def setUp(self): super(ProjectAccessControlTestCase, self).setUp() if 'anonymous' in USER_ROLES: USER_ROLES.remove('anonymous') # Extending users and clients extra_users, extra_clients = create_users_and_clients( self.EXTRA_USER_ROLES) self.user.update(extra_users) self.client.update(extra_clients) # Create an extra project to use it as the outsource self.project_outsource = Project.objects.get_or_create( slug="project1_outsource", name="Test Outsource Project", source_language=self.language_en )[0] self.project_outsource.maintainers.add(self.user['outsource_maintainer']) # Add django-authority permission for outsource writer self.perm_outsource = AuPermission(codename='project_perm.submit_translations', approved=True, user=self.user['outsource_writer'], content_object=self.project_outsource, creator=self.user['maintainer']) self.perm_outsource.save() # Create a team to the outsource project self.team_outsource = Team.objects.get_or_create( language=self.language, project=self.project_outsource, creator=self.user['maintainer'])[0] self.team_outsource.coordinators.add(self.user['team_coordinator']) self.team_outsource.members.add(self.user['outsource_team_member'])
class ProjectAccessControlTestCase(BaseTestCase): """ Test if all project URLs return correct status code depending on each user role. """ EXTRA_USER_ROLES = ['outsource_writer', 'outsource_team_member', 'outsource_maintainer'] def setUp(self): super(ProjectAccessControlTestCase, self).setUp() if 'anonymous' in USER_ROLES: USER_ROLES.remove('anonymous') # Extending users and clients extra_users, extra_clients = create_users_and_clients( self.EXTRA_USER_ROLES) self.user.update(extra_users) self.client.update(extra_clients) # Create an extra project to use it as the outsource self.project_outsource = Project.objects.get_or_create( slug="project1_outsource", name="Test Outsource Project", source_language=self.language_en )[0] self.project_outsource.maintainers.add(self.user['outsource_maintainer']) # Add django-authority permission for outsource writer self.perm_outsource = AuPermission(codename='project_perm.submit_translations', approved=True, user=self.user['outsource_writer'], content_object=self.project_outsource, creator=self.user['maintainer']) self.perm_outsource.save() # Create a team to the outsource project self.team_outsource = Team.objects.get_or_create( language=self.language, project=self.project_outsource, creator=self.user['maintainer'])[0] self.team_outsource.coordinators.add(self.user['team_coordinator']) self.team_outsource.members.add(self.user['outsource_team_member']) def tearDown(self): USER_ROLES.extend(self.EXTRA_USER_ROLES) super(ProjectAccessControlTestCase, self).tearDown() for u in self.EXTRA_USER_ROLES: USER_ROLES.remove(u) USER_ROLES.append('anonymous') def testAnyoneCanSubmit(self): """Check URL access when anyone can submit to a project.""" self.project.anyone_submit = True self.project.save() for user_role in USER_ROLES: check_page_status(self, user_role, convert_url_roles(URL_ROLES_FREE)) # Check if a simple registered user can open up Lotte expected_code = 200 url = '/projects/p/project1/resource/resource1/l/pt_BR/' for user_role in ['registered']: response = self.client[user_role].get(url) assert_status_code(self, response, expected_code, url, user_role) def testOutsourcedAccess(self): """Check URL access when a project outsources its access control.""" self.project.outsource = self.project_outsource self.project.save() for user_role in USER_ROLES: check_page_status(self, user_role, convert_url_roles(URL_ROLES_OUTSOURCE)) # Check if a writer and a team member of the outsource project can # open up Lotte expected_code = 200 url = '/projects/p/project1/resource/resource1/l/pt_BR/' for user_role in self.EXTRA_USER_ROLES: response = self.client[user_role].get(url) assert_status_code(self, response, expected_code, url, user_role) def testOriginalMaintainer(self): """ Even if a project is outsourced, its maintainer needs to be able to edit the source language and add translations as well. """ self.project.outsource = self.project_outsource self.project.save() maintainer = self.project.maintainers.all()[0] # Check if the maintainer can add translations. expected_code = 200 url = reverse('translate_resource', args=[self.project.slug, self.resource.slug, self.language.code]) response = self.client[maintainer.username].get(url) assert_status_code(self, response, expected_code, url, str(maintainer.username)) # Check if the maintainer can edit the resource expected_code = 200 url = reverse('resource_edit', args=[self.project.slug, self.resource.slug]) response = self.client[maintainer.username].get(url) assert_status_code(self, response, expected_code, url, str(maintainer.username)) def test_project_access_control_edit(self): """Test edit of project access control""" url = reverse('project_access_control_edit', args=[self.project.slug,]) resp = self.client['maintainer'].get(url) self.assertContains(resp, '<label for="id_access_control_1">'\ '<input checked="checked" name="access_control" value='\ '"limited_access"', status_code=200) #change access control to outsourced access DATA = {'project_type':'outsourced', 'access_control':"free_for_all", 'next': url, 'outsource': '22'} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, '<label for="id_project_type_2"><input'\ ' checked="checked" name="project_type" value="outsourced"', status_code=200) #change access control to outsourced with not outsource field filled DATA = {'project_type':'outsourced', 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, 'This field is required', status_code=200) #change access control to typical and free for all DATA = {'project_type':'typical', 'access_control':"free_for_all", 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, 'Free for all', status_code=200) #change access control to typical with limited access DATA = {'project_type':'typical', 'access_control':"limited_access", 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertNotContains(resp, 'Free for all', status_code=200) #change access control to typical with not access_control field filled DATA = {'project_type':'typical', 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, 'This field is required', status_code=200) @skip def test_project_hub_access_control_edit(self): """Test edit of project hub access control""" url = reverse('project_access_control_edit', args=[self.project.slug,]) #change access control as hub and free for all DATA = {'project_type':'hub', 'access_control':"free_for_all", 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, 'Free for all') self.assertContains(resp, 'Hub') #change access control as hub with limited access DATA = {'project_type':'hub', 'access_control':"limited_access", 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertNotContains(resp, 'Free for all') self.assertContains(resp, 'Hub') #change access control as hub with not access_control field filled DATA = {'project_type':'hub', 'next': url, 'outsource': ''} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, 'This field is required', status_code=200) def test_public_project_can_outsource_from_my_private_project(self): url = reverse('project_detail', kwargs={'project_slug': self.project.slug}) self.project_private.is_hub = True self.project_private.save() response = self.client['maintainer'].post(url, { 'project_type': "outsourced", 'outsource': self.project_private.id, 'next': url} ) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'projects/project_detail.html')
class ProjectAccessControlTestCase(BaseTestCase): """ Test if all project URLs return correct status code depending on each user role. """ EXTRA_USER_ROLES = ['outsource_writer', 'outsource_team_member', 'outsource_maintainer'] def setUp(self): USER_ROLES.remove('anonymous') # Extending user roles USER_ROLES.extend(self.EXTRA_USER_ROLES) super(ProjectAccessControlTestCase, self).setUp() for u in self.EXTRA_USER_ROLES: USER_ROLES.remove(u) # Create an extra project to use it as the outsource self.project_outsource = Project.objects.get_or_create( slug="project1_outsource", name="Test Outsource Project", source_language=self.language_en )[0] self.project_outsource.maintainers.add(self.user['outsource_maintainer']) # Add django-authority permission for outsource writer self.perm_outsource = AuPermission(codename='project_perm.submit_translations', approved=True, user=self.user['outsource_writer'], content_object=self.project_outsource, creator=self.user['maintainer']) self.perm_outsource.save() # Create a team to the outsource project self.team_outsource = Team.objects.get_or_create( language=self.language, project=self.project_outsource, creator=self.user['maintainer'])[0] self.team_outsource.coordinators.add(self.user['team_coordinator']) self.team_outsource.members.add(self.user['outsource_team_member']) def tearDown(self): USER_ROLES.extend(self.EXTRA_USER_ROLES) super(ProjectAccessControlTestCase, self).tearDown() for u in self.EXTRA_USER_ROLES: USER_ROLES.remove(u) USER_ROLES.append('anonymous') def testAnyoneCanSubmit(self): """Check URL access when anyone can submit to a project.""" self.project.anyone_submit = True self.project.save() for user_role in USER_ROLES: check_page_status(self, user_role, convert_url_roles(URL_ROLES)) # Check if a simple registered user can open up Lotte expected_code = 200 url = '/projects/p/project1/resource/resource1/l/pt_BR/' for user_role in ['registered']: response = self.client[user_role].get(url) assert_status_code(self, response, expected_code, url, user_role) def testOutsourcedAccess(self): """Check URL access when a project outsources its access control.""" self.project.outsource = self.project_outsource self.project.save() for user_role in USER_ROLES: check_page_status(self, user_role, convert_url_roles(URL_ROLES)) # Check if a writer and a team member of the outsource project can # open up Lotte expected_code = 200 url = '/projects/p/project1/resource/resource1/l/pt_BR/' for user_role in self.EXTRA_USER_ROLES: response = self.client[user_role].get(url) assert_status_code(self, response, expected_code, url, user_role) def testOriginalMaintainer(self): """ Even if a project is outsourced, its maintainer needs to be able to edit the source language and add translations as well. """ self.project.outsource = self.project_outsource self.project.save() maintainer = self.project.maintainers.all()[0] # Check if the maintainer can add translations. expected_code = 200 url = reverse('translate_resource', args=[self.project.slug, self.resource.slug, self.language.code]) response = self.client[maintainer.username].get(url) assert_status_code(self, response, expected_code, url, str(maintainer.username)) # Check if the maintainer can edit the resource expected_code = 200 url = reverse('resource_edit', args=[self.project.slug, self.resource.slug]) response = self.client[maintainer.username].get(url) assert_status_code(self, response, expected_code, url, str(maintainer.username)) def test_project_access_control_edit(self): """Test edit of project access control""" url = reverse('project_access_control_edit', args=[self.project.slug,]) resp = self.client['maintainer'].get(url) self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_1">', status_code=200) #change access control to outsourced access DATA = {'access_control':"outsourced_access", 'next': url, 'outsource': '22', 'submit_access_control':'Save Access Control Settings'} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_2">', status_code=200) #change access control to free for all DATA = {'access_control':"free_for_all", 'next': url, 'outsource': '', 'submit_access_control':'Save Access Control Settings'} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_0">', status_code=200) #change access control to limited access DATA = {'access_control':"limited_access", 'next': url, 'outsource': '', 'submit_access_control':'Save Access Control Settings'} resp = self.client['maintainer'].post(url, DATA, follow=True) self.assertContains(resp, '<li class="selected"><span><label for="id_access_control_1">', status_code=200) def test_public_project_can_outsource_from_my_private_project(self): response = self.client['maintainer'].get( reverse('project_access_control_edit', kwargs={'project_slug': self.project.slug}) ) self.assertContains(response, self.project_private.name) response = self.client['maintainer'].post( reverse('project_access_control_edit', kwargs={'project_slug': self.project.slug}), {'access_control': "outsourced_access", 'outsource': self.project_private.id, 'next': reverse('project_access_control_edit', kwargs={'project_slug': self.project.slug})} ) self.assertRedirects( response, reverse('project_access_control_edit', kwargs={'project_slug': self.project.slug}) )