def setUp(self):
super(ProjectAccessControlTestCase, self).setUp()
if 'anonymous' in USER_ROLES:
USER_ROLES.remove('anonymous')
# Extending users and clients
extra_users, extra_clients = create_users_and_clients(
self.EXTRA_USER_ROLES)
self.user.update(extra_users)
self.client.update(extra_clients)
# Create an extra project to use it as the outsource
self.project_outsource = Project.objects.get_or_create(
slug="project1_outsource", name="Test Outsource Project",
source_language=self.language_en
)[0]
self.project_outsource.maintainers.add(self.user['outsource_maintainer'])
# Add django-authority permission for outsource writer
self.perm_outsource = AuPermission(codename='project_perm.submit_translations',
approved=True, user=self.user['outsource_writer'],
content_object=self.project_outsource,
creator=self.user['maintainer'])
self.perm_outsource.save()
# Create a team to the outsource project
self.team_outsource = Team.objects.get_or_create(
language=self.language, project=self.project_outsource,
creator=self.user['maintainer'])[0]
self.team_outsource.coordinators.add(self.user['team_coordinator'])
self.team_outsource.members.add(self.user['outsource_team_member'])
class ProjectAccessControlTestCase(BaseTestCase):
"""
Test if all project URLs return correct status code depending on each
user role.
"""
EXTRA_USER_ROLES = ['outsource_writer', 'outsource_team_member',
'outsource_maintainer']
def setUp(self):
super(ProjectAccessControlTestCase, self).setUp()
if 'anonymous' in USER_ROLES:
USER_ROLES.remove('anonymous')
# Extending users and clients
extra_users, extra_clients = create_users_and_clients(
self.EXTRA_USER_ROLES)
self.user.update(extra_users)
self.client.update(extra_clients)
# Create an extra project to use it as the outsource
self.project_outsource = Project.objects.get_or_create(
slug="project1_outsource", name="Test Outsource Project",
source_language=self.language_en
)[0]
self.project_outsource.maintainers.add(self.user['outsource_maintainer'])
# Add django-authority permission for outsource writer
self.perm_outsource = AuPermission(codename='project_perm.submit_translations',
approved=True, user=self.user['outsource_writer'],
content_object=self.project_outsource,
creator=self.user['maintainer'])
self.perm_outsource.save()
# Create a team to the outsource project
self.team_outsource = Team.objects.get_or_create(
language=self.language, project=self.project_outsource,
creator=self.user['maintainer'])[0]
self.team_outsource.coordinators.add(self.user['team_coordinator'])
self.team_outsource.members.add(self.user['outsource_team_member'])
def tearDown(self):
USER_ROLES.extend(self.EXTRA_USER_ROLES)
super(ProjectAccessControlTestCase, self).tearDown()
for u in self.EXTRA_USER_ROLES:
USER_ROLES.remove(u)
USER_ROLES.append('anonymous')
def testAnyoneCanSubmit(self):
"""Check URL access when anyone can submit to a project."""
self.project.anyone_submit = True
self.project.save()
for user_role in USER_ROLES:
check_page_status(self, user_role, convert_url_roles(URL_ROLES_FREE))
# Check if a simple registered user can open up Lotte
expected_code = 200
url = '/projects/p/project1/resource/resource1/l/pt_BR/'
for user_role in ['registered']:
response = self.client[user_role].get(url)
assert_status_code(self, response, expected_code, url,
user_role)
def testOutsourcedAccess(self):
"""Check URL access when a project outsources its access control."""
self.project.outsource = self.project_outsource
self.project.save()
for user_role in USER_ROLES:
check_page_status(self, user_role, convert_url_roles(URL_ROLES_OUTSOURCE))
# Check if a writer and a team member of the outsource project can
# open up Lotte
expected_code = 200
url = '/projects/p/project1/resource/resource1/l/pt_BR/'
for user_role in self.EXTRA_USER_ROLES:
response = self.client[user_role].get(url)
assert_status_code(self, response, expected_code, url,
user_role)
def testOriginalMaintainer(self):
"""
Even if a project is outsourced, its maintainer needs to be able to
edit the source language and add translations as well.
