def handle(self, *args, **options):
_User = get_user_model()
user = _User.objects.filter(email=options["email"]).first()
if user is None:
self.stdout.write(
self.style.ERROR(
"Cannot find user with email address {}".format(
options["email"])))
return
cost_centre = CostCentre.objects.filter(
cost_centre_code=options["cost_centre_code"]).first()
if cost_centre is None:
self.stdout.write(
self.style.ERROR("Cannot find cost centre with code {}".format(
options["cost_centre_code"])))
return
if user.has_perm("change_costcentre", cost_centre):
self.stdout.write(
self.style.ERROR(
"User already has permission to edit cost centre {}".
format(options["cost_centre_code"])))
return
assign_perm("change_costcentre", user, cost_centre)
self.stdout.write(
self.style.SUCCESS(
"Permission to edit cost centre {} added".format(
options["cost_centre_code"])))
def test_assign_perm(self):
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
# Bust permissions cache (refresh_from_db does not work)
self.test_user, _ = get_user_model().objects.get_or_create(
email="*****@*****.**"
)
assert self.test_user.has_perm("forecast.can_view_forecasts")
# check guardian permissions created
cost_centres = guardian_get_objects_for_user(
self.test_user,
"costcentre.change_costcentre",
accept_global_perms=False,
)
assert len(cost_centres) == 1
# Check that log entry was created for assignment
log_entry = LogEntry.objects.last()
assert log_entry.object_id == str(self.cost_centre.cost_centre_code)
assert log_entry.change_message == "Cost Centre permission was assigned"
def test_user_permissions(self):
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
self.assertTrue(
self.test_user.has_perm(
"change_costcentre",
self.cost_centre,
))
call_command(
"user_permissions",
"--email={}".format(self.test_user_email),
stdout=self.out,
)
out_value = self.out.getvalue()
self.assertIn(
"User with email '{}' has permissions "
"on the following cost centres:".format(self.test_user_email),
out_value,
)
self.assertIn(str(self.cost_centre_code), out_value)
def test_cost_centre_users(self):
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
self.assertTrue(
self.test_user.has_perm("change_costcentre", self.cost_centre))
call_command(
"cost_centre_users",
"--cost_centre_code={}".format(self.cost_centre_code),
stdout=self.out,
)
out_value = self.out.getvalue()
self.assertIn(
"Users with permission to edit cost centre {}:".format(
self.cost_centre_code),
out_value,
)
self.assertIn(self.test_user_email, out_value)
def test_can_view_forecasts_cost_centre_perm(self):
assert not can_view_forecasts(self.test_user)
# Add cost centre edit permission
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
assert can_view_forecasts(self.test_user)
def can_edit_at_least_one_cost_centre(self):
assert not can_edit_at_least_one_cost_centre()
# Assigns user to one cost centre
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
assert can_edit_at_least_one_cost_centre()
def test_download(self):
assign_perm("change_costcentre", self.test_user, self.cost_centre)
download_forecast_url = self.client.get(
reverse(
"export_edit_forecast_data_cost_centre",
kwargs={"cost_centre": self.cost_centre_code},
))
self.assertEqual(download_forecast_url.status_code, 200)
file = io.BytesIO(download_forecast_url.content)
wb = load_workbook(filename=file)
ws = wb.active
assert ws["C1"].value == "Natural Account code"
assert ws["C2"].value == self.nac_obj.natural_account_code
assert ws["I1"].value == "Apr"
assert ws.max_row == 4
def test_basic_user_edit_permission(self):
assert not can_edit_cost_centre(
self.test_user,
self.cost_centre_code,
)
assign_perm(
"change_costcentre",
self.test_user,
self.cost_centre,
)
assert can_edit_cost_centre(
self.test_user,
self.cost_centre_code,
)
def test_user_cannot_download_wrong_forecast(self):
"""
User can't access download URL if they do not
have editing permission for certain Cost Centre
"""
# Assigns user to one cost centre
assign_perm("change_costcentre", self.test_user, self.cost_centre)
# Changes cost_centre_code to one that user can view but NOT edit
test_cost_centre_code = 888332
CostCentreFactory.create(cost_centre_code=test_cost_centre_code)
download_forecast_url = self.client.get(
reverse(
"export_edit_forecast_data_cost_centre",
kwargs={"cost_centre": test_cost_centre_code},
))
self.assertEqual(download_forecast_url.status_code, 302)
def test_user_can_download_forecast(self):
"""
User can access download URL if they have cost centre editing permission
"""
