search

harvard-lil / h2o

H2O is a web app for creating and reading open educational resources, primarily in the legal field
https://opencasebook.org
GNU Affero General Public License v3.0
36 stars 30 forks source link

Remove role-based access to "legacy" source field #1936

Closed lizadaly closed 1 year ago

lizadaly commented 1 year ago

This method causes the source values returned to be different for admin users from regular users. I found this confusing as I tried to down a JS error in the resource-add modal, when in fact it was only appearing for me as an admin user.

Simply removing the is_superuser check from this function unfortunately causes an unrelated, broadly-scoped doctest to fail unexpectedly:

___________________________________________________ [doctest] main.models.cleanse_html_field ____________________________________________________
[gw0] linux -- Python 3.9.9 /usr/local/bin/python
214     >>> assert node.headnote == same_after_sanitizing
215     >>> caplog.clear()
216 
217     Optionally, sanitize the field to remove potentially dangerous HTML before cleaning up whitespace:
218     >>> node.headnote = same_after_cleansing
219     >>> caplog.clear()
220     >>> with caplog.at_level(logging.DEBUG):
221     ...     cleanse_html_field(node, 'headnote', True)
222     >>> assert len(caplog.record_tuples) == 3
223     >>> assert caplog.record_tuples[0][2] == 'Normalizing newlines in class cl headnote'
UNEXPECTED EXCEPTION: AssertionError()
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/doctest.py", line 1334, in __run
    exec(compile(example.source, filename, "single",
  File "<doctest main.models.cleanse_html_field[19]>", line 1, in <module>
AssertionError
/app/web/main/models.py:223: UnexpectedException

The legacy source support for admin users can probably be removed at this point, and this test should probably be rewritten to only make assertions about the feature it's meant to test.