"""
self.project.outsource = self.project_outsource
self.project.save()
maintainer = self.project.maintainers.all()[0]
# Check if the maintainer can add translations.
expected_code = 200
url = reverse('translate_resource', args=[self.project.slug,
self.resource.slug, self.language.code])
response = self.client[maintainer.username].get(url)
assert_status_code(self, response, expected_code, url,
str(maintainer.username))
# Check if the maintainer can edit the resource
expected_code = 200
url = reverse('resource_edit', args=[self.project.slug,
self.resource.slug])
response = self.client[maintainer.username].get(url)
assert_status_code(self, response, expected_code, url,
str(maintainer.username))
def test_project_access_control_edit(self):
"""Test edit of project access control"""
url = reverse('project_access_control_edit', args=[self.project.slug,])
resp = self.client['maintainer'].get(url)
self.assertContains(resp, '<label for="id_access_control_1">'\
'<input checked="checked" name="access_control" value='\
'"limited_access"', status_code=200)
#change access control to outsourced access
DATA = {'project_type':'outsourced', 'access_control':"free_for_all",
'next': url, 'outsource': '22'}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, '<label for="id_project_type_2"><input'\
' checked="checked" name="project_type" value="outsourced"',
status_code=200)
#change access control to outsourced with not outsource field filled
DATA = {'project_type':'outsourced', 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, 'This field is required', status_code=200)
#change access control to typical and free for all
DATA = {'project_type':'typical', 'access_control':"free_for_all", 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, 'Free for all', status_code=200)
#change access control to typical with limited access
DATA = {'project_type':'typical', 'access_control':"limited_access", 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertNotContains(resp, 'Free for all', status_code=200)
#change access control to typical with not access_control field filled
DATA = {'project_type':'typical', 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, 'This field is required', status_code=200)
@skip
def test_project_hub_access_control_edit(self):
"""Test edit of project hub access control"""
url = reverse('project_access_control_edit', args=[self.project.slug,])
#change access control as hub and free for all
DATA = {'project_type':'hub', 'access_control':"free_for_all",
'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, 'Free for all')
self.assertContains(resp, 'Hub')
#change access control as hub with limited access
DATA = {'project_type':'hub', 'access_control':"limited_access", 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertNotContains(resp, 'Free for all')
self.assertContains(resp, 'Hub')
#change access control as hub with not access_control field filled
DATA = {'project_type':'hub', 'next': url, 'outsource': ''}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, 'This field is required', status_code=200)
def test_public_project_can_outsource_from_my_private_project(self):
url = reverse('project_detail',
kwargs={'project_slug': self.project.slug})
self.project_private.is_hub = True
self.project_private.save()
response = self.client['maintainer'].post(url, {
'project_type': "outsourced",
'outsource': self.project_private.id,
'next': url}
)
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'projects/project_detail.html')
class ProjectAccessControlTestCase(BaseTestCase):
"""
Test if all project URLs return correct status code depending on each
user role.
"""
EXTRA_USER_ROLES = ['outsource_writer', 'outsource_team_member',
'outsource_maintainer']
def setUp(self):
USER_ROLES.remove('anonymous')
# Extending user roles
USER_ROLES.extend(self.EXTRA_USER_ROLES)
super(ProjectAccessControlTestCase, self).setUp()
for u in self.EXTRA_USER_ROLES:
USER_ROLES.remove(u)
# Create an extra project to use it as the outsource
self.project_outsource = Project.objects.get_or_create(
slug="project1_outsource", name="Test Outsource Project",
source_language=self.language_en
)[0]
self.project_outsource.maintainers.add(self.user['outsource_maintainer'])
# Add django-authority permission for outsource writer
self.perm_outsource = AuPermission(codename='project_perm.submit_translations',
approved=True, user=self.user['outsource_writer'],
content_object=self.project_outsource,
creator=self.user['maintainer'])
self.perm_outsource.save()
# Create a team to the outsource project
self.team_outsource = Team.objects.get_or_create(
language=self.language, project=self.project_outsource,
creator=self.user['maintainer'])[0]
self.team_outsource.coordinators.add(self.user['team_coordinator'])
self.team_outsource.members.add(self.user['outsource_team_member'])
def tearDown(self):
USER_ROLES.extend(self.EXTRA_USER_ROLES)
super(ProjectAccessControlTestCase, self).tearDown()
for u in self.EXTRA_USER_ROLES:
USER_ROLES.remove(u)
USER_ROLES.append('anonymous')
def testAnyoneCanSubmit(self):
"""Check URL access when anyone can submit to a project."""