assign_perm("change_costcentre", self.test_user, self.cost_centre)
download_forecast_url = self.client.get(
reverse(
"export_edit_forecast_data_cost_centre",
kwargs={"cost_centre": self.cost_centre_code},
), )
self.assertEqual(download_forecast_url.status_code, 200)
file = io.BytesIO(download_forecast_url.content)
wb = load_workbook(filename=file, )
ws = wb.active
# 4 rows: Heading, row with Apr/May figure,
# row with 0 figures and grand totals
assert ws.max_row == 4
assert ws["C1"].value == "Natural Account code"
assert ws["C2"].value == self.nac_obj.natural_account_code
assert ws["I1"].value == "Apr"
assert ws["I2"].value == 0
assert ws["I3"].value == self.amount_apr / 100
assert ws["I4"].value == "=SUM(I2:I3)"
assert ws["J1"].value == "May"
assert ws["J2"].value == 0
assert ws["J3"].value == self.amount_may / 100
assert ws["J4"].value == "=SUM(J2:J3)"
assert ws["X1"].value == "Forecast outturn"
assert ws["X2"].value == "=SUM(I2:W2)"
assert ws["X3"].value == "=SUM(I3:W3)"
assert ws["X4"].value == "=SUM(X2:X3)"
assert ws["Y1"].value == "Variance -overspend/underspend"
assert ws["Y2"].value == "=(H2-X2)"
assert ws["Y3"].value == "=(H3-X3)"
assert ws["Y4"].value == "=SUM(Y2:Y3)"
assert ws["Z1"].value == "Year to Date Actuals"
assert ws["Z2"].value == "=SUM(I2:I2)"
assert ws["Z3"].value == "=SUM(I3:I3)"
assert ws["Z4"].value == "=SUM(Z2:Z3)"
def test_cost_centre_download(self):
assign_perm("change_costcentre", self.test_user, self.cost_centre)
self.cost_centre_code = self.cost_centre
response = self.client.get(
reverse(
"export_forecast_data_cost_centre",
kwargs={
'cost_centre': self.cost_centre.cost_centre_code,
'period': 0,
},
)
)
self.assertEqual(response.status_code, 200)
file = io.BytesIO(response.content)
wb = load_workbook(filename=file)
ws = wb.active
# Check group
assert ws["A1"].value == "Group name"
assert ws["B2"].value == self.group_code
def test_remove_user_from_cost_centre(self):
assign_perm("change_costcentre", self.test_user, self.cost_centre)
self.assertTrue(
self.test_user.has_perm(
"change_costcentre",
self.cost_centre,
))
call_command(
"remove_user_from_cost_centre",
email=self.test_user_email,
cost_centre_code=self.cost_centre_code,
stdout=self.out,
)
self.test_user.refresh_from_db()
self.assertFalse(
self.test_user.has_perm(
"change_costcentre",
self.cost_centre,
))
def change_permission(self, request, cost_centre_id, *args, **kwargs):
cost_centre = self.get_object(request, cost_centre_id)
cost_centre_url = reverse(
'admin:costcentre_costcentre_change',
args=[cost_centre_id],
current_app=self.admin_site.name,
)
if not self.can_change_permissions(
request.user,
cost_centre,
):
return HttpResponseRedirect(cost_centre_url)
url = reverse(
'admin:change_permission',
args=[cost_centre_id],
current_app=self.admin_site.name,
)
give_permission_form = GivePermissionAdminForm(
cost_centre=cost_centre,
user=request.user,
)
remove_permission_form = RemovePermissionAdminForm(
cost_centre=cost_centre,
user=request.user,
)
if request.method == 'POST':
if 'submit_give_permission' in request.POST:
give_permission_form = GivePermissionAdminForm(
request.POST,
cost_centre=cost_centre,
user=request.user,
)
if give_permission_form.is_valid():
user = give_permission_form.cleaned_data["user"]
assign_perm(
"change_costcentre",
user,
cost_centre,
)
self.message_user(
request,
'Successfully gave user permission '
'to edit cost centre forecast',
)
return HttpResponseRedirect(url)
elif 'submit_remove_permission' in request.POST:
remove_permission_form = RemovePermissionAdminForm(
request.POST,
cost_centre=cost_centre,
user=request.user,
)
if remove_permission_form.is_valid():
if remove_permission_form.cleaned_data["users"].count(
) == 0:
self.message_user(
request,
'No users selected',
)
else:
for user in remove_permission_form.cleaned_data[
"users"]:
remove_perm("change_costcentre", user, cost_centre)
self.message_user(
request,
'Successfully removed users from cost centre',
)
return HttpResponseRedirect(url)
users_with_edit_permission = get_users_with_perms(
cost_centre,
attach_perms=True,
)
context = self.admin_site.each_context(request)
context['opts'] = self.model._meta
context['give_permission_form'] = give_permission_form
context['users_with_edit_permission'] = users_with_edit_permission
context['remove_permission_form'] = remove_permission_form
context['original'] = cost_centre
context['title'] = "User with permission to edit cost centre"
return TemplateResponse(
request,
"costcentre/admin/change_permission_form.html",
context,
)
