def test_user_accessible_objects(user, organization): ''' We cannot directly use accessible_objects for User model because both editing and read permissions are obligated to complex business logic ''' admin = user('admin', False) u = user('john', False) access = UserAccess(admin) assert access.get_queryset().count() == 1 # can only see himself organization.member_role.members.add(u) organization.member_role.members.add(admin) assert access.get_queryset().count() == 2 organization.member_role.members.remove(u) assert access.get_queryset().count() == 1
def test_user_queryset(user): u = user('pete', False) access = UserAccess(u) qs = access.get_queryset() assert qs.count() == 1