Make 'APPROVED' new default for write and attachment access

docker-compose.override.yml.skeleton

@@ -26,8 +26,8 @@ services:
       - SITE_DESCRIPTION=Otter Wiki Development
       # Permissions allow everything (for development)
       - READ_ACCESS=ANONYMOUS
-      - WRITE_ACCESS=ANONYMOUS
-      - ATTACHMENT_ACCESS=ANONYMOUS
+      - WRITE_ACCESS=APPROVED
+      - ATTACHMENT_ACCESS=APPROVED
       - AUTO_APPROVAL=True
       - NOTIFY_ADMINS_ON_REGISTER=False
       - EMAIL_NEEDS_CONFIRMATION=False

otterwiki/server.py

@@ -37,8 +37,8 @@
     AUTH_HEADERS_EMAIL="x-otterwiki-email",
     AUTH_HEADERS_PERMISSIONS="x-otterwiki-permissions",
     READ_ACCESS="ANONYMOUS",
-    WRITE_ACCESS="ANONYMOUS",
-    ATTACHMENT_ACCESS="ANONYMOUS",
+    WRITE_ACCESS="APPROVED",
+    ATTACHMENT_ACCESS="APPROVED",
     AUTO_APPROVAL=True,
     DISABLE_REGISTRATION=False,
     EMAIL_NEEDS_CONFIRMATION=True,

settings.cfg.skeleton

@@ -14,8 +14,8 @@ REPOSITORY        = '/path/to/the/repository/root'
 # 'ANONYMOUS' or 'REGISTERED' or 'APPROVED'
 
 READ_ACCESS       = 'ANONYMOUS'
-WRITE_ACCESS      = 'REGISTERED'
-ATTACHMENT_ACCESS = 'REGISTERED'
+WRITE_ACCESS      = 'APPROVED'
+ATTACHMENT_ACCESS = 'APPROVED'
 AUTO_APPROVAL     = True
 EMAIL_NEEDS_CONFIRMATION = True
 # NOTIFY_ADMINS_ON_REGISTER = True
@@ -47,4 +47,3 @@ SQLALCHEMY_DATABASE_URI = ''
 # MAIL_PORT = 1025
 # MAIL_USERNAME = None
 # MAIL_PASSWORD = None
-

tests/conftest.py

@@ -74,8 +74,24 @@ def create_app(tmpdir):
 
 
 @pytest.fixture
-def test_client(create_app):
-    client = create_app.test_client()
+def test_client(app_with_user):
+    client = app_with_user.test_client()
+    result = client.post(
+        "/-/login",
+        data={
+            "email": "another@user.org",
+            "password": "password4567",
+        },
+        follow_redirects=True,
+    )
+    html = result.data.decode()
+    assert "You logged in successfully." in html
+    return client
+
+
+@pytest.fixture
+def anonymous_client(app_with_user):
+    client = app_with_user.test_client()
     return client
 
 
@@ -85,6 +101,17 @@ def req_ctx(create_app):
         yield ctx
 
 
+@pytest.fixture
+def anonymous_write_access(create_app):
+    """Temporarily set WRITE_ACCESS to ANONYMOUS for tests that don't
+    use authenticated users (e.g. rendering/preview unit tests).
+    Automatically restores the original value after the test."""
+    original = create_app.config["WRITE_ACCESS"]
+    create_app.config["WRITE_ACCESS"] = "ANONYMOUS"
+    yield
+    create_app.config["WRITE_ACCESS"] = original
+
+
 @pytest.fixture
 def app_with_user(create_app, req_ctx):
     from otterwiki.auth import SimpleAuth, generate_password_hash, db

tests/test_attachments.py

@@ -7,46 +7,56 @@
 
 
 @pytest.fixture
-def app_with_attachments(create_app):
+def app_with_attachments(app_with_user):
     # create test page
     message = "Test.md commit"
     filename = "test.md"
     author = ("Example Author", "mail@example.com")
     # create attachment
-    create_app.storage.store(
+    app_with_user.storage.store(
         filename,
         content="# Test\nAttachment Test.",
         author=author,
         message=message,
     )
-    assert True == create_app.storage.exists(filename)
+    assert True == app_with_user.storage.exists(filename)
     # create txt attachment
     message = "Test/attachment0.txt attach0-commit"
-    create_app.storage.store(
+    app_with_user.storage.store(
         "test/attachment0.txt",
         content="attachment0-content0",
         author=author,
         message=message,
     )
-    assert True == create_app.storage.exists("test/attachment0.txt")
+    assert True == app_with_user.storage.exists("test/attachment0.txt")
     # create gif attachment
     message = "Test/attachment1.gif attach1-commit"
     content_b64 = "R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7"
-    create_app.storage.store(
+    app_with_user.storage.store(
         "test/attachment1.gif",
         content=base64.b64decode(content_b64),
         author=author,
         message=message,
         mode="wb",
     )
-    assert True == create_app.storage.exists("test/attachment1.gif")
-    yield create_app
+    assert True == app_with_user.storage.exists("test/attachment1.gif")
+    yield app_with_user
 
 
 @pytest.fixture
 def test_client(app_with_attachments):
     client = app_with_attachments.test_client()
     client._app = app_with_attachments
+    # Log in as approved user for write/attachment access
+    result = client.post(
+        "/-/login",
+        data={
+            "email": "another@user.org",
+            "password": "password4567",
+        },
+        follow_redirects=True,
+    )
+    assert "You logged in successfully." in result.data.decode()
     yield client