def test_model_url_with_permissions():
permissions = set(
["shop_product.new", "shop_product.delete", "shop_product.edit"])
shop = get_default_shop()
p = get_default_product()
# If no user is given, don't check for permissions
assert get_model_url(p, shop=shop)
# If a user is given and no permissions are provided, check for default model permissions
user = get_default_staff_user()
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user, shop=shop)
# If a user is given and permissions are provided, check for those permissions
assert get_model_url(p, user=user, required_permissions=(), shop=shop)
with pytest.raises(NoModelUrl):
assert get_model_url(p,
user=user,
required_permissions=["shop_product.new"],
shop=shop)
# Confirm that url is returned with correct permissions
set_permissions_for_group(user.groups.first(), permissions)
assert get_model_url(p, user=user, shop=shop)
assert get_model_url(p,
user=user,
required_permissions=permissions,
shop=shop)
def test_reports_admin_permissions(rf):
shop = get_default_shop() # We need a shop to exists
staff_user = get_default_staff_user(shop)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
request = apply_request_middleware(rf.get("/"), user=staff_user)
request.user = staff_user
with replace_modules([ReportsAdminModule]):
with override_provides("reports", REPORTS):
extra_permissions = ReportsAdminModule().get_extra_permissions()
assert len(extra_permissions) == 3
assert SalesReport.identifier in extra_permissions
assert TotalSales.identifier in extra_permissions
assert SalesPerHour.identifier in extra_permissions
with admin_only_urls():
view_func = ReportView.as_view()
response = view_func(request)
response.render()
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
assert soup.find("div", {"class": "content-block"}).text == "No reports available"
expected_report_identifiers = []
for report_cls in [SalesReport, TotalSales, SalesPerHour]:
expected_report_identifiers.append(report_cls.identifier)
set_permissions_for_group(permission_group, [report_cls.identifier])
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
for option in soup.find("select", {"id": "id_report"}).findAll("option"):
assert option["value"] in expected_report_identifiers
def test_reports_admin_permissions(rf):
shop = get_default_shop() # We need a shop to exists
staff_user = get_default_staff_user(shop)
permission_group = get_default_permission_group()
staff_user.groups = [permission_group]
request = apply_request_middleware(rf.get("/"), user=staff_user)
request.user = staff_user
with replace_modules([ReportsAdminModule]):
with override_provides("reports", REPORTS):
extra_permissions = ReportsAdminModule().get_extra_permissions()
assert len(extra_permissions) == 3
assert SalesReport.identifier in extra_permissions
assert TotalSales.identifier in extra_permissions
assert SalesPerHour.identifier in extra_permissions
with admin_only_urls():
view_func = ReportView.as_view()
response = view_func(request)
response.render()
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
assert soup.find("div", {"class": "content-block"}).text == "No reports available"
expected_report_identifiers = []
for report_cls in [SalesReport, TotalSales, SalesPerHour]:
expected_report_identifiers.append(report_cls.identifier)
set_permissions_for_group(permission_group, [report_cls.identifier])
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
for option in soup.find("select", {"id": "id_report"}).findAll("option"):
assert option["value"] in expected_report_identifiers
def test_login_as_requires_staff_member(rf, regular_user):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
def do_nothing(request, shop=None):
pass
def get_default(request):
return get_default_shop()
# Maybe some vendors and non marketplace staff members has access to admin module
with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing):
with patch("shuup.admin.shop_provider.get_shop",
side_effect=get_default):
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user)
# not staff member
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
shop.staff_members.add(staff_user)
# no permission
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_media_view_images_without_root_access(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
folder = get_or_create_folder(shop, "Root")
File.objects.create(name="normalfile", folder=folder)
img = Image.objects.create(name="imagefile", folder=folder, is_public=True)
request = apply_request_middleware(rf.get("/", {
"filter": "images",
"action": "folder"
}),
user=staff_user)
request.user = staff_user
view_func = MediaBrowserView.as_view()
response = view_func(request)
assert isinstance(response, JsonResponse)
content = json.loads(response.content.decode("utf-8"))
assert len(content["folder"]["folders"]) == 0
assert len(content["folder"]["files"]) == 0
def test_user_permission_cache_bump(rf):
user = factories.get_default_staff_user()
group_a = Group.objects.create(name="Group A")
group_b = Group.objects.create(name="Group B")
group_a_permissions = ["purchase", "sell"]
group_b_permissions = ["delete", "create"]
set_permissions_for_group(group_a, set(group_a_permissions))
set_permissions_for_group(group_b, set(group_b_permissions))
all_permissions = set(group_a_permissions + group_b_permissions)
# as user is not in any group, it misses all the groups
assert get_missing_permissions(user, all_permissions) == all_permissions
# add the user to Group A
user.groups.add(group_a)
# the user misses the group_b permissions
assert get_missing_permissions(user,
all_permissions) == set(group_b_permissions)
# make the user be part only of group b
group_b.user_set.add(user)
group_a.user_set.remove(user)
# the user misses the group_a permissions
assert get_missing_permissions(user,
all_permissions) == set(group_a_permissions)
# user is part of all groups
user.groups.set([group_a, group_b])
assert get_missing_permissions(user, all_permissions) == set()
def test_login_as_staff_as_staff(rf):
"""
Staff user 1 tries to impersonat staff user 2
"""
shop = get_default_shop()
staff_user1 = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user1.groups.add(permission_group)
shop.staff_members.add(staff_user1)
staff_user2 = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user1)
with pytest.raises(PermissionDenied):
view_func(request, pk=staff_user2.pk)
set_permissions_for_group(permission_group, ["user.login-as-staff"])
response = view_func(request, pk=staff_user2.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user2
# Stop impersonating and since staff1 does not have user detail permission
# he/she should find him/herself from dashboard
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user1
response = stop_impersonating_staff(request)
assert response.status_code == 403
def get_staff_user():
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"])
return staff_user
def test_media_view_images(rf):
with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True):
shop1 = factories.get_shop(identifier="shop1", enabled=True)
shop1_staff1 = _create_random_staff(shop1)
shop1_staff2 = _create_random_staff(shop1)
group = factories.get_default_permission_group()
set_permissions_for_group(group,
["media.upload-to-folder", "media.view-all"])
shop2 = factories.get_shop(identifier="shop2", enabled=True)
shop2_staff = _create_random_staff(shop2)
shop1_staff1.groups.add(group)
shop1_staff2.groups.add(group)
shop2_staff.groups.add(group)
# Let's agree this folder is created by for example carousel
# so it would be shared with all the shops.
folder = Folder.objects.create(name="Root")
assert MediaFolder.objects.count() == 0
path = "%s" % folder.name
File.objects.create(name="normalfile",
folder=folder) # Shared between shops
# Let's create 4 images for shop 1
_mbv_upload(shop1, shop1_staff1, path=path)
_mbv_upload(shop1, shop1_staff1, path=path)
_mbv_upload(shop1, shop1_staff2, path=path)
_mbv_upload(shop1, shop1_staff2, path=path)
assert MediaFile.objects.count() == 4
# Let's create 3 images for shop 2
_mbv_upload(shop2, shop2_staff, path=path)
_mbv_upload(shop2, shop2_staff, path=path)
_mbv_upload(shop2, shop2_staff, path=path)
assert MediaFile.objects.count() == 7
# All files were created to same folder and while uploading
# the each shop declared that they own the folder.
assert Folder.objects.count() == 1
assert MediaFolder.objects.count() == 1
assert MediaFolder.objects.filter(shops=shop1).exists()
assert shop1.media_folders.count() == 1
assert shop1.media_files.count() == 4
assert MediaFolder.objects.filter(shops=shop2).exists()
