Fix incorrect user_has_any_permission usage

2023-06-19 10:08:30 +01:00 · 2023-06-19 10:08:30 +01:00 · c6f1667e5f
commit c6f1667e5f
--- a/docs/releases/5.1.md
+++ b/docs/releases/5.1.md
@ -103,7 +103,7 @@ permission_policy.instances_user_has_permission_for(user, "publish")
 permission_policy.instances_user_has_permission_for(user, "publish").exists()

 # proxy.can_remove_locks()
-permission_policy.user_has_any_permission(user, "unlock")
+permission_policy.user_has_permission(user, "unlock")
 ```

 The `UserPagePermissionsProxy` object that was previously available in page's `ActionMenuItem` context as `user_page_permissions` has been removed. In cases where the page object is available (e.g. the page edit view), the `PagePermissionTester` object stored as the `user_page_permissions_tester` context variable is still available.
--- a/wagtail/admin/tests/test_reports_views.py
+++ b/wagtail/admin/tests/test_reports_views.py
@ -3,7 +3,7 @@ from io import BytesIO

 from django.conf import settings
 from django.conf.locale import LANG_INFO
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Group, Permission
 from django.contrib.contenttypes.models import ContentType
 from django.test import TestCase
 from django.test.utils import override_settings
@ -12,7 +12,7 @@ from django.utils import timezone, translation
 from openpyxl import load_workbook

 from wagtail.admin.views.mixins import ExcelDateFormatter
-from wagtail.models import ModelLogEntry, Page, PageLogEntry
+from wagtail.models import GroupPagePermission, ModelLogEntry, Page, PageLogEntry
 from wagtail.test.utils import WagtailTestUtils


@ -70,6 +70,41 @@ class TestLockedPagesView(WagtailTestUtils, TestCase):
            response, 'title="This page is locked, by you, to further editing"'
        )

+    def test_get_with_minimal_permissions(self):
+        group = Group.objects.create(name="test group")
+        self.user.is_superuser = False
+        self.user.save()
+        self.user.groups.add(group)
+        self.user.user_permissions.add(
+            Permission.objects.get(
+                content_type__app_label="wagtailadmin", codename="access_admin"
+            )
+        )
+        GroupPagePermission.objects.create(
+            group=group,
+            page=Page.objects.first(),
+            permission_type="unlock",
+        )
+
+        response = self.get()
+
+        self.assertEqual(response.status_code, 200)
+        self.assertTemplateUsed(response, "wagtailadmin/reports/locked_pages.html")
+        self.assertContains(response, "No locked pages found.")
+
+    def test_get_with_no_permissions(self):
+        self.user.is_superuser = False
+        self.user.save()
+        self.user.user_permissions.add(
+            Permission.objects.get(
+                content_type__app_label="wagtailadmin", codename="access_admin"
+            )
+        )
+
+        response = self.get()
+
+        self.assertRedirects(response, reverse("wagtailadmin_home"))
+
    def test_csv_export(self):

        self.page = Page.objects.first()
--- a/wagtail/admin/views/home.py
+++ b/wagtail/admin/views/home.py
@ -224,7 +224,7 @@ class LockedPagesPanel(Component):
                    locked=True,
                    locked_by=request.user,
                ),
-                "can_remove_locks": PagePermissionPolicy().user_has_any_permission(
+                "can_remove_locks": PagePermissionPolicy().user_has_permission(
                    request.user, "unlock"
                ),
                "request": request,
--- a/wagtail/admin/views/reports/locked_pages.py
+++ b/wagtail/admin/views/reports/locked_pages.py
@ -63,6 +63,6 @@ class LockedPagesView(PageReportView):
        return super().get_queryset()

    def dispatch(self, request, *args, **kwargs):
-        if not PagePermissionPolicy().user_has_any_permission(request.user, "unlock"):
+        if not PagePermissionPolicy().user_has_permission(request.user, "unlock"):
            raise PermissionDenied
        return super().dispatch(request, *args, **kwargs)
--- a/wagtail/admin/wagtail_hooks.py
+++ b/wagtail/admin/wagtail_hooks.py
@ -908,7 +908,7 @@ def register_core_features(features):

 class LockedPagesMenuItem(MenuItem):
    def is_shown(self, request):
-        return PagePermissionPolicy().user_has_any_permission(request.user, "unlock")
+        return PagePermissionPolicy().user_has_permission(request.user, "unlock")


 class WorkflowReportMenuItem(MenuItem):
--- a/wagtail/models/init.py
+++ b/wagtail/models/init.py
@ -2980,7 +2980,7 @@ class UserPagePermissionsProxy:

    def can_remove_locks(self):
        """Returns True if the user has permission to unlock pages they have not locked"""
-        return self.permission_policy.user_has_any_permission(self.user, "unlock")
+        return self.permission_policy.user_has_permission(self.user, "unlock")


 class PagePermissionTester: