def test_view_delete(self):
"""
Test deleting a group
Verifies:
* group is deleted
* all associated permissions are deleted
"""
group0 = self.test_save()
group1 = self.test_save(name='test2')
c = Client()
url = '/group/%s/edit/'
# anonymous user
response = c.delete(url % group0.id, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.delete(url % group0.id)
self.assertEqual(403, response.status_code)
# invalid group
response = c.delete(url % "DoesNotExist")
self.assertEqual(404, response.status_code)
# get form - authorized (permission)
grant(self.user0, 'admin', group0)
response = c.delete(url % group0.id)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(Group.objects.filter(id=group0.id).exists())
self.assertEqual('1', response.content)
# setup signal
self.signal_editor = self.signal_group = None
def callback(sender, editor, **kwargs):
self.signal_user = self.user0
self.signal_group = sender
view_group_deleted.connect(callback)
# get form - authorized (superuser)
self.user0.is_superuser = True
self.user0.save()
response = c.delete(url % group1.id)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(Group.objects.filter(id=group1.id).exists())
self.assertEqual('1', response.content)
# check signal set properties
self.assertEqual(group1.name, self.signal_group.name)
self.assertEqual(self.user0, self.signal_user)
def test_view_detail(self):
"""
Test Viewing the detail for a Group
Verifies:
* 200 returned for valid group
* 404 returned for invalid group
"""
group = self.test_save()
c = Client()
url = '/group/%s/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
# invalid user group
response = c.get(url % "DoesNotExist")
self.assertEqual(404, response.status_code)
# authorized (permission)
grant(self.user0, 'admin', group)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/detail.html')
# authorized (superuser)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/detail.html')
def test_view_remove_user(self):
"""
Test view for adding a user:
Verifies:
* GET redirects user to 405
* POST with a user id remove user, returns 1
* POST without user id returns error as json
* users lacking perms receive 403
* removing user not in group returns error as json
* removing user that does not exist returns error as json
* user loses all permissions when removed from group
"""
group = self.test_save()
c = Client()
group.user_set.add(self.user0)
url = '/group/%d/user/remove/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# invalid permissions
self.assertTrue(c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorize and login
grant(self.user0, 'admin', group)
# invalid method
response = c.get(url % args)
self.assertEqual(405, response.status_code)
# valid request (perm)
data = {'user':self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertEqual([], self.user0.get_perms(group))
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_remove_user.connect(callback)
# valid request (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
group.user_set.add(self.user0)
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_remove_user.disconnect(callback)
# remove user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertNotEqual('1', response.content)
# remove invalid user
response = c.post(url % args, {'user':0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('1', response.content)
def test_view_add_user(self):
"""
Test view for adding a user:
Verifies:
* request from unauthorized user results in 403
* GET returns a 200 code, response is html
* POST with a user id adds user, response is html for user
* POST without user id returns error as json
* POST for invalid user id returns error as json
* adding user a second time returns error as json
"""
group = self.test_save()
c = Client()
url = '/group/%d/user/add/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized
self.assertTrue(c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorized get (perm granted)
grant(self.user0, 'admin', group)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# authorized get (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# missing user id
response = c.post(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# invalid user
response = c.post(url % args, {'user':0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_add_user.connect(callback)
# valid post
data = {'user':self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'muddle/group/user_row.html')
self.assertTrue(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_add_user.disconnect(callback)
# same user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)
def test_view_edit(self):
group = self.test_save()
c = Client()
url = '/group/%s/edit/'
# anonymous user
response = c.post(url % group.id, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(c.login(username=self.user0.username, password='******'))
response = c.post(url % group.id)
self.assertEqual(403, response.status_code)
# invalid group
response = c.post(url % "DoesNotExist")
self.assertEqual(404, response.status_code)
# get form - authorized (permission)
# XXX need to implement Class wide permission for creating editing groups
#grant(user, 'admin', group)
#response = c.post(url % group.id)
#self.assertEqual(200, response.status_code)
#self.assertEquals('text/html; charset=utf-8', response['content-type'])
#self.assertTemplateUsed(response, 'group/edit.html')
# get form - authorized (permission)
grant(self.user0, 'admin', group)
