class ViewsTestCase(TestCase): def setUp(self): self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_list_restricted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_list_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_permission_create_restricted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_create_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_permission_delete_restricted(self): self.client.login(username=self.user_non_granted.username, password="******") journal = JournalFactory() journal.save() self.client.login(username=self.user_granted.username, password="******") ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) journal.members.add(self.user_granted) journal.save() response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 200) def test_permission_delete_granted(self): journal = JournalFactory() journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200)