def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user, skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
def test_login_as_requires_staff_member(rf, regular_user):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
def do_nothing(request, shop=None):
pass
def get_default(request):
return get_default_shop()
# Maybe some vendors and non marketplace staff members has access to admin module
with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing):
with patch("shuup.admin.shop_provider.get_shop",
side_effect=get_default):
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user)
# not staff member
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
shop.staff_members.add(staff_user)
# no permission
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_login_as_user(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
get_person_contact(regular_user)
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_login_as_user(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
get_person_contact(regular_user)
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_login_as_without_front_url(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
def get_none():
return None
with patch("shuup.admin.modules.users.views.detail.get_front_url", side_effect=get_none):
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
def test_login_as_staff_member(rf):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"),
user=staff_user,
skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
user = UserFactory()
get_person_contact(user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
user.is_active = True
user.save()
# staff user without "user.login-as" permission trying to login as valid user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
permission_group = staff_user.groups.first()
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == user
def test_stop_impersonating(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
assert get_logout_url({"request": request}) == reverse("shuup:logout")
get_person_contact(regular_user)
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
assert "impersonator_user_id" in request.session
assert get_logout_url({"request": request}) == reverse("shuup:stop-impersonating")
assert is_authenticated(get_user(request))
response = stop_impersonating(request)
assert response.status_code in [301, 302] # redirect
assert "impersonator_user_id" not in request.session
assert is_authenticated(get_user(request))
assert request.user == admin_user
def test_stop_impersonating(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
assert get_logout_url({"request": request}) == reverse("shuup:logout")
get_person_contact(regular_user)
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
assert "impersonator_user_id" in request.session
assert get_logout_url({"request": request}) == reverse("shuup:stop-impersonating")
assert is_authenticated(get_user(request))
response = stop_impersonating(request)
assert response.status_code in [301, 302] # redirect
assert "impersonator_user_id" not in request.session
assert is_authenticated(get_user(request))
assert request.user == admin_user
