def test_view_remove_user(self): """ Test view for adding a user: Verifies: * GET redirects user to 405 * POST with a user id remove user, returns 1 * POST without user id returns error as json * users lacking perms receive 403 * removing user not in group returns error as json * removing user that does not exist returns error as json * user loses all permissions when removed from group """ group = self.test_save() c = Client() group.user_set.add(self.user0) url = '/group/%d/user/remove/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # invalid permissions self.assertTrue(c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorize and login grant(self.user0, 'admin', group) # invalid method response = c.get(url % args) self.assertEqual(405, response.status_code) # valid request (perm) data = {'user':self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertEqual([], self.user0.get_perms(group)) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_remove_user.connect(callback) # valid request (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() group.user_set.add(self.user0) response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_remove_user.disconnect(callback) # remove user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertNotEqual('1', response.content) # remove invalid user response = c.post(url % args, {'user':0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('1', response.content)
def test_view_remove_user(self): """ Test view for adding a user: Verifies: * GET redirects user to 405 * POST with a user id remove user, returns 1 * POST without user id returns error as json * users lacking perms receive 403 * removing user not in group returns error as json * removing user that does not exist returns error as json * user loses all permissions when removed from group """ group = self.test_save() c = Client() group.user_set.add(self.user0) url = '/group/%d/user/remove/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # invalid permissions self.assertTrue( c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorize and login grant(self.user0, 'admin', group) # invalid method response = c.get(url % args) self.assertEqual(405, response.status_code) # valid request (perm) data = {'user': self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertEqual([], self.user0.get_perms(group)) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_remove_user.connect(callback) # valid request (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() group.user_set.add(self.user0) response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEqual('1', response.content) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_remove_user.disconnect(callback) # remove user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertFalse(group.user_set.filter(id=self.user0.id).exists()) self.assertNotEqual('1', response.content) # remove invalid user response = c.post(url % args, {'user': 0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertNotEqual('1', response.content)
def test_view_add_user(self): """ Test view for adding a user: Verifies: * request from unauthorized user results in 403 * GET returns a 200 code, response is html * POST with a user id adds user, response is html for user * POST without user id returns error as json * POST for invalid user id returns error as json * adding user a second time returns error as json """ group = self.test_save() c = Client() url = '/group/%d/user/add/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized self.assertTrue(c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorized get (perm granted) grant(self.user0, 'admin', group) response = c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'group/add_user.html') # authorized get (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() response = c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'group/add_user.html') # missing user id response = c.post(url % args) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) # invalid user response = c.post(url % args, {'user':0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_add_user.connect(callback) # valid post data = {'user':self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'muddle/group/user_row.html') self.assertTrue(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_add_user.disconnect(callback) # same user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)
def test_view_add_user(self): """ Test view for adding a user: Verifies: * request from unauthorized user results in 403 * GET returns a 200 code, response is html * POST with a user id adds user, response is html for user * POST without user id returns error as json * POST for invalid user id returns error as json * adding user a second time returns error as json """ group = self.test_save() c = Client() url = '/group/%d/user/add/' args = group.id # anonymous user response = c.get(url % args, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') # unauthorized self.assertTrue( c.login(username=self.user0.username, password='******')) response = c.get(url % args) self.assertEqual(403, response.status_code) response = c.post(url % args) self.assertEqual(403, response.status_code) # authorized get (perm granted) grant(self.user0, 'admin', group) response = c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'group/add_user.html') # authorized get (superuser) revoke(self.user0, 'admin', group) self.user0.is_superuser = True self.user0.save() response = c.get(url % args) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'group/add_user.html') # missing user id response = c.post(url % args) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) # invalid user response = c.post(url % args, {'user': 0}) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) # setup signal self.signal_sender = self.signal_user = self.signal_obj = None def callback(sender, user, obj, **kwargs): self.signal_sender = sender self.signal_user = user self.signal_obj = obj view_add_user.connect(callback) # valid post data = {'user': self.user0.id} response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('text/html; charset=utf-8', response['content-type']) self.assertTemplateUsed(response, 'group/user_row.html') self.assertTrue(group.user_set.filter(id=self.user0.id).exists()) # check signal fired self.assertEqual(self.signal_sender, self.user0) self.assertEqual(self.signal_user, self.user0) self.assertEqual(self.signal_obj, group) view_add_user.disconnect(callback) # same user again response = c.post(url % args, data) self.assertEqual(200, response.status_code) self.assertEquals('application/json', response['content-type']) self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)