arthexis 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl

core/tests.py

@@ -17,9 +17,11 @@ import subprocess
 from glob import glob
 from datetime import timedelta
 import tempfile
+from urllib.parse import quote
 
 from django.utils import timezone
 from django.contrib.auth.models import Permission
+from django.contrib.messages import get_messages
 from .models import (
     User,
     UserPhoneNumber,
@@ -51,6 +53,7 @@ from django.core.management import call_command
 from django.db import IntegrityError
 from .backends import LocalhostAdminBackend
 from core.views import _step_check_version, _step_promote_build, _step_publish
+from core import views as core_views
 from core import public_wifi
 
 
@@ -901,6 +904,139 @@ class ReleaseProcessTests(TestCase):
             self.assertEqual(count_file.read_text(), "1")
 
 
+class ReleaseProgressSyncTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(self.user)
+        self.package = Package.objects.get(name="arthexis")
+        self.version_path = Path("VERSION")
+        self.original_version = self.version_path.read_text(encoding="utf-8")
+        self.version_path.write_text("1.2.3", encoding="utf-8")
+
+    def tearDown(self):
+        self.version_path.write_text(self.original_version, encoding="utf-8")
+
+    @mock.patch("core.views.PackageRelease.dump_fixture")
+    @mock.patch("core.views.revision.get_revision", return_value="abc123")
+    def test_unpublished_release_syncs_version_and_revision(
+        self, get_revision, dump_fixture
+    ):
+        release = PackageRelease.objects.create(
+            package=self.package,
+            version="1.0.0",
+        )
+        release.revision = "oldrev"
+        release.save(update_fields=["revision"])
+
+        url = reverse("release-progress", args=[release.pk, "publish"])
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 200)
+        release.refresh_from_db()
+        self.assertEqual(release.version, "1.2.4")
+        self.assertEqual(release.revision, "abc123")
+        dump_fixture.assert_called_once()
+
+    def test_published_release_not_current_returns_404(self):
+        release = PackageRelease.objects.create(
+            package=self.package,
+            version="1.2.4",
+            pypi_url="https://example.com",
+        )
+
+        url = reverse("release-progress", args=[release.pk, "publish"])
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 404)
+
+
+class ReleaseProgressFixtureVisibilityTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = User.objects.create_superuser(
+            "fixture-check", "fixture@example.com", "pw"
+        )
+        self.client.force_login(self.user)
+        current_version = Path("VERSION").read_text(encoding="utf-8").strip()
+        package = Package.objects.filter(is_active=True).first()
+        if package is None:
+            package = Package.objects.create(name="fixturepkg", is_active=True)
+        try:
+            self.release = PackageRelease.objects.get(
+                package=package, version=current_version
+            )
+        except PackageRelease.DoesNotExist:
+            self.release = PackageRelease.objects.create(
+                package=package, version=current_version
+            )
+        self.session_key = f"release_publish_{self.release.pk}"
+        self.log_name = f"{self.release.package.name}-{self.release.version}.log"
+        self.lock_path = Path("locks") / f"{self.session_key}.json"
+        self.restart_path = Path("locks") / f"{self.session_key}.restarts"
+        self.log_path = Path("logs") / self.log_name
+        for path in (self.lock_path, self.restart_path, self.log_path):
+            if path.exists():
+                path.unlink()
+        try:
+            self.fixture_step_index = next(
+                idx
+                for idx, (name, _) in enumerate(core_views.PUBLISH_STEPS)
+                if name == core_views.FIXTURE_REVIEW_STEP_NAME
+            )
+        except StopIteration:  # pragma: no cover - defensive guard
+            self.fail("Fixture review step not configured in publish steps")
+        self.url = reverse("release-progress", args=[self.release.pk, "publish"])
+
+    def tearDown(self):
+        session = self.client.session
+        if self.session_key in session:
+            session.pop(self.session_key)
+            session.save()
+        for path in (self.lock_path, self.restart_path, self.log_path):
+            if path.exists():
+                path.unlink()
+        super().tearDown()
+
+    def _set_session(self, step: int, fixtures: list[dict]):
+        session = self.client.session
+        session[self.session_key] = {
+            "step": step,
+            "fixtures": fixtures,
+            "log": self.log_name,
+            "started": True,
+        }
+        session.save()
+
+    def test_fixture_summary_visible_until_migration_step(self):
+        fixtures = [
+            {
+                "path": "core/fixtures/example.json",
+                "count": 2,
+                "models": ["core.Model"],
+            }
+        ]
+        self._set_session(self.fixture_step_index, fixtures)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context["fixtures"], fixtures)
+        self.assertContains(response, "Fixture changes")
+
+    def test_fixture_summary_hidden_after_migration_step(self):
+        fixtures = [
+            {
+                "path": "core/fixtures/example.json",
+                "count": 2,
+                "models": ["core.Model"],
+            }
+        ]
+        self._set_session(self.fixture_step_index + 1, fixtures)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        self.assertIsNone(response.context["fixtures"])
+        self.assertNotContains(response, "Fixture changes")
+
+
 class PackageReleaseAdminActionTests(TestCase):
     def setUp(self):
         self.factory = RequestFactory()
@@ -982,6 +1118,40 @@ class PackageReleaseCurrentTests(TestCase):
         self.assertFalse(self.release.is_current)
 
