@ -812,6 +813,14 @@ def test_reload_sending_bricks02(self): data={'brick_id': MailsBrick.id_} ) + def test_reload_sending_bricks03(self): + "No app perm." + self.login(is_superuser=False, allowed_apps=('persons')) # No 'emails' + self.assertGET403( + reverse('emails__reload_sending_bricks', args=(self.UNUSED_PK,)), + data={'brick_id': 'whatever'}, + ) + def test_inneredit(self): user = self.login() camp = EmailCampaign.objects.create(user=user, name='camp01') diff --git a/creme/emails/views/sending.py b/creme/emails/views/sending.py index 9a7a9fbc2a..a1f6d8f288 100644 --- a/creme/emails/views/sending.py +++ b/creme/emails/views/sending.py @@ -2,7 +2,7 @@ ################################################################################ # Creme is a free/open-source Customer Relationship Management software -# Copyright (C) 2009-2021 Hybird +# Copyright (C) 2009-2024 Hybird # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by @@ -68,6 +68,7 @@ def render_to_response(self, context, **response_kwargs): # Useful because EmailSending is not a CremeEntity (should be ?) class SendingBricksReloading(bricks_views.BricksReloading): + permissions = 'emails' check_bricks_permission = False sending_id_url_kwarg = 'sending_id' allowed_bricks = {