fix bug introduced into CVS export and view (issue 2550529)

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4204 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index a13973637d7c8ec979bf40c63de6bf1445d85098..0072ce3e7bd379f8ff18b6c678398377f71682bd 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,6 +1,12 @@
 This file contains the changes to the Roundup system over time. The entries
 are given with the most recent entry first.
 
+2009-03-?? 1.4.8
+
+Fixes:
+- bug introduced into CVS export and view
+
+
 2009-03-13 1.4.7 (r4202)
 
 Features:

diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index fc2d5c7d236cc26fcf8c94f47a974d4d89e9bade..425dec2d41b6ff992a91a179b8a1f909abb73116 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -1041,7 +1041,7 @@ class ExportCSVAction(Action):
             row = []
             for name in columns:
                 # check permission to view this property on this item
-                if exists and not self.hasPermission('View', itemid=itemid,
+                if not self.hasPermission('View', itemid=itemid,
                         classname=request.classname, property=name):
                     raise exceptions.Unauthorised, self._(
                         'You do not have permission to view %(class)s'

diff --git a/roundup/cgi/templating.py b/roundup/cgi/templating.py
index 9cccd2d73a91d0c3daf3b24d32239326135bd0dd..17912c6d9f5783586c6c3124d55669b821e8b906 100644 (file)
--- a/roundup/cgi/templating.py
+++ b/roundup/cgi/templating.py
@@ -624,7 +624,6 @@ class HTMLClass(HTMLInputMixin, HTMLPermissions):
                         classname=self._klass.classname, property=name):
                     raise Unauthorised('view', self._klass.classname,
                         translator=self._client.translator)
-                row.append(str(klass.get(itemid, name)))
                 value = self._klass.get(nodeid, name)
                 if value is None:
                     l.append('')

diff --git a/share/roundup/templates/classic/html/user.index.html b/share/roundup/templates/classic/html/user.index.html
index cdee70cc59914b8b44bc2bf15f0afa0b9a15dd6d..1a72a5134bba04c960ba3ee7c2ec566ef7bbbbac 100644 (file)
--- a/share/roundup/templates/classic/html/user.index.html
+++ b/share/roundup/templates/classic/html/user.index.html
@@ -34,7 +34,7 @@
  <td tal:content="python:user.address.email() or default">&nbsp;</td>
  <td tal:content="python:user.phone.plain() or default">&nbsp;</td>
  <td tal:condition="context/is_retire_ok">
-    <form style="padding:0"
+    <form style="padding:0" method="POST"
           tal:attributes="action string:user${user/id}">
      <input type="hidden" name="@template" value="index">
      <input type="hidden" name="@action" value="retire">

diff --git a/test/test_cgi.py b/test/test_cgi.py
index f09bace2da5e87c566051196b7243a36b05d8aae..cfccae85c30a886df93dcf4a0ab5070e31a231f8 100644 (file)
--- a/test/test_cgi.py
+++ b/test/test_cgi.py
@@ -10,7 +10,7 @@
 #
 # $Id: test_cgi.py,v 1.36 2008-08-07 06:12:57 richard Exp $
 
-import unittest, os, shutil, errno, sys, difflib, cgi, re
+import unittest, os, shutil, errno, sys, difflib, cgi, re, StringIO
 
 from roundup.cgi import client, actions, exceptions
 from roundup.cgi.exceptions import FormError
@@ -18,6 +18,8 @@ from roundup.cgi.templating import HTMLItem
 from roundup.cgi.form_parser import FormParser
 from roundup import init, instance, password, hyperdb, date
 
+from mocknull import MockNull
+
 import db_test_base
 
 NEEDS_INSTANCE = 1
@@ -614,13 +616,13 @@ class FormTestCase(unittest.TestCase):
     # SECURITY
     #
     # XXX test all default permissions
-    def _make_client(self, form, classname='user', nodeid='2', userid='2'):
+    def _make_client(self, form, classname='user', nodeid='1', userid='2'):
         cl = client.Client(self.instance, None, {'PATH_INFO':'/',
             'REQUEST_METHOD':'POST'}, makeForm(form))
         cl.classname = 'user'
-        cl.nodeid = '1'
+        cl.nodeid = nodeid
         cl.db = self.db
-        cl.userid = '2'
+        cl.userid = userid
         cl.language = ('en',)
         return cl
 
@@ -646,6 +648,33 @@ class FormTestCase(unittest.TestCase):
         self.failUnlessRaises(exceptions.Unauthorised,
             actions.EditItemAction(cl).handle)
 
+    def testCSVExport(self):
+        cl = self._make_client({'@columns': 'id,name'}, nodeid=None,
+            userid='1')
+        cl.classname = 'status'
+        output = StringIO.StringIO()
+        cl.request = MockNull()
+        cl.request.wfile = output
+        actions.ExportCSVAction(cl).handle()
+        self.assertEquals('id,name\r\n1,unread\r\n2,deferred\r\n3,chatting\r\n'
+            '4,need-eg\r\n5,in-progress\r\n6,testing\r\n7,done-cbb\r\n'
+            '8,resolved\r\n',
+            output.getvalue())
+
+    def testCSVExportFailPermission(self):
+        cl = self._make_client({'@columns': 'id,email,password'}, nodeid=None,
+            userid='2')
+        cl.classname = 'user'
+        output = StringIO.StringIO()
+        cl.request = MockNull()
+        cl.request.wfile = output
+        self.assertRaises(exceptions.Unauthorised,
+            actions.ExportCSVAction(cl).handle)
+
+
+def test_suite():
+    suite = unittest.TestSuite()
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(FormTestCase))