 
+class PackageReleaseChangelistTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_prepare_next_release_button_present(self):
+        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
+        prepare_url = reverse(
+            "admin:core_packagerelease_actions", args=["prepare_next_release"]
+        )
+        self.assertContains(response, prepare_url, html=False)
+
+    def test_refresh_from_pypi_button_present(self):
+        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
+        refresh_url = reverse(
+            "admin:core_packagerelease_actions", args=["refresh_from_pypi"]
+        )
+        self.assertContains(response, refresh_url, html=False)
+
+    def test_prepare_next_release_action_creates_release(self):
+        package = Package.objects.get(name="arthexis")
+        PackageRelease.all_objects.filter(package=package).delete()
+        response = self.client.post(
+            reverse(
+                "admin:core_packagerelease_actions", args=["prepare_next_release"]
+            )
+        )
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(
+            PackageRelease.all_objects.filter(package=package).exists()
+        )
+
+
 class PackageAdminPrepareNextReleaseTests(TestCase):
     def setUp(self):
         self.factory = RequestFactory()
@@ -1000,24 +1170,18 @@ class PackageAdminPrepareNextReleaseTests(TestCase):
         )
 
 
-class PackageReleaseChangelistTests(TestCase):
+class PackageAdminChangeViewTests(TestCase):
     def setUp(self):
         self.client = Client()
         User.objects.create_superuser("admin", "admin@example.com", "pw")
         self.client.force_login(User.objects.get(username="admin"))
+        self.package = Package.objects.get(name="arthexis")
 
-    def test_prepare_next_release_button_present(self):
-        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
-        self.assertContains(
-            response, reverse("admin:core_package_prepare_next_release"), html=False
+    def test_prepare_next_release_button_visible_on_change_view(self):
+        response = self.client.get(
+            reverse("admin:core_package_change", args=[self.package.pk])
         )
-
-    def test_refresh_from_pypi_button_present(self):
-        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
-        refresh_url = reverse(
-            "admin:core_packagerelease_actions", args=["refresh_from_pypi"]
-        )
-        self.assertContains(response, refresh_url, html=False)
+        self.assertContains(response, "Prepare next Release")
 
 
 class TodoDoneTests(TestCase):
@@ -1034,6 +1198,118 @@ class TodoDoneTests(TestCase):
         self.assertIsNotNone(todo.done_on)
         self.assertFalse(todo.is_deleted)
 
