def handle(self, *args, **options): _User = get_user_model() user = _User.objects.filter(email=options["email"]).first() if user is None: self.stdout.write( self.style.ERROR( "Cannot find user with email address {}".format( options["email"]))) return cost_centre = CostCentre.objects.filter( cost_centre_code=options["cost_centre_code"]).first() if cost_centre is None: self.stdout.write( self.style.ERROR("Cannot find cost centre with code {}".format( options["cost_centre_code"]))) return if user.has_perm("change_costcentre", cost_centre): self.stdout.write( self.style.ERROR( "User already has permission to edit cost centre {}". format(options["cost_centre_code"]))) return assign_perm("change_costcentre", user, cost_centre) self.stdout.write( self.style.SUCCESS( "Permission to edit cost centre {} added".format( options["cost_centre_code"])))
def test_assign_perm(self): assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) # Bust permissions cache (refresh_from_db does not work) self.test_user, _ = get_user_model().objects.get_or_create( email="*****@*****.**" ) assert self.test_user.has_perm("forecast.can_view_forecasts") # check guardian permissions created cost_centres = guardian_get_objects_for_user( self.test_user, "costcentre.change_costcentre", accept_global_perms=False, ) assert len(cost_centres) == 1 # Check that log entry was created for assignment log_entry = LogEntry.objects.last() assert log_entry.object_id == str(self.cost_centre.cost_centre_code) assert log_entry.change_message == "Cost Centre permission was assigned"
def test_user_permissions(self): assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) self.assertTrue( self.test_user.has_perm( "change_costcentre", self.cost_centre, )) call_command( "user_permissions", "--email={}".format(self.test_user_email), stdout=self.out, ) out_value = self.out.getvalue() self.assertIn( "User with email '{}' has permissions " "on the following cost centres:".format(self.test_user_email), out_value, ) self.assertIn(str(self.cost_centre_code), out_value)
def test_cost_centre_users(self): assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) self.assertTrue( self.test_user.has_perm("change_costcentre", self.cost_centre)) call_command( "cost_centre_users", "--cost_centre_code={}".format(self.cost_centre_code), stdout=self.out, ) out_value = self.out.getvalue() self.assertIn( "Users with permission to edit cost centre {}:".format( self.cost_centre_code), out_value, ) self.assertIn(self.test_user_email, out_value)
def test_can_view_forecasts_cost_centre_perm(self): assert not can_view_forecasts(self.test_user) # Add cost centre edit permission assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) assert can_view_forecasts(self.test_user)
def can_edit_at_least_one_cost_centre(self): assert not can_edit_at_least_one_cost_centre() # Assigns user to one cost centre assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) assert can_edit_at_least_one_cost_centre()
def test_download(self): assign_perm("change_costcentre", self.test_user, self.cost_centre) download_forecast_url = self.client.get( reverse( "export_edit_forecast_data_cost_centre", kwargs={"cost_centre": self.cost_centre_code}, )) self.assertEqual(download_forecast_url.status_code, 200) file = io.BytesIO(download_forecast_url.content) wb = load_workbook(filename=file) ws = wb.active assert ws["C1"].value == "Natural Account code" assert ws["C2"].value == self.nac_obj.natural_account_code assert ws["I1"].value == "Apr" assert ws.max_row == 4
def test_basic_user_edit_permission(self): assert not can_edit_cost_centre( self.test_user, self.cost_centre_code, ) assign_perm( "change_costcentre", self.test_user, self.cost_centre, ) assert can_edit_cost_centre( self.test_user, self.cost_centre_code, )
def test_user_cannot_download_wrong_forecast(self): """ User can't access download URL if they do not have editing permission for certain Cost Centre """ # Assigns user to one cost centre assign_perm("change_costcentre", self.test_user, self.cost_centre) # Changes cost_centre_code to one that user can view but NOT edit test_cost_centre_code = 888332 CostCentreFactory.create(cost_centre_code=test_cost_centre_code) download_forecast_url = self.client.get( reverse( "export_edit_forecast_data_cost_centre", kwargs={"cost_centre": test_cost_centre_code}, )) self.assertEqual(download_forecast_url.status_code, 302)