assert shop2.media_folders.count() == 1
assert shop2.media_files.count() == 3
# Now let's make sure that each staff can view the folder
# and all the files she should see.
_check_that_staff_can_see_folder(rf, shop1, shop1_staff1, folder, 5)
_check_that_staff_can_see_folder(rf, shop1, shop1_staff2, folder, 5)
_check_that_staff_can_see_folder(rf, shop2, shop2_staff, folder, 4)
def test_url_buttons_permission(rf, button, permission, instance):
request = rf.get("/")
assert isinstance(button, instance)
if button is not None:
request.user = factories.get_default_staff_user()
assert not "".join(bit for bit in button.render(request))
set_permissions_for_group(request.user.groups.first(), (permission, ))
assert "".join(bit for bit in button.render(request))
def get_supplier_user():
factories.get_default_shop()
supplier = factories.get_default_supplier()
supplier_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
supplier_user.groups.add(permission_group)
set_permissions_for_group(permission_group, [
"Customize Supplier Admin Menu", "menu.arrange_supplier",
"menu.reset_staff"
])
return supplier_user
def test_login_as_staff_member(rf):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"),
user=staff_user,
skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
user = UserFactory()
get_person_contact(user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
user.is_active = True
user.save()
# staff user without "user.login-as" permission trying to login as valid user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
permission_group = staff_user.groups.first()
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == user
def test_can_see_root_folder(rf, admin_user):
assert not can_see_root_folder(None)
assert can_see_root_folder(admin_user)
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
assert not can_see_root_folder(staff_user)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["media.view-all"])
assert can_see_root_folder(staff_user)
def test_toolbar_button_permissions(rf, button_class, kwargs):
permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
request = rf.get("/")
request.user = factories.get_default_staff_user()
button = button_class(required_permissions=permissions, **kwargs)
rendered_button = "".join(bit for bit in button.render(request))
assert not rendered_button
# Set permissions for the user
set_permissions_for_group(request.user.groups.first(), permissions)
rendered_button = "".join(bit for bit in button.render(request))
assert rendered_button
def test_toolbar_button_permissions(rf, button_class, kwargs):
permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
request = rf.get("/")
request.user = factories.get_default_staff_user()
button = button_class(required_permissions=permissions, **kwargs)
rendered_button = "".join(bit for bit in button.render(request))
assert not rendered_button
# Set permissions for the user
set_permissions_for_group(request.user.groups.first(), permissions)
rendered_button = "".join(bit for bit in button.render(request))
assert rendered_button
def test_dashboard_blocks_permissions(rf, client):
with replace_modules([ARestrictedTestModule]):
request = rf.get("/")
request.user = get_default_staff_user(get_default_shop()) # Dashboard permission is added by default
request.session = client.session
view = DashboardView(request=request)
assert not view.get_context_data()["blocks"]
# By default there is only dashboard permission so to be
# able to see some blocks permission to some admin module
# providing dashboard bocks needed.
set_permissions_for_group(
request.user.groups.first(), set("dashboard") | set(ARestrictedTestModule().get_required_permissions())
)
view = DashboardView(request=request)
assert view.get_context_data()["blocks"]
def test_dashboard_blocks_permissions(rf, client):
with replace_modules([ARestrictedTestModule]):
request = rf.get("/")
request.user = get_default_staff_user(get_default_shop()) # Dashboard permission is added by default
request.session = client.session
view = DashboardView(request=request)
assert not view.get_context_data()["blocks"]
