Exemple #1
0
    def test_view_remove_user(self):
        """
        Test view for adding a user:

        Verifies:
            * GET redirects user to 405
            * POST with a user id remove user, returns 1
            * POST without user id returns error as json
            * users lacking perms receive 403
            * removing user not in group returns error as json
            * removing user that does not exist returns error as json
            * user loses all permissions when removed from group
        """
        group = self.test_save()
        c = Client()
        group.user_set.add(self.user0)
        url = '/group/%d/user/remove/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # invalid permissions
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorize and login
        grant(self.user0, 'admin', group)

        # invalid method
        response = c.get(url % args)
        self.assertEqual(405, response.status_code)

        # valid request (perm)
        data = {'user':self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertEqual([], self.user0.get_perms(group))

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None
        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_remove_user.connect(callback)

        # valid request (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        group.user_set.add(self.user0)
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_remove_user.disconnect(callback)

        # remove user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertNotEqual('1', response.content)

        # remove invalid user
        response = c.post(url % args, {'user':0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('1', response.content)
Exemple #2
0
    def test_view_remove_user(self):
        """
        Test view for adding a user:

        Verifies:
            * GET redirects user to 405
            * POST with a user id remove user, returns 1
            * POST without user id returns error as json
            * users lacking perms receive 403
            * removing user not in group returns error as json
            * removing user that does not exist returns error as json
            * user loses all permissions when removed from group
        """
        group = self.test_save()
        c = Client()
        group.user_set.add(self.user0)
        url = '/group/%d/user/remove/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # invalid permissions
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorize and login
        grant(self.user0, 'admin', group)

        # invalid method
        response = c.get(url % args)
        self.assertEqual(405, response.status_code)

        # valid request (perm)
        data = {'user': self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertEqual([], self.user0.get_perms(group))

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None

        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_remove_user.connect(callback)

        # valid request (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        group.user_set.add(self.user0)
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEqual('1', response.content)
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_remove_user.disconnect(callback)

        # remove user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
        self.assertNotEqual('1', response.content)

        # remove invalid user
        response = c.post(url % args, {'user': 0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertNotEqual('1', response.content)
Exemple #3
0
    def test_view_add_user(self):
        """
        Test view for adding a user:

        Verifies:
            * request from unauthorized user results in 403
            * GET returns a 200 code, response is html
            * POST with a user id adds user, response is html for user
            * POST without user id returns error as json
            * POST for invalid user id returns error as json
            * adding user a second time returns error as json
        """
        group = self.test_save()
        c = Client()
        url = '/group/%d/user/add/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized
        self.assertTrue(c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorized get (perm granted)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # authorized get (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # missing user id
        response = c.post(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # invalid user
        response = c.post(url % args, {'user':0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None
        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_add_user.connect(callback)

        # valid post
        data = {'user':self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'muddle/group/user_row.html')
        self.assertTrue(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_add_user.disconnect(callback)

        # same user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)
Exemple #4
0
    def test_view_add_user(self):
        """
        Test view for adding a user:

        Verifies:
            * request from unauthorized user results in 403
            * GET returns a 200 code, response is html
            * POST with a user id adds user, response is html for user
            * POST without user id returns error as json
            * POST for invalid user id returns error as json
            * adding user a second time returns error as json
        """
        group = self.test_save()
        c = Client()
        url = '/group/%d/user/add/'
        args = group.id

        # anonymous user
        response = c.get(url % args, follow=True)
        self.assertEqual(200, response.status_code)
        self.assertTemplateUsed(response, 'registration/login.html')

        # unauthorized
        self.assertTrue(
            c.login(username=self.user0.username, password='******'))
        response = c.get(url % args)
        self.assertEqual(403, response.status_code)
        response = c.post(url % args)
        self.assertEqual(403, response.status_code)

        # authorized get (perm granted)
        grant(self.user0, 'admin', group)
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # authorized get (superuser)
        revoke(self.user0, 'admin', group)
        self.user0.is_superuser = True
        self.user0.save()
        response = c.get(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/add_user.html')

        # missing user id
        response = c.post(url % args)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # invalid user
        response = c.post(url % args, {'user': 0})
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])

        # setup signal
        self.signal_sender = self.signal_user = self.signal_obj = None

        def callback(sender, user, obj, **kwargs):
            self.signal_sender = sender
            self.signal_user = user
            self.signal_obj = obj
        view_add_user.connect(callback)

        # valid post
        data = {'user': self.user0.id}
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('text/html; charset=utf-8', response['content-type'])
        self.assertTemplateUsed(response, 'group/user_row.html')
        self.assertTrue(group.user_set.filter(id=self.user0.id).exists())

        # check signal fired
        self.assertEqual(self.signal_sender, self.user0)
        self.assertEqual(self.signal_user, self.user0)
        self.assertEqual(self.signal_obj, group)
        view_add_user.disconnect(callback)

        # same user again
        response = c.post(url % args, data)
        self.assertEqual(200, response.status_code)
        self.assertEquals('application/json', response['content-type'])
        self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)