def test_edit_plugin_and_cancel(self): placeholder = self.get_placeholder() admin = self.get_admin() data = { 'plugin_type': 'TextPlugin', 'placeholder': placeholder.pk, 'language': 'en', } superuser = self.get_superuser() with UserLoginContext(self, superuser): with SettingsOverride(CMS_PLACEHOLDER_CONF=self.placeholderconf): request = self.get_post_request(data) response = admin.add_plugin(request) self.assertEqual(response.status_code, 200) plugin_id = int(response.content) data = { 'body': 'Hello World', } request = self.get_post_request(data) response = admin.edit_plugin(request, plugin_id) self.assertEqual(response.status_code, 200) text_plugin = Text.objects.get(pk=plugin_id) self.assertEquals('Hello World', text_plugin.body) # edit again, but this time press cancel data = { 'body': 'Hello World!!', '_cancel': True, } request = self.get_post_request(data) response = admin.edit_plugin(request, plugin_id) self.assertEqual(response.status_code, 200) text_plugin = Text.objects.get(pk=plugin_id) self.assertEquals('Hello World', text_plugin.body)
def test_plugin_edit_requires_permissions(self): """User wants to edit a plugin to the example app placeholder but has no permissions""" self._create_example() self._create_plugin() normal_guy = self._testuser() admin = self.get_admin() request = self._post_request(normal_guy) response = admin.edit_plugin(request, self._plugin.id) self.assertEqual(response.status_code, HttpResponseForbidden.status_code) # The user gets the permission only for the plugin self._give_permission(normal_guy, Text, 'change') request = self._post_request(normal_guy) response = admin.edit_plugin(request, self._plugin.id) self.assertEqual(response.status_code, HttpResponseForbidden.status_code) # the user gets the permission only for the app self._delete_permission(normal_guy, Text, 'change') self._give_permission(normal_guy, Example1, 'change') request = self._post_request(normal_guy) response = admin.edit_plugin(request, self._plugin.id) self.assertEqual(response.status_code, HttpResponseForbidden.status_code) # user gets permissions for the plugin and the app self._give_permission(normal_guy, Text, 'change') request = self._post_request(normal_guy) response = admin.edit_plugin(request, self._plugin.id) # It looks like it breaks here because of a missing csrf token in the request # I have no idea how to fix this self.assertEqual(response.status_code, HttpResponse.status_code, response)
def test_edit_plugin_and_cancel(self): placeholder = self.get_placeholder() admin = self.get_admin() data = {"plugin_type": "TextPlugin", "placeholder": placeholder.pk, "language": "en"} superuser = self.get_superuser() with UserLoginContext(self, superuser): with SettingsOverride(CMS_PLACEHOLDER_CONF=self.placeholderconf): request = self.get_post_request(data) response = admin.add_plugin(request) self.assertEqual(response.status_code, 200) plugin_id = int(response.content) data = {"body": "Hello World"} request = self.get_post_request(data) response = admin.edit_plugin(request, plugin_id) self.assertEqual(response.status_code, 200) text_plugin = Text.objects.get(pk=plugin_id) self.assertEquals("Hello World", text_plugin.body) # edit again, but this time press cancel data = {"body": "Hello World!!", "_cancel": True} request = self.get_post_request(data) response = admin.edit_plugin(request, plugin_id) self.assertEqual(response.status_code, 200) text_plugin = Text.objects.get(pk=plugin_id) self.assertEquals("Hello World", text_plugin.body)
def _test_plugin_action_requires_permissions(self, key): self._create_example() if key=='change': self._create_plugin() normal_guy = self._testuser() admin = self.get_admin() # check all combinations of plugin, app and object permission for perms in itertools.product(*[[False, True]]*3): self._set_perms(normal_guy, [Text, Example1, self.example_object], perms, key) request = self._post_request(normal_guy) if key=='add': response = admin.add_plugin(request) elif key=='change': response = admin.edit_plugin(request, self._plugin.id) should_pass = perms[0] and (perms[1] or perms[2]) expected_status_code = HttpResponse.status_code if should_pass else HttpResponseForbidden.status_code self.assertEqual(response.status_code, expected_status_code) # cleanup self._set_perms(normal_guy, [Text, Example1, self.example_object], (False,)*3, key)
def _test_plugin_action_requires_permissions(self, key): self._create_example() if key == 'change': self._create_plugin() normal_guy = self._testuser() admin = self.get_admin() # check all combinations of plugin, app and object permission for perms in itertools.product(*[[False, True]] * 3): self._set_perms(normal_guy, [Text, Example1, self.example_object], perms, key) request = self._post_request(normal_guy) if key == 'add': response = admin.add_plugin(request) elif key == 'change': response = admin.edit_plugin(request, self._plugin.id) should_pass = perms[0] and (perms[1] or perms[2]) expected_status_code = HttpResponse.status_code if should_pass else HttpResponseForbidden.status_code self.assertEqual(response.status_code, expected_status_code) # cleanup self._set_perms(normal_guy, [Text, Example1, self.example_object], (False, ) * 3, key)