# By default there is only dashboard permission so to be
# able to see some blocks permission to some admin module
# providing dashboard bocks needed.
set_permissions_for_group(
request.user.groups.first(),
set("dashboard") | set(ARestrictedTestModule().get_required_permissions())
)
view = DashboardView(request=request)
assert view.get_context_data()["blocks"]
def test_browser_config_as_shop_staff(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
urls = get_browser_urls(request)
# staff does not have media permission
assert urls["media"] is None
set_permissions_for_group(permission_group, ["media.browse"])
urls = get_browser_urls(request)
assert urls["media"] == reverse("shuup_admin:media.browse")
media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls()))
assert "media.browse" in media_module_permission_urls
assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_permissions_for_menu_entries(rf, admin_user):
request = rf.get("/")
request.user = factories.get_default_staff_user()
permission_group = request.user.groups.first()
set_permissions_for_group(
permission_group,
set("dashboard") | set(ARestrictedTestModule().get_required_permissions())
)
with replace_modules([ARestrictedTestModule]):
categories = get_menu_entry_categories(request)
assert categories
# Make sure category is displayed if user has correct permissions
test_category_menu_entries = [cat for cat in categories if cat.name == "RestrictedTest"][0]
assert any(me.text == "OK" for me in test_category_menu_entries)
# No menu items should be displayed if user has no permissions
set_permissions_for_group(permission_group, set())
categories = get_menu_entry_categories(request)
assert not categories
def test_permissions_for_menu_entries(rf, admin_user):
request = rf.get("/")
request.user = factories.get_default_staff_user()
permission_group = request.user.groups.first()
set_permissions_for_group(
permission_group,
set("dashboard") | set(ARestrictedTestModule().get_required_permissions())
)
with replace_modules([ARestrictedTestModule]):
categories = get_menu_entry_categories(request)
assert categories
# Make sure category is displayed if user has correct permissions
test_category_menu_entries = [cat for cat in categories if cat.name == "RestrictedTest"][0]
assert any(me.text == "OK" for me in test_category_menu_entries)
# No menu items should be displayed if user has no permissions
set_permissions_for_group(permission_group, set())
categories = get_menu_entry_categories(request)
assert not categories
def test_model_url_with_permissions():
permissions = set(["shop_product.new", "shop_product.delete", "shop_product.edit"])
shop = get_default_shop()
p = get_default_product()
# If no user is given, don't check for permissions
assert get_model_url(p, shop=shop)
# If a user is given and no permissions are provided, check for default model permissions
user = get_default_staff_user()
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user, shop=shop)
# If a user is given and permissions are provided, check for those permissions
assert get_model_url(p, user=user, required_permissions=(), shop=shop)
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user, required_permissions=["shop_product.new"], shop=shop)
# Confirm that url is returned with correct permissions
set_permissions_for_group(user.groups.first(), permissions)
assert get_model_url(p, user=user, shop=shop)
assert get_model_url(p, user=user, required_permissions=permissions, shop=shop)
def test_get_folders_without_view_all_permission(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
# Create a structure and retrieve it
folder1 = get_or_create_folder(shop, printable_gibberish())
folder1_media_folder = ensure_media_folder(shop, folder1)
folder1_media_folder.owners.add(staff_user)
folder2 = get_or_create_folder(shop, printable_gibberish())
folder3 = get_or_create_folder(shop, printable_gibberish())
folder4 = get_or_create_folder(shop, printable_gibberish())
folder4.parent = folder2
folder4.save()
folder4_media_folder = ensure_media_folder(shop, folder4)
folder4_media_folder.owners.add(staff_user)
folder5 = get_or_create_folder(shop, printable_gibberish())
folder5.parent = folder4
folder5.save()
folder6 = get_or_create_folder(shop, printable_gibberish())
folder6.parent = folder5
folder6.save()
folder6_media_folder = ensure_media_folder(shop, folder6)
folder6_media_folder.owners.add(staff_user)
folder7 = get_or_create_folder(shop, printable_gibberish())
folder7.parent = folder6
folder7.save()
tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET"))
assert set((folder1.id, folder4.id)) <= set(tree.keys())
def get_default_permission_group(permissions=("dashboard",)):
group, _ = PermissionGroup.objects.get_or_create(name=DEFAULT_NAME)
set_permissions_for_group(group.id, permissions)
return group
def get_default_permission_group(permissions=("dashboard",)):
group, _ = PermissionGroup.objects.get_or_create(name=DEFAULT_NAME)
set_permissions_for_group(group.id, permissions)
return group
def save(self):
obj = super(PermissionGroupForm, self).save()
obj.user_set = set(self.cleaned_data["members"])
set_permissions_for_group(obj.pk, self.cleaned_data["permissions"])
return obj
def test_ajax_object_select_view_with_contacts_multipleshop(rf, contact_cls):
shop1 = get_default_shop()
