class UserCanDeleteTestCase(OTMTestCase): def setUp(self): instance = make_instance() # Fancy name, but no write, create, or delete permissions instance.default_role.name = Role.ADMINISTRATOR self.creator_user = make_officer_user(instance) self.admin_user = make_admin_user(instance) self.other_user = make_observer_user(instance, username='******') self.tweaker_user = make_tweaker_user(instance) self.conjurer_user = make_conjurer_user(instance) self.plot = Plot(geom=instance.center, instance=instance) self.plot.save_with_user(self.creator_user) self.tree = Tree(plot=self.plot, instance=instance) self.tree.save_with_user(self.creator_user) self.rainBarrel = RainBarrel(geom=instance.center, instance=instance, capacity=5) self.rainBarrel.save_with_user(self.creator_user) def assert_can_delete(self, user, deletable, should_be_able_to_delete): can = deletable.user_can_delete(user) self.assertEqual(can, should_be_able_to_delete) def test_user_can_delete(self): self.assert_can_delete(self.conjurer_user, self.plot, True) self.assert_can_delete(self.conjurer_user, self.rainBarrel, True) self.assert_can_delete(self.conjurer_user, self.tree, True) self.assert_can_delete(self.creator_user, self.plot, True) self.assert_can_delete(self.creator_user, self.rainBarrel, True) self.assert_can_delete(self.creator_user, self.tree, True) self.assert_can_delete(self.admin_user, self.plot, True) self.assert_can_delete(self.admin_user, self.rainBarrel, True) self.assert_can_delete(self.admin_user, self.tree, True) def test_user_cannot_delete(self): self.assert_can_delete(self.tweaker_user, self.plot, False) self.assert_can_delete(self.tweaker_user, self.rainBarrel, False) self.assert_can_delete(self.tweaker_user, self.tree, False) self.assert_can_delete(self.other_user, self.plot, False) self.assert_can_delete(self.other_user, self.rainBarrel, False) self.assert_can_delete(self.other_user, self.tree, False) def test_admin_cannot_delete_by_flag(self): instance = self.tree.get_instance() role = self.admin_user.get_role(instance) role.instance_permissions.clear() self.assertTrue(self.admin_user.get_instance_user(instance).admin) self.assertEqual(role.instance_permissions.count(), 0) self.assert_can_delete(self.admin_user, self.tree, False)
class UserRoleModelPermissionTest(MultiUserTestCase): def setUp(self): super(UserRoleModelPermissionTest, self).setUp() self.plot = Plot(geom=self.p1, instance=self.instance) self.plot.save_with_user(self.direct_user) self.tree = Tree(plot=self.plot, instance=self.instance) self.tree.save_with_user(self.direct_user) def _change_user_role(self, user, role): iuser = user.get_instance_user(self.instance) iuser.role = role iuser.save_with_user(self.commander_user) def test_save_new_object_authorized_officer(self): ''' Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.direct_user) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.direct_user) def test_save_new_object_authorized_conjurer(self): ''' Save two new objects with authorized user, nothing should happen''' plot = Plot(geom=self.p1, instance=self.instance) plot.save_with_user(self.conjurer_user) tree = Tree(plot=plot, instance=self.instance) tree.save_with_user(self.conjurer_user) def test_save_new_object_unauthorized_outlaw(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.outlaw_user) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.outlaw_user) def test_save_new_object_unauthorized_tweaker(self): plot = Plot(geom=self.p1, instance=self.instance) self.assertRaises(AuthorizeException, plot.save_with_user, self.tweaker_user) plot.save_base() tree = Tree(plot=plot, instance=self.instance) self.assertRaises(AuthorizeException, tree.save_with_user, self.tweaker_user) def test_assign_commander_role_can_delete(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw_user) self._change_user_role( self.outlaw_user, make_commander_role(self.tree.get_instance())) self.tree.delete_with_user(self.outlaw_user) self.assertEqual(Tree.objects.count(), 0) def test_delete_object(self): with self.assertRaises(AuthorizeException): self.tree.delete_with_user(self.outlaw_user) self.tree.delete_with_user(self.commander_user) with self.assertRaises(AuthorizeException): self.plot.delete_with_user(self.outlaw_user, cascade=True) self.plot.delete_with_user(self.commander_user, cascade=True) def test_delete_object_you_created(self): outlaw_role = self.outlaw_user.get_role(self.instance) self._change_user_role(self.direct_user, outlaw_role) self.tree.delete_with_user(self.direct_user) self.plot.delete_with_user(self.direct_user, cascade=True)