def setUp(self): self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save()
def test_user_cant_manage(self): user = UserFactory() journal = JournalFactory() is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False) journal.members.add(user) journal.save() is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False)
def test_user_can_manage(self): user = UserFactory() journal = JournalFactory() journal.members.add(user) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=user, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
def test_returns_a_403_error_if_no_journal_can_be_associated_with_the_current_user(self): # Setup class MyView(JournalScopeMixin, TemplateView): template_name = "dummy.html" user = UserFactory.create() journal = JournalFactory.create() url = reverse("userspace:journal:information:update", kwargs={"journal_pk": journal.pk}) request = self.get_request(url) request.user = user my_view = MyView.as_view() # Run & check with self.assertRaises(PermissionDenied): my_view(request, journal_pk=self.journal.pk)
def test_staff_can_manage(self): user = UserFactory(is_staff=True) journal = JournalFactory() is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
class ViewsTestCase(TestCase): def setUp(self): self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_list_restricted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_list_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_permission_create_restricted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_create_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_permission_delete_restricted(self): self.client.login(username=self.user_non_granted.username, password="******") journal = JournalFactory() journal.save() self.client.login(username=self.user_granted.username, password="******") ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) journal.members.add(self.user_granted) journal.save() response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 200) def test_permission_delete_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200)