shop2 = get_shop(identifier="shop2")
staff = create_random_user(is_staff=True)
shop1.staff_members.add(staff)
shop2.staff_members.add(staff)
view = ObjectSelectorView.as_view()
model_name = "shuup.%s" % contact_cls._meta.model_name
customer = contact_cls.objects.create(name="Michael Jackson",
email="*****@*****.**")
customer_shop1 = contact_cls.objects.create(name="Roberto",
email="*****@*****.**")
customer_shop2 = contact_cls.objects.create(name="Maria",
email="*****@*****.**")
permission_group = get_default_permission_group()
staff.groups.add(permission_group)
permission_name = "%s.object_selector" % contact_cls._meta.model_name
set_permissions_for_group(permission_group, [permission_name])
results = _get_object_selector_results(rf, view, model_name, "michael",
staff)
assert len(results) == 0
customer.add_to_shop(shop1)
customer.add_to_shop(shop2)
customer_shop1.add_to_shop(shop1)
customer_shop2.add_to_shop(shop2)
for shop in [shop1, shop2]:
results = _get_object_selector_results(rf,
view,
model_name,
"michael",
staff,
shop=shop)
assert len(results) == 1
assert results[0].get("id") == customer.id
assert results[0].get("name") == customer.name
results = _get_object_selector_results(rf,
view,
model_name,
"roberto",
staff,
shop=shop)
if shop == shop1:
assert len(results) == 1
assert results[0].get("id") == customer_shop1.id
assert results[0].get("name") == customer_shop1.name
else:
assert len(results) == 0
results = _get_object_selector_results(rf,
view,
model_name,
"maria",
staff,
shop=shop)
if shop == shop2:
assert len(results) == 1
assert results[0].get("id") == customer_shop2.id
assert results[0].get("name") == customer_shop2.name
else:
assert len(results) == 0
def test_order_shipments(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers.set([supplier1])
product2 = create_product("sku3",
shop=shop,
default_price=10,
shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers.set([supplier2])
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2,
get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1,
get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
assert len(context["set_sent_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
assert len(context["set_sent_urls"].keys()) == 0
set_permissions_for_group(group, [
"order.create-shipment", "order.delete-shipment",
"order.set-shipment-sent"
])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
assert len(context["set_sent_urls"].keys()) == 3
# works fine while rendering
rendered_content = loader.render_to_string(ShipmentSection.template,
context={
ShipmentSection.identifier:
context,
"order": order,
})
all_urls = list(context["delete_urls"].values())
all_urls.extend(list(context["set_sent_urls"].values()))
for url in all_urls:
assert url in rendered_content
assert order.get_sent_shipments().count() == 0
order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 3
client = Client()
client.force_login(admin_user)
# mark all shipments as sent!
for mark_sent_url in context["set_sent_urls"].values():
response = client.post(mark_sent_url)
assert response.status_code == 302
assert order.get_sent_shipments().count() == 3
order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 0
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# list all shipments in shipments list view
response = client.get("{}?jq={}".format(
reverse("shuup_admin:order.shipments.list"),
json.dumps({
"perPage": 10,
"page": 1
})))
assert response.status_code == 200
data = json.loads(response.content)
assert len(data["items"]) == 3
for item in data["items"]:
assert item["status"] == "Sent"
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
def test_edit_button_no_permission(browser, admin_user, live_server, settings):
shop = get_default_shop()
manager_group = Group.objects.create(name="Managers")
manager = create_random_user("en", is_staff=True)
manager.username = "******"
manager.set_password("password")
manager.save()
manager.groups.add(manager_group)
shop.staff_members.add(manager)
# add permissions for Product admin module
manager_permissions = set(["dashboard", "Products", "shop_product.new"])
set_permissions_for_group(manager_group, manager_permissions)
get_default_product_type()
get_default_sales_unit()
get_default_tax_class()
initialize_admin_browser_test(browser, live_server, settings, username=manager.username)
url = reverse("shuup_admin:shop_product.new")
browser.visit("%s%s" % (live_server, url))
sku = "testsku"
name = "Some product name"
price_value = 10
short_description = "short but gold"
browser.fill("base-sku", sku)
browser.fill("base-name__en", name)
browser.fill("base-short_description__en", short_description)
browser.fill("shop%s-default_price_value" % shop.pk, price_value)
wait_until_appeared(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
click_element(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# no permission to add category
with browser.get_iframe('create-object-iframe') as iframe:
error = "Can't view this page. You do not have the required permissions: category.new"
wait_until_condition(iframe, condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
# add permission to add category
manager_permissions.add("category.new")
manager_permissions.add("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
