2.4.0 fix multisite not all sites

rdmo/core/managers.py

@@ -7,7 +7,10 @@
 class CurrentSiteQuerySetMixin:
 
     def filter_current_site(self):
-        return self.filter(models.Q(sites=None) | models.Q(sites=settings.SITE_ID))
+        if settings.MULTISITE:
+            return self.filter(sites=settings.SITE_ID)
+        else:
+            return self.filter(models.Q(sites=None) | models.Q(sites=settings.SITE_ID))
 
 
 class GroupsQuerySetMixin:
@@ -20,10 +23,7 @@ def filter_group(self, user):
 class AvailabilityQuerySetMixin:
 
     def filter_availability(self, user):
-        model = str(self.model._meta)
-        permissions = PERMISSIONS[model]
-
-        if user.has_perms(permissions):
+        if user.has_perms(PERMISSIONS[self.model._meta.label_lower]):
             return self
         else:
             return self.filter(available=True)

rdmo/projects/imports.py

@@ -106,10 +106,7 @@ def process(self):
         if self.current_project is None:
             catalog_uri = get_uri(self.root.find('catalog'), self.ns_map)
 
-            available_catalogs = Catalog.objects.filter_current_site() \
-                                                .filter_group(self.request.user) \
-                                                .filter_availability(self.request.user) \
-                                                .order_by('order')
+            available_catalogs = Catalog.objects.filter_for_user(self.request.user)
 
             try:
                 self.catalog = available_catalogs.get(uri=catalog_uri)

rdmo/projects/serializers/v1/__init__.py

@@ -53,10 +53,7 @@ class ProjectSerializer(serializers.ModelSerializer):
     class CatalogField(serializers.PrimaryKeyRelatedField):
 
         def get_queryset(self):
-            return Catalog.objects.filter_current_site() \
-                                  .filter_group(self.context['request'].user) \
-                                  .filter_availability(self.context['request'].user) \
-                                  .order_by('-available', 'order')
+            return Catalog.objects.filter_for_user(self.context['request'].user)
 
     class ParentField(serializers.PrimaryKeyRelatedField):
 

rdmo/projects/tests/conftest.py

@@ -2,6 +2,12 @@
 
 from django.apps import apps
 
+from .helpers.project_catalog import clear_sites_from_other_catalogs  # noqa: F401
+
+
+@pytest.fixture
+def enable_multisite(settings):
+    settings.MULTISITE = True
 
 @pytest.fixture
 def enable_project_views_sync(settings):

rdmo/projects/tests/helpers/project_catalog.py

@@ -0,0 +1,15 @@
+import pytest
+
+from rdmo.questions.models import Catalog
+
+
+@pytest.fixture
+def clear_sites_from_other_catalogs(settings):
+    # arrange, remove sites from the other catalogs
+    # for 'list': 'v1-projects:catalog-list'
+    # in non-multisite, they should appear
+    # however, in a multisite they should not appear
+    other_catalogs = Catalog.objects.exclude(sites=settings.SITE_ID)
+    assert set(other_catalogs.values_list('id',flat=True)) == {3,4}
+    for catalog in other_catalogs:
+        catalog.sites.clear()

rdmo/projects/tests/test_view_membership_multisite.py

@@ -32,16 +32,11 @@
 sites_domains = ('example.com', 'foo.com', 'bar.com')
 
 
-@pytest.fixture
-def _multisite(settings):
-    settings.MULTISITE = True
-
-
 @pytest.mark.parametrize('username,password', users)
 @pytest.mark.parametrize('project_id', projects)
 @pytest.mark.parametrize('membership_role', membership_roles)
 @pytest.mark.parametrize('site_domain', sites_domains)
-@pytest.mark.usefixtures("_multisite")
+@pytest.mark.usefixtures("enable_multisite")
 def test_get_invite_email_project_path_function(db, client, username, password, project_id,
                                                 membership_role, site_domain):
     client.login(username=username, password=password)
@@ -70,7 +65,7 @@ def test_get_invite_email_project_path_function(db, client, username, password,
 @pytest.mark.parametrize('project_id', projects)
 @pytest.mark.parametrize('membership_role', membership_roles)
 @pytest.mark.parametrize('site_domain', sites_domains)
-@pytest.mark.usefixtures("_multisite")
+@pytest.mark.usefixtures("enable_multisite")
 def test_invite_email_project_path_email_body(db, client, username, password, project_id,
                                               membership_role, site_domain):
     client.login(username=username, password=password)

rdmo/projects/tests/test_viewset_catalog.py

@@ -1,10 +1,7 @@
 import pytest
 
-from django.contrib.sites.models import Site
 from django.urls import reverse
 
-from rdmo.questions.models import Catalog
-
 users = (
     ('owner', 'owner'),
     ('manager', 'manager'),
@@ -16,13 +13,23 @@
     ('anonymous', None),
 )
 
