def test_model_url_with_permissions(): permissions = set( ["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) shop = get_default_shop() p = get_default_product() # If no user is given, don't check for permissions assert get_model_url(p, shop=shop) # If a user is given and no permissions are provided, check for default model permissions user = StaffUser() with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, shop=shop) # If a user is given and permissions are provided, check for those permissions assert get_model_url(p, user=user, required_permissions=(), shop=shop) with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, required_permissions=["shuup.add_product"], shop=shop) # Confirm that url is returned with correct permissions user.permissions = permissions assert get_model_url(p, user=user, shop=shop) assert get_model_url(p, user=user, required_permissions=permissions, shop=shop)
def test_permissions_for_menu_entries(rf, admin_user): permissions = set( ["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) request = rf.get("/") request.user = StaffUser() request.user.permissions = permissions with replace_modules([ARestrictedTestModule]): modules = [m for m in get_modules()] assert request.user.permissions == modules[0].get_required_permissions( ) categories = get_menu_entry_categories(request) assert categories # Make sure category is displayed if user has correct permissions test_category_menu_entries = [ cat for cat in categories if cat.name == "RestrictedTest" ][0] assert any(me.text == "OK" for me in test_category_menu_entries) # No menu items should be displayed if user has no permissions request.user.permissions = [] categories = get_menu_entry_categories(request) assert not categories
def test_url_auth(rf): def did_disallow(view, request): try: return isinstance(view(request), HttpResponseRedirect) except Problem as prob: return True # Problems are fine here with replace_modules([ATestModule]): urls = dict((u.name, u) for u in get_module_urls()) request = rf.get("/") request.user = AnonymousUser() assert did_disallow(urls["test-auth"].callback, request) assert did_disallow(urls["test-perm"].callback, request) assert not did_disallow(urls["test-unauth"].callback, request) request.user = AuthenticatedUser() assert did_disallow(urls["test-auth"].callback, request) assert did_disallow(urls["test-perm"].callback, request) assert not did_disallow(urls["test-unauth"].callback, request) request.user = StaffUser() assert not did_disallow(urls["test-auth"].callback, request) assert did_disallow(urls["test-perm"].callback, request) assert not did_disallow(urls["test-unauth"].callback, request) request.user = SuperUser() # Can access all assert not did_disallow(urls["test-auth"].callback, request) assert not did_disallow(urls["test-perm"].callback, request) assert not did_disallow(urls["test-unauth"].callback, request)
def test_dashboard_blocks_permissions(rf, client): with replace_modules([ARestrictedTestModule]): permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) request = rf.get("/") request.user = StaffUser() request.session = client.session view = DashboardView(request=request) assert not view.get_context_data()["blocks"] request.user.permissions = permissions view = DashboardView(request=request) assert view.get_context_data()["blocks"]
def test_toolbar_button_permissions(rf, button_class, kwargs): permissions = set( ["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) request = rf.get("/") request.user = StaffUser() button = button_class(required_permissions=permissions, **kwargs) rendered_button = "".join(bit for bit in button.render(request)) assert not rendered_button request.user.permissions = permissions rendered_button = "".join(bit for bit in button.render(request)) assert rendered_button
def test_model_url_with_permissions(): permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) p = get_default_product() # If no user is given, don't check for permissions assert get_model_url(p) # If a user is given and no permissions are provided, check for default model permissions user = StaffUser() with pytest.raises(NoModelUrl): assert get_model_url(p, user=user) # If a user is given and permissions are provided, check for those permissions assert get_model_url(p, user=user, required_permissions=()) with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, required_permissions=["shuup.add_product"]) # Confirm that url is returned with correct permissions user.permissions = permissions assert get_model_url(p, user=user) assert get_model_url(p, user=user, required_permissions=permissions)