def test_user_can_download_forecast(self): """ User can access download URL if they have cost centre editing permission """ assign_perm("change_costcentre", self.test_user, self.cost_centre) download_forecast_url = self.client.get( reverse( "export_edit_forecast_data_cost_centre", kwargs={"cost_centre": self.cost_centre_code}, ), ) self.assertEqual(download_forecast_url.status_code, 200) file = io.BytesIO(download_forecast_url.content) wb = load_workbook(filename=file, ) ws = wb.active # 4 rows: Heading, row with Apr/May figure, # row with 0 figures and grand totals assert ws.max_row == 4 assert ws["C1"].value == "Natural Account code" assert ws["C2"].value == self.nac_obj.natural_account_code assert ws["I1"].value == "Apr" assert ws["I2"].value == 0 assert ws["I3"].value == self.amount_apr / 100 assert ws["I4"].value == "=SUM(I2:I3)" assert ws["J1"].value == "May" assert ws["J2"].value == 0 assert ws["J3"].value == self.amount_may / 100 assert ws["J4"].value == "=SUM(J2:J3)" assert ws["X1"].value == "Forecast outturn" assert ws["X2"].value == "=SUM(I2:W2)" assert ws["X3"].value == "=SUM(I3:W3)" assert ws["X4"].value == "=SUM(X2:X3)" assert ws["Y1"].value == "Variance -overspend/underspend" assert ws["Y2"].value == "=(H2-X2)" assert ws["Y3"].value == "=(H3-X3)" assert ws["Y4"].value == "=SUM(Y2:Y3)" assert ws["Z1"].value == "Year to Date Actuals" assert ws["Z2"].value == "=SUM(I2:I2)" assert ws["Z3"].value == "=SUM(I3:I3)" assert ws["Z4"].value == "=SUM(Z2:Z3)"
def test_cost_centre_download(self): assign_perm("change_costcentre", self.test_user, self.cost_centre) self.cost_centre_code = self.cost_centre response = self.client.get( reverse( "export_forecast_data_cost_centre", kwargs={ 'cost_centre': self.cost_centre.cost_centre_code, 'period': 0, }, ) ) self.assertEqual(response.status_code, 200) file = io.BytesIO(response.content) wb = load_workbook(filename=file) ws = wb.active # Check group assert ws["A1"].value == "Group name" assert ws["B2"].value == self.group_code
def test_remove_user_from_cost_centre(self): assign_perm("change_costcentre", self.test_user, self.cost_centre) self.assertTrue( self.test_user.has_perm( "change_costcentre", self.cost_centre, )) call_command( "remove_user_from_cost_centre", email=self.test_user_email, cost_centre_code=self.cost_centre_code, stdout=self.out, ) self.test_user.refresh_from_db() self.assertFalse( self.test_user.has_perm( "change_costcentre", self.cost_centre, ))
def change_permission(self, request, cost_centre_id, *args, **kwargs): cost_centre = self.get_object(request, cost_centre_id) cost_centre_url = reverse( 'admin:costcentre_costcentre_change', args=[cost_centre_id], current_app=self.admin_site.name, ) if not self.can_change_permissions( request.user, cost_centre, ): return HttpResponseRedirect(cost_centre_url) url = reverse( 'admin:change_permission', args=[cost_centre_id], current_app=self.admin_site.name, ) give_permission_form = GivePermissionAdminForm( cost_centre=cost_centre, user=request.user, ) remove_permission_form = RemovePermissionAdminForm( cost_centre=cost_centre, user=request.user, ) if request.method == 'POST': if 'submit_give_permission' in request.POST: give_permission_form = GivePermissionAdminForm( request.POST, cost_centre=cost_centre, user=request.user, ) if give_permission_form.is_valid(): user = give_permission_form.cleaned_data["user"] assign_perm( "change_costcentre", user, cost_centre, ) self.message_user( request, 'Successfully gave user permission ' 'to edit cost centre forecast', ) return HttpResponseRedirect(url) elif 'submit_remove_permission' in request.POST: remove_permission_form = RemovePermissionAdminForm( request.POST, cost_centre=cost_centre, user=request.user, ) if remove_permission_form.is_valid(): if remove_permission_form.cleaned_data["users"].count( ) == 0: self.message_user( request, 'No users selected', ) else: for user in remove_permission_form.cleaned_data[ "users"]: remove_perm("change_costcentre", user, cost_centre) self.message_user( request, 'Successfully removed users from cost centre', ) return HttpResponseRedirect(url) users_with_edit_permission = get_users_with_perms( cost_centre, attach_perms=True, ) context = self.admin_site.each_context(request) context['opts'] = self.model._meta context['give_permission_form'] = give_permission_form context['users_with_edit_permission'] = users_with_edit_permission context['remove_permission_form'] = remove_permission_form context['original'] = cost_centre context['title'] = "User with permission to edit cost centre" return TemplateResponse( request, "costcentre/admin/change_permission_form.html", context, )