self.project.anyone_submit = True
self.project.save()
for user_role in USER_ROLES:
check_page_status(self, user_role, convert_url_roles(URL_ROLES))
# Check if a simple registered user can open up Lotte
expected_code = 200
url = '/projects/p/project1/resource/resource1/l/pt_BR/'
for user_role in ['registered']:
response = self.client[user_role].get(url)
assert_status_code(self, response, expected_code, url,
user_role)
def testOutsourcedAccess(self):
"""Check URL access when a project outsources its access control."""
self.project.outsource = self.project_outsource
self.project.save()
for user_role in USER_ROLES:
check_page_status(self, user_role, convert_url_roles(URL_ROLES))
# Check if a writer and a team member of the outsource project can
# open up Lotte
expected_code = 200
url = '/projects/p/project1/resource/resource1/l/pt_BR/'
for user_role in self.EXTRA_USER_ROLES:
response = self.client[user_role].get(url)
assert_status_code(self, response, expected_code, url,
user_role)
def testOriginalMaintainer(self):
"""
Even if a project is outsourced, its maintainer needs to be able to
edit the source language and add translations as well.
"""
self.project.outsource = self.project_outsource
self.project.save()
maintainer = self.project.maintainers.all()[0]
# Check if the maintainer can add translations.
expected_code = 200
url = reverse('translate_resource', args=[self.project.slug,
self.resource.slug, self.language.code])
response = self.client[maintainer.username].get(url)
assert_status_code(self, response, expected_code, url,
str(maintainer.username))
# Check if the maintainer can edit the resource
expected_code = 200
url = reverse('resource_edit', args=[self.project.slug,
self.resource.slug])
response = self.client[maintainer.username].get(url)
assert_status_code(self, response, expected_code, url,
str(maintainer.username))
def test_project_access_control_edit(self):
"""Test edit of project access control"""
url = reverse('project_access_control_edit', args=[self.project.slug,])
resp = self.client['maintainer'].get(url)
self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_1">', status_code=200)
#change access control to outsourced access
DATA = {'access_control':"outsourced_access", 'next': url, 'outsource': '22', 'submit_access_control':'Save Access Control Settings'}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_2">', status_code=200)
#change access control to free for all
DATA = {'access_control':"free_for_all", 'next': url, 'outsource': '', 'submit_access_control':'Save Access Control Settings'}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_0">', status_code=200)
#change access control to limited access
DATA = {'access_control':"limited_access", 'next': url, 'outsource': '', 'submit_access_control':'Save Access Control Settings'}
resp = self.client['maintainer'].post(url, DATA, follow=True)
self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_1">', status_code=200)
def test_public_project_can_outsource_from_my_private_project(self):
response = self.client['maintainer'].get(
reverse('project_access_control_edit',
kwargs={'project_slug': self.project.slug})
)
self.assertContains(response, self.project_private.name)
response = self.client['maintainer'].post(
reverse('project_access_control_edit',
kwargs={'project_slug': self.project.slug}),
{'access_control': "outsourced_access",
'outsource': self.project_private.id,
'next': reverse('project_access_control_edit',
kwargs={'project_slug': self.project.slug})}
)
self.assertRedirects(
response,
reverse('project_access_control_edit',
kwargs={'project_slug': self.project.slug})
)