+    def test_mark_done_condition_failure_shows_message(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="1 = 0",
+        )
+        resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        messages = [m.message for m in get_messages(resp.wsgi_request)]
+        self.assertTrue(messages)
+        self.assertIn("1 = 0", messages[0])
+        todo.refresh_from_db()
+        self.assertIsNone(todo.done_on)
+
+    def test_mark_done_condition_invalid_expression(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="1; SELECT 1",
+        )
+        resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        messages = [m.message for m in get_messages(resp.wsgi_request)]
+        self.assertTrue(messages)
+        self.assertIn("Semicolons", messages[0])
+        todo.refresh_from_db()
+        self.assertIsNone(todo.done_on)
+
+    def test_mark_done_condition_resolves_sigils(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="[TEST]",
+        )
+        with mock.patch.object(Todo, "resolve_sigils", return_value="1 = 1") as resolver:
+            resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        resolver.assert_called_once_with("on_done_condition")
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+    def test_mark_done_respects_next_parameter(self):
+        todo = Todo.objects.create(request="Task")
+        next_url = reverse("admin:index") + "?section=todos"
+        resp = self.client.post(
+            reverse("todo-done", args=[todo.pk]),
+            {"next": next_url},
+        )
+        self.assertRedirects(resp, next_url, target_status_code=200)
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+    def test_mark_done_rejects_external_next(self):
+        todo = Todo.objects.create(request="Task")
+        resp = self.client.post(
+            reverse("todo-done", args=[todo.pk]),
+            {"next": "https://example.com/"},
+        )
+        self.assertRedirects(resp, reverse("admin:index"))
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+
+class TodoFocusViewTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_focus_view_renders_requested_page(self):
+        todo = Todo.objects.create(request="Task", url="/docs/")
+        next_url = reverse("admin:index")
+        resp = self.client.get(
+            f"{reverse('todo-focus', args=[todo.pk])}?next={quote(next_url)}"
+        )
+        self.assertEqual(resp.status_code, 200)
+        self.assertContains(resp, todo.request)
+        self.assertEqual(resp["X-Frame-Options"], "SAMEORIGIN")
+        self.assertContains(resp, f'src="{todo.url}"')
+        self.assertContains(resp, "Done")
+        self.assertContains(resp, "Back")
+
+    def test_focus_view_uses_admin_change_when_no_url(self):
+        todo = Todo.objects.create(request="Task")
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        change_url = reverse("admin:core_todo_change", args=[todo.pk])
+        self.assertContains(resp, f'src="{change_url}"')
+
+    def test_focus_view_sanitizes_loopback_absolute_url(self):
+        todo = Todo.objects.create(
+            request="Task",
+            url="http://127.0.0.1:8000/docs/?section=chart",
+        )
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        self.assertContains(resp, 'src="/docs/?section=chart"')
+
+    def test_focus_view_rejects_external_absolute_url(self):
+        todo = Todo.objects.create(
+            request="Task",
+            url="https://outside.invalid/external/",
+        )
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        change_url = reverse("admin:core_todo_change", args=[todo.pk])
+        self.assertContains(resp, f'src="{change_url}"')
+
+    def test_focus_view_redirects_if_todo_completed(self):
+        todo = Todo.objects.create(request="Task")
+        todo.done_on = timezone.now()
+        todo.save(update_fields=["done_on"])
+        next_url = reverse("admin:index")
+        resp = self.client.get(
+            f"{reverse('todo-focus', args=[todo.pk])}?next={quote(next_url)}"
+        )
+        self.assertRedirects(resp, next_url, target_status_code=200)
+
 
 class TodoUrlValidationTests(TestCase):
     def test_relative_url_valid(self):

core/user_data.py

@@ -16,6 +16,7 @@ from django.dispatch import receiver
 from django.http import HttpResponse, HttpResponseRedirect
 from django.template.response import TemplateResponse
 from django.urls import path, reverse
+from django.utils.functional import LazyObject
 from django.utils.translation import gettext as _
 
 from .entity import Entity
@@ -39,7 +40,14 @@ def _username_for(user) -> str:
 
 
 def _user_allows_user_data(user) -> bool:
-    return bool(user) and not getattr(user, "is_profile_restricted", False)
+    if not user:
+        return False
+    username = _username_for(user)
+    UserModel = get_user_model()
+    system_username = getattr(UserModel, "SYSTEM_USERNAME", "")
+    if system_username and username == system_username:
+        return True
+    return not getattr(user, "is_profile_restricted", False)
 
 
 def _data_dir(user) -> Path:
@@ -93,18 +101,68 @@ def _seed_fixture_path(instance) -> Path | None:
     return None
 
