Unvollständige Vorgaben nur noch für Admins

2025-11-04 13:25:27 +01:00
parent faae37e6ae
commit da1deac44e
3 changed files with 43 additions and 0 deletions
--- a/dokumente/tests.py
+++ b/dokumente/tests.py
@@ -1,6 +1,7 @@
 from django.test import TestCase, Client
 from django.urls import reverse
 from django.core.management import call_command
+from django.contrib.auth.models import User
 from datetime import date, timedelta
 from io import StringIO
 from .models import (
@@ -825,6 +826,15 @@ class IncompleteVorgabenTest(TestCase):
    def setUp(self):
        self.client = Client()
        
+        # Create and login a staff user
+        self.staff_user = User.objects.create_user(
+            username='teststaff',
+            password='testpass123'
+        )
+        self.staff_user.is_staff = True
+        self.staff_user.save()
+        self.client.login(username='teststaff', password='testpass123')
+        
        # Create test data
        self.dokumententyp = Dokumententyp.objects.create(
            name="Test Typ",
@@ -1092,3 +1102,28 @@ class IncompleteVorgabenTest(TestCase):
        response = self.client.get(reverse('incomplete_vorgaben'))
        # Should NOT appear in "no text" list because it has both text types
        self.assertNotContains(response, 'Vorgabe mit beiden Texten')
+    
+    def test_incomplete_vorgaben_staff_only(self):
+        """Test that non-staff users are redirected to login"""
+        # Logout the staff user
+        self.client.logout()
+        
+        # Try to access the page as anonymous user
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 302)  # Redirect to login
+        
+        # Create a regular (non-staff) user
+        regular_user = User.objects.create_user(
+            username='regularuser',
+            password='testpass123'
+        )
+        self.client.login(username='regularuser', password='testpass123')
+        
+        # Try to access the page as regular user
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 302)  # Redirect to login
+        
+        # Login as staff user again - should work
+        self.client.login(username='teststaff', password='testpass123')
+        response = self.client.get(reverse('incomplete_vorgaben'))
+        self.assertEqual(response.status_code, 200)  # Success
--- a/dokumente/views.py
+++ b/dokumente/views.py
@@ -1,4 +1,5 @@
 from django.shortcuts import render, get_object_or_404
+from django.contrib.auth.decorators import login_required, user_passes_test
 from .models import Dokument, Vorgabe, VorgabeKurztext, VorgabeLangtext, Checklistenfrage
 from abschnitte.utils import render_textabschnitte

@@ -56,6 +57,11 @@ def standard_checkliste(request, nummer):
    })


+def is_staff_user(user):
+    return user.is_staff
+
+@login_required
+@user_passes_test(is_staff_user)
 def incomplete_vorgaben(request):
    """
    Show lists of incomplete Vorgaben:
--- a/pages/templates/base.html
+++ b/pages/templates/base.html
@@ -17,7 +17,9 @@
  <div class="collapse navbar-collapse" id="navbarNavAltMarkup">
    <div class="navbar-nav">
      <a class="nav-item nav-link active" href="/dokumente">Standards</a>
+      {% if user.is_staff %}
      <a class="nav-item nav-link" href="/dokumente/unvollstaendig/">Unvollständig</a>
+      {% endif %}
      <a class="nav-item nav-link" href="/referenzen">Referenzen</a>
      <a class="nav-item nav-link" href="/stichworte">Stichworte</a>
      <a class="nav-item nav-link" href="/search">Suche</a>