+view_project_catalog_permission_map = {  # id, available
+    'owner': [(1, True)],
+    'manager': [(1, True)],
+    'author': [(1, True)],
+    'guest': [(1, True)],
+    'user': [(1, True)],
+    'editor': [(1, True)],
+    'reviewer': [(1, True)],
+    'api': [(1, True),(2, False)],
+    'site': [(1, True)]
+}
+
 urlnames = {
     'list': 'v1-projects:catalog-list',
-    'user': 'v1-projects:catalog-user'
 }
 
-catalog_id = 1
-
+other_sites_catalogs = [(3, True), (4, True)]
 
 @pytest.mark.parametrize('username,password', users)
 def test_list(db, client, username, password):
@@ -33,13 +40,30 @@ def test_list(db, client, username, password):
 
     if password:
         assert response.status_code == 200
-        assert isinstance(response.json(), list)
-
         data = response.json()
-        site = Site.objects.get_current()
-        catalogs = Catalog.objects.filter(sites=site)
+        assert isinstance(data, list)
+        assert view_project_catalog_permission_map[username] == [(i['id'],i['available']) for i in data]
+    else:
+        assert response.status_code == 401
 
-        assert {c['id'] for c in data} == {c.id for c in catalogs}
-        assert {c['available'] for c in data} == {c.available for c in catalogs}
+
+@pytest.mark.parametrize('username,password', users)
+def test_list_with_cleared_sites(db, client, clear_sites_from_other_catalogs, username, password):
+    client.login(username=username, password=password)
+
+    url = reverse(urlnames['list'])
+    response = client.get(url)
+
+    if password:
+        assert response.status_code == 200
+        data = response.json()
+        assert isinstance(data, list)
+        catalogs = view_project_catalog_permission_map[username] + other_sites_catalogs
+        if any(not available for _id,available in catalogs):  # api sees an available=False catalog
+            catalogs = sorted(
+                catalogs,
+                key=lambda i: (not i[1], i[0]),
+            )
+        assert catalogs == [(i['id'],i['available']) for i in data]
     else:
         assert response.status_code == 401

rdmo/projects/tests/test_viewset_catalog_multisite.py

@@ -0,0 +1,71 @@
+import pytest
+
+from django.urls import reverse
+
+users = (
+    ('owner', 'owner'),
+    ('manager', 'manager'),
+    ('author', 'author'),
+    ('guest', 'guest'),
+    ('api', 'api'),
+    ('user', 'user'),
+    ('site', 'site'),
+    ('anonymous', None),
+    ('foo-user','foo-user'),
+    ('foo-editor', 'foo-editor'),
+    ('bar-user','bar-user'),
+    ('bar-editor', 'bar-editor'),
+)
+
+view_project_catalog_permission_map = {  # id, available
+    'owner': [(1, True)],
+    'manager': [(1, True)],
+    'author': [(1, True)],
+    'guest': [(1, True)],
+    'user': [(1, True)],
+    'editor': [(1, True)],
+    'reviewer': [(1, True)],
+    'api': [(1, True),(2, False)],
+    'site': [(1, True)],
+    'foo-user': [(1, True)],
+    'foo-editor': [(1, True)],
+    'bar-user': [(1, True)],
+    'bar-editor': [(1, True)],
+}
+
+urlnames = {
+    'list': 'v1-projects:catalog-list',
+}
+
+
+@pytest.mark.parametrize('username,password', users)
+def test_list(db, settings, enable_multisite, client, username, password):
+    client.login(username=username, password=password)
+
+    url = reverse(urlnames['list'])
+    response = client.get(url)
+
+    if password:
+        assert response.status_code == 200
+        data = response.json()
+        assert isinstance(data, list)
+        assert view_project_catalog_permission_map[username] == [(i['id'],i['available']) for i in data]
+    else:
+        assert response.status_code == 401
+
+
+@pytest.mark.parametrize('username,password', users)
+def test_list_with_cleared_sites(db, settings, enable_multisite, clear_sites_from_other_catalogs,
+                                 client, username, password):
+    client.login(username=username, password=password)
+
+    url = reverse(urlnames['list'])
+    response = client.get(url)
+
+    if password:
+        assert response.status_code == 200
+        data = response.json()
+        assert isinstance(data, list)
+        assert view_project_catalog_permission_map[username] == [(i['id'],i['available']) for i in data]
+    else:
+        assert response.status_code == 401

rdmo/projects/views/project.py

@@ -60,9 +60,7 @@ def get_context_data(self, **kwargs):
             memberships = memberships.prefetch_related('user__socialaccount_set')
 