# click to add category again
click_element(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# add the category
with browser.get_iframe('create-object-iframe') as iframe:
assert Category.objects.count() == 0
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", "Test Category")
time.sleep(3) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(browser, condition=lambda x: Category.objects.count() == 1, timeout=20)
assert Category.objects.first().name == "Test Category"
# remove the edit category permissions
# add permission to add category
manager_permissions.remove("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
# click to edit the button
click_element(browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
# no permission to edit category
with browser.get_iframe('create-object-iframe') as iframe:
error = "Can't view this page. You do not have the required permission(s): category.edit"
wait_until_condition(iframe, condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
manager_permissions.add("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
click_element(browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
new_cat_name = "Changed Name"
with browser.get_iframe('create-object-iframe') as iframe:
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", new_cat_name)
time.sleep(3) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(browser, condition=lambda x: Category.objects.first().name == new_cat_name, timeout=20)
def test_order_shipment_section(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers.set([supplier1])
product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers.set([supplier2])
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
def save(self):
obj = super(PermissionGroupForm, self).save()
obj.user_set = set(self.cleaned_data["members"])
set_permissions_for_group(obj.pk, self.cleaned_data["permissions"])
return obj
def test_edit_button_no_permission(browser, admin_user, live_server, settings):
shop = get_default_shop()
manager_group = Group.objects.create(name="Managers")
manager = create_random_user("en", is_staff=True)
manager.username = "******"
manager.set_password("password")
manager.save()
manager.groups.add(manager_group)
shop.staff_members.add(manager)
# add permissions for Product admin module
manager_permissions = set(["dashboard", "Products", "shop_product.new"])
set_permissions_for_group(manager_group, manager_permissions)
get_default_product_type()
get_default_sales_unit()
get_default_tax_class()
initialize_admin_browser_test(browser,
live_server,
settings,
username=manager.username)
url = reverse("shuup_admin:shop_product.new")
browser.visit("%s%s" % (live_server, url))
sku = "testsku"
name = "Some product name"
price_value = 10
short_description = "short but gold"
browser.fill("base-sku", sku)
browser.fill("base-name__en", name)
browser.fill("base-short_description__en", short_description)
browser.fill("shop%s-default_price_value" % shop.pk, price_value)
wait_until_appeared(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
click_element(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# no permission to add category
with browser.get_iframe("create-object-iframe") as iframe:
error = "Can't view this page. You do not have the required permissions: category.new"
wait_until_condition(iframe,
condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
# add permission to add category
manager_permissions.add("category.new")
manager_permissions.add("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
# click to add category again
click_element(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# add the category
with browser.get_iframe("create-object-iframe") as iframe:
assert Category.objects.count() == 0
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", "Test Category")
time.sleep(
3
) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(browser,
condition=lambda x: Category.objects.count() == 1,
timeout=20)
assert Category.objects.first().name == "Test Category"
# remove the edit category permissions
# add permission to add category
manager_permissions.remove("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
# click to edit the button
click_element(
browser,
"#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
# no permission to edit category
with browser.get_iframe("create-object-iframe") as iframe:
error = "Can't view this page. You do not have the required permission(s): `category.edit`."
wait_until_condition(iframe,
condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
manager_permissions.add("category.edit")
set_permissions_for_group(manager_group, manager_permissions)
click_element(
browser,
"#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
new_cat_name = "Changed Name"
with browser.get_iframe("create-object-iframe") as iframe:
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", new_cat_name)
time.sleep(
3
) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(
browser,
condition=lambda x: Category.objects.first().name == new_cat_name,
timeout=20)
def test_order_shipment_section(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers = [supplier1]
product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers = [supplier2]
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