 
+def _coerce_user(candidate, user_model):
+    if candidate is None:
+        return None
+    if isinstance(candidate, user_model):
+        return candidate
+    if isinstance(candidate, LazyObject):
+        try:
+            candidate._setup()
+        except Exception:
+            return None
+        return _coerce_user(candidate._wrapped, user_model)
+    return None
+
+
+def _select_fixture_user(candidate, user_model):
+    user = _coerce_user(candidate, user_model)
+    visited: set[int] = set()
+    while user is not None:
+        identifier = user.pk or id(user)
+        if identifier in visited:
+            break
+        visited.add(identifier)
+        username = _username_for(user)
+        admin_username = getattr(user_model, "ADMIN_USERNAME", "")
+        if admin_username and username == admin_username:
+            try:
+                delegate = getattr(user, "operate_as", None)
+            except user_model.DoesNotExist:
+                delegate = None
+            else:
+                delegate = _coerce_user(delegate, user_model)
+            if delegate is not None and delegate is not user:
+                user = delegate
+                continue
+        if _user_allows_user_data(user):
+            return user
+        try:
+            delegate = getattr(user, "operate_as", None)
+        except user_model.DoesNotExist:
+            delegate = None
+        user = _coerce_user(delegate, user_model)
+    return None
+
+
 def _resolve_fixture_user(instance, fallback=None):
     UserModel = get_user_model()
     owner = getattr(instance, "user", None)
-    if isinstance(owner, UserModel):
-        return owner
+    selected = _select_fixture_user(owner, UserModel)
+    if selected is not None:
+        return selected
     if hasattr(instance, "owner"):
         try:
             owner_value = instance.owner
         except Exception:
             owner_value = None
-        if isinstance(owner_value, UserModel):
-            return owner_value
+        else:
+            selected = _select_fixture_user(owner_value, UserModel)
+            if selected is not None:
+                return selected
+    selected = _select_fixture_user(fallback, UserModel)
+    if selected is not None:
+        return selected
     return fallback
 
 
@@ -230,6 +288,30 @@ def _is_user_fixture(path: Path) -> bool:
     return len(parts) >= 2 and parts[1].lower() == "user"
 
 
+def _get_request_ip(request) -> str:
+    """Return the best-effort client IP for ``request``."""
+
+    if request is None:
+        return ""
+
+    meta = getattr(request, "META", None)
+    if not getattr(meta, "get", None):
+        return ""
+
+    forwarded = meta.get("HTTP_X_FORWARDED_FOR")
+    if forwarded:
+        for value in str(forwarded).split(","):
+            candidate = value.strip()
+            if candidate:
+                return candidate
+
+    remote = meta.get("REMOTE_ADDR")
+    if remote:
+        return str(remote).strip()
+
+    return ""
+
+
 _shared_fixtures_loaded = False
 
 
@@ -260,6 +342,18 @@ def load_user_fixtures(user, *, include_shared: bool = False) -> None:
 def _on_login(sender, request, user, **kwargs):
     load_user_fixtures(user, include_shared=not _shared_fixtures_loaded)
 
+    if not (
+        getattr(user, "is_staff", False) or getattr(user, "is_superuser", False)
+    ):
+        return
+
+    username = _username_for(user) or "unknown"
+    ip_address = _get_request_ip(request) or "unknown"
+
+    from nodes.models import NetMessage
+
+    NetMessage.broadcast(subject=f"login {username}", body=f"@ {ip_address}")
+
 
 @receiver(post_save, sender=settings.AUTH_USER_MODEL)
 def _on_user_created(sender, instance, created, **kwargs):
@@ -274,9 +368,7 @@ class UserDatumAdminMixin(admin.ModelAdmin):
     def render_change_form(
         self, request, context, add=False, change=False, form_url="", obj=None
     ):
-        context["show_user_datum"] = issubclass(
-            self.model, Entity
-        ) and _user_allows_user_data(request.user)
+        context["show_user_datum"] = issubclass(self.model, Entity)
         context["show_seed_datum"] = issubclass(self.model, Entity)
         context["show_save_as_copy"] = issubclass(self.model, Entity) or hasattr(
             self.model, "clone"
@@ -317,6 +409,9 @@ class EntityModelAdmin(UserDatumAdminMixin, admin.ModelAdmin):
                 )
         if copied:
             return
+        if getattr(self, "_skip_entity_user_datum", False):
+            return
+
         target_user = _resolve_fixture_user(obj, request.user)
         allow_user_data = _user_allows_user_data(target_user)
         if request.POST.get("_user_datum") == "on":