         integrations = Integration.objects.filter(project__in=ancestors)
-        context['catalogs'] = Catalog.objects.filter_current_site() \
-                                             .filter_group(self.request.user) \
-                                             .filter_availability(self.request.user)
+        context['catalogs'] = Catalog.objects.filter_for_user(self.request.user)
 
         if settings.PROJECT_TASKS_SYNC:
             # tasks should be synced, the user can not change them

rdmo/projects/views/project_copy.py

@@ -21,10 +21,7 @@ class ProjectCopyView(ObjectPermissionMixin, RedirectViewMixin, UpdateView):
     permission_required = ('projects.add_project', 'projects.view_project_object')
 
     def get_form_kwargs(self):
-        catalogs = Catalog.objects.filter_current_site() \
-                                  .filter_group(self.request.user) \
-                                  .filter_availability(self.request.user) \
-                                  .order_by('-available', 'order')
+        catalogs = Catalog.objects.filter_for_user(self.request.user)
         projects = Project.objects.filter_user(self.request.user)
 
         form_kwargs = super().get_form_kwargs()

rdmo/projects/views/project_create.py

@@ -25,10 +25,7 @@ class ProjectCreateView(ObjectPermissionMixin, LoginRequiredMixin,
     permission_required = 'projects.add_project'
 
     def get_form_kwargs(self):
-        catalogs = Catalog.objects.filter_current_site() \
-                                  .filter_group(self.request.user) \
-                                  .filter_availability(self.request.user) \
-                                  .order_by('-available', 'order')
+        catalogs = Catalog.objects.filter_for_user(self.request.user)
         projects = Project.objects.filter_user(self.request.user)
 
         form_kwargs = super().get_form_kwargs()

rdmo/projects/views/project_update.py

@@ -33,10 +33,7 @@ class ProjectUpdateView(ObjectPermissionMixin, RedirectViewMixin, UpdateView):
     permission_required = 'projects.change_project_object'
 
     def get_form_kwargs(self):
-        catalogs = Catalog.objects.filter_current_site() \
-                                  .filter_group(self.request.user) \
-                                  .filter_availability(self.request.user) \
-                                  .order_by('order')
+        catalogs = Catalog.objects.filter_for_user(self.request.user)
         projects = Project.objects.filter_user(self.request.user)
 
         form_kwargs = super().get_form_kwargs()
@@ -106,10 +103,7 @@ class ProjectUpdateCatalogView(ObjectPermissionMixin, RedirectViewMixin, UpdateV
     permission_required = 'projects.change_project_object'
 
     def get_form_kwargs(self):
-        catalogs = Catalog.objects.filter_current_site() \
-                                  .filter_group(self.request.user) \
-                                  .filter_availability(self.request.user) \
-                                  .order_by('order')
+        catalogs = Catalog.objects.filter_for_user(self.request.user)
 
         form_kwargs = super().get_form_kwargs()
         form_kwargs.update({

rdmo/projects/viewsets.py

@@ -920,6 +920,4 @@ class CatalogViewSet(ListModelMixin, GenericViewSet):
     serializer_class = CatalogSerializer
 
     def get_queryset(self):
-        return Catalog.objects.filter_current_site() \
-                              .filter_group(self.request.user) \
-                              .order_by('-available', 'order')
+        return Catalog.objects.for_projects_view(self.request.user)

rdmo/questions/managers.py

@@ -18,6 +18,34 @@ def filter_catalog(self, catalog):
     def prefetch_elements(self):
         return self.prefetch_related(*self.model.prefetch_lookups)
 
+    def filter_for_user(self, user):
+        return (
+            self
+                .filter_current_site()
+                .filter_group(user)
+                .filter_availability(user)
+                .order_by('-available', 'order')
+        )
+
+    def for_projects_view(self, user):
+        qs = self.filter_current_site().filter_group(user)
+
+        available_ids = (
+            qs
+            .filter_availability(user)
+            .values('pk')
+        )
+
+        return (
+            qs
+            .filter(
+                models.Q(pk__in=available_ids) |
+                models.Q(projects__user=user)
+            )
+            .distinct()
+            .order_by('-available', 'order', 'id')
+        )
+
 
 class CatalogManager(CurrentSiteManagerMixin, GroupsManagerMixin, AvailabilityManagerMixin, models.Manager):
 
@@ -30,6 +58,12 @@ def filter_catalog(self, catalog):
     def prefetch_elements(self):
         return self.get_queryset().prefetch_elements()
 
+    def filter_for_user(self, user):
+        return self.get_queryset().filter_for_user(user)
+
+    def for_projects_view(self, user):
+        return self.get_queryset().for_projects_view(user)
+
 
 class SectionQuerySet(models.QuerySet):