response = c.post(url % group.id)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/edit.html')
# get form - authorized (superuser)
self.user0.revoke('admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.post(url % group.id)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/edit.html')
# missing name
data = {'id':group.id}
response = c.post(url % group.id, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
# setup signal
self.signal_editor = self.signal_group = None
def callback(sender, editor, **kwargs):
self.signal_user = self.user0
self.signal_group = sender
view_group_edited.connect(callback)
# successful edit
data = {'id':group.id, 'name':'EDITED_NAME'}
response = c.post(url % group.id, data)
self.assertRedirects(response, '/group/%s' % group.pk)
group = Group.objects.get(id=group.id)
self.assertEqual('EDITED_NAME', group.name)
# check signal set properties
self.assertEqual(group, self.signal_group)
self.assertEqual(self.user0, self.signal_user)
def test_view_remove_user(self):
"""
Test view for adding a user:
Verifies:
* GET redirects user to 405
* POST with a user id remove user, returns 1
* POST without user id returns error as json
* users lacking perms receive 403
* removing user not in group returns error as json
* removing user that does not exist returns error as json
* user loses all permissions when removed from group
"""
group = self.test_save()
c = Client()
group.user_set.add(self.user0)
url = '/group/%d/user/remove/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# invalid permissions
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorize and login
grant(self.user0, 'admin', group)
# invalid method
response = c.get(url % args)
self.assertEqual(405, response.status_code)
# valid request (perm)
data = {'user': self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertEqual([], self.user0.get_perms(group))
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_remove_user.connect(callback)
# valid request (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
group.user_set.add(self.user0)
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_remove_user.disconnect(callback)
# remove user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertNotEqual('1', response.content)
# remove invalid user
response = c.post(url % args, {'user': 0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('1', response.content)
def test_view_add_user(self):
"""
Test view for adding a user:
Verifies:
* request from unauthorized user results in 403
* GET returns a 200 code, response is html
* POST with a user id adds user, response is html for user
* POST without user id returns error as json
* POST for invalid user id returns error as json
* adding user a second time returns error as json
"""
group = self.test_save()
c = Client()
url = '/group/%d/user/add/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorized get (perm granted)
grant(self.user0, 'admin', group)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# authorized get (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# missing user id
response = c.post(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# invalid user
response = c.post(url % args, {'user': 0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_add_user.connect(callback)
# valid post
data = {'user': self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/user_row.html')
self.assertTrue(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_add_user.disconnect(callback)
# same user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)
def test_view_edit(self):
group = self.test_save()
c = Client()
url = '/group/%s/edit/'
# anonymous user
response = c.post(url % group.id, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized user
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.post(url % group.id)
self.assertEqual(403, response.status_code)
# invalid group
response = c.post(url % "DoesNotExist")
self.assertEqual(404, response.status_code)
# get form - authorized (permission)
# XXX need to implement Class wide permission
# for creating editing groups
# grant(user, 'admin', group)
# response = c.post(url % group.id)
# self.assertEqual(200, response.status_code)
# self.assertEquals(
# 'text/html; charset=utf-8', response['content-type'])
# self.assertTemplateUsed(response, 'group/edit.html')
# get form - authorized (permission)
grant(self.user0, 'admin', group)
response = c.post(url % group.id)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/edit.html')
# get form - authorized (superuser)
self.user0.revoke('admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.post(url % group.id)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/edit.html')
# missing name
data = {'id': group.id}
response = c.post(url % group.id, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
# setup signal
self.signal_editor = self.signal_group = None
def callback(sender, editor, **kwargs):
self.signal_user = self.user0
self.signal_group = sender
view_group_edited.connect(callback)
# successful edit
data = {'id': group.id, 'name': 'EDITED_NAME'}
response = c.post(url % group.id, data)
self.assertRedirects(response, '/group/%s' % group.pk)
group = Group.objects.get(id=group.id)
self.assertEqual('EDITED_NAME', group.name)
# check signal set properties
self.assertEqual(group, self.signal_group)
self.assertEqual(self.user0, self.signal_user)
