From 40e5536300e3947688948d471391ba008c50f30c Mon Sep 17 00:00:00 2001 From: Oliver <oliver.henry.walters@gmail.com> Date: Mon, 11 Oct 2021 21:39:34 +1100 Subject: [PATCH 1/2] Handle rare case where user instance has no name assigned --- InvenTree/users/models.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/InvenTree/users/models.py b/InvenTree/users/models.py index 8a417a050d..73a7561153 100644 --- a/InvenTree/users/models.py +++ b/InvenTree/users/models.py @@ -216,7 +216,10 @@ class RuleSet(models.Model): return True # Print message instead of throwing an error - logger.info(f"User '{user.name}' failed permission check for {table}.{permission}") + name = getattr(user, 'name', user.pk) + + logger.info(f"User '{name}' failed permission check for {table}.{permission}") + return False @staticmethod From 75bfdd615e0e76927943ecf53cc973f1d9d35a23 Mon Sep 17 00:00:00 2001 From: Oliver <oliver.henry.walters@gmail.com> Date: Tue, 12 Oct 2021 11:38:25 +1100 Subject: [PATCH 2/2] Fixes for unit tests --- InvenTree/InvenTree/metadata.py | 5 ++++- InvenTree/InvenTree/test_api.py | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/InvenTree/InvenTree/metadata.py b/InvenTree/InvenTree/metadata.py index 613983fe94..e7f78554f9 100644 --- a/InvenTree/InvenTree/metadata.py +++ b/InvenTree/InvenTree/metadata.py @@ -72,7 +72,10 @@ class InvenTreeMetadata(SimpleMetadata): # Remove any HTTP methods that the user does not have permission for for method, permission in rolemap.items(): - if method in actions and not check(user, table, permission): + + result = check(user, table, permission) + + if method in actions and not result: del actions[method] # Add a 'DELETE' action if we are allowed to delete diff --git a/InvenTree/InvenTree/test_api.py b/InvenTree/InvenTree/test_api.py index 791f98025b..dfe94c034e 100644 --- a/InvenTree/InvenTree/test_api.py +++ b/InvenTree/InvenTree/test_api.py @@ -296,9 +296,9 @@ class APITests(InvenTreeAPITestCase): actions = self.getActions(url) - # 'add' permission does not apply here! - self.assertEqual(len(actions), 1) + self.assertEqual(len(actions), 2) self.assertIn('PUT', actions.keys()) + self.assertIn('GET', actions.keys()) # Add some other permissions self.assignRole('part.change')