def test_login_as_staff_member(rf):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"),
user=staff_user,
skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
user = UserFactory()
get_person_contact(user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
user.is_active = True
user.save()
# staff user without "user.login-as" permission trying to login as valid user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
permission_group = staff_user.groups.first()
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == user
def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user, skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)