Added a new cgi action restore. The opposite of (and a clone of) the existing retire action.

Author: rouilj

CHANGES.txt

@@ -120,7 +120,11 @@ Features:
   keeping all the quoted parts.  If leave_body_unchanged is set to
   new, even the signature on the email that starts a new issue will be
   preserved.
-  
+- New cgi action restore (RestoreAction) which reverses the effects of
+  the retire action. Created while implementing fix for
+  issue2550831. Requires restore permission in the schema. See
+  upgrading.txt for migrating to 1.6.0 for details. (John Rouillard)
+
 Fixed:
 
 - issue1615201: Optionally restore the original (version 0.6) mailgw 

roundup/cgi/actions.py

@@ -9,7 +9,8 @@
 from roundup.exceptions import Reject, RejectRaw
 from roundup.anypy import urllib_
 
-__all__ = ['Action', 'ShowAction', 'RetireAction', 'SearchAction',
+# Also add action to client.py::Client.actions property
+__all__ = ['Action', 'ShowAction', 'RetireAction', 'RestoreAction', 'SearchAction',
            'EditCSVAction', 'EditItemAction', 'PassResetAction',
            'ConfRegoAction', 'RegisterAction', 'LoginAction', 'LogoutAction',
            'NewItemAction', 'ExportCSVAction']
@@ -137,6 +138,38 @@ def handle(self):
                 'classname': self.classname.capitalize(), 'itemid': itemid})
 
 
+class RestoreAction(Action):
+    name = 'restore'
+    permissionType = 'Edit'
+
+    def handle(self):
+        """Restore the context item."""
+        # ensure modification comes via POST
+        if self.client.env['REQUEST_METHOD'] != 'POST':
+            raise Reject(self._('Invalid request'))
+
+        # if we want to view the index template now, then unset the itemid
+        # context info (a special-case for retire actions on the index page)
+        itemid = self.nodeid
+        if self.template == 'index':
+            self.client.nodeid = None
+
+        # check permission
+        if not self.hasPermission('Restore', classname=self.classname,
+                itemid=itemid):
+            raise exceptions.Unauthorised(self._(
+                'You do not have permission to restore %(class)s'
+            ) % {'class': self.classname})
+
+        # do the restore
+        self.db.getclass(self.classname).restore(itemid)
+        self.db.commit()
+
+        self.client.add_ok_message(
+            self._('%(classname)s %(itemid)s has been restored')%{
+                'classname': self.classname.capitalize(), 'itemid': itemid})
+
+
 class SearchAction(Action):
     name = 'search'
     permissionType = 'View'

roundup/cgi/client.py

@@ -1242,6 +1242,7 @@ def renderContext(self):
         ('login',       actions.LoginAction),
         ('logout',      actions.LogoutAction),
         ('search',      actions.SearchAction),
+        ('restore',     actions.RestoreAction),
         ('retire',      actions.RetireAction),
         ('show',        actions.ShowAction),
         ('export_csv',  actions.ExportCSVAction),

test/test_actions.py

@@ -85,6 +85,20 @@ def testDontRetireAdminOrAnonymous(self):
         self.client.db.user.get = lambda a,b: 'anonymous'
         self.assertRaises(ValueError, RetireAction(self.client).handle)
 
+class RestoreActionTestCase(ActionTestCase):
+    # This is a copy of the RetireActionTestCase. But what do these
+    # actually test? I see no actual db or retire call or
+    # class id. Testing db level restore is covered in the
+    # db_test_base as part of retire.
+    def testRestoreAction(self):
+        self.client.db.security.hasPermission = true
+        self.client._ok_message = []
+        RestoreAction(self.client).handle()
+        self.assert_(len(self.client._ok_message) == 1)
+
+    def testNoPermission(self):
+        self.assertRaises(Unauthorised, RestoreAction(self.client).execute)
+
 class SearchActionTestCase(ActionTestCase):
     def setUp(self):
         ActionTestCase.setUp(self)