def test_permissions_on_custom_links(client, settings):
"""
we honour permissions for the rendering of custom links
"""
user = user_with_permissions()
user2 = user_with_permissions('polls.view_poll')
url = reverse('admin:index')
settings.JAZZMIN_SETTINGS['custom_links'] = {
'polls': [{
'name': 'Make Messages',
'url': 'make_messages',
'icon': 'fa-comments',
'permissions': ['polls.view_poll']
}]
}
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {'Global': ['/admin/']}
client.force_login(user2)
response = client.get(url)
assert parse_sidemenu(response) == {
'Global': ['/admin/'],
'Polls': ['/admin/polls/poll/', '/make_messages/']
}
def test_get_model_permissions():
"""
We can create the correct model permissions from user permissions
"""
user = user_with_permissions('polls.view_poll', 'polls.view_choice')
assert get_view_permissions(user) == {'polls.poll', 'polls.choice'}
def test_get_model_permissions_lowercased():
"""
When our permissions are upper cased (we had an app with an upper case letter) we still get user perms in lower case
"""
user = user_with_permissions("polls.view_poll", "polls.view_choice")
user.user_permissions.update(codename=Upper("codename"))
assert get_view_permissions(user) == {"polls.poll", "polls.choice"}
def test_no_permission(client):
"""
When our user has no permissions at all, they see no menu or dashboard
"""
user = user_with_permissions()
url = reverse('admin:index')
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {'Global': ['/admin/']}
def test_no_view_permission(client):
"""
When our user has no view permission, they dont see things they are not supposed to
"""
user = user_with_permissions('polls.change_poll')
url = reverse('admin:index')
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {'Global': ['/admin/']}
def test_no_add_permission(client):
"""
When our user has no add permission, they dont see things they are not supposed to
"""
user = user_with_permissions('polls.view_poll')
url = reverse('admin:polls_poll_changelist')
add_url = reverse('admin:polls_poll_add')
client.force_login(user)
response = client.get(url)
assert add_url not in response.content.decode()
def test_no_delete_permission(client):
"""
When our user has no delete permission, they dont see things they are not supposed to
"""
user = user_with_permissions('polls.view_poll')
poll = Poll.objects.create(owner=user, text='question')
url = reverse('admin:polls_poll_change', args=(poll.pk, ))
delete_url = reverse('admin:polls_poll_delete', args=(poll.pk, ))
client.force_login(user)
response = client.get(url)
assert delete_url not in response.content.decode()
def test_permissions_on_custom_links(client, settings):
"""
we honour permissions for the rendering of custom links
"""
user = user_with_permissions()
user2 = user_with_permissions("polls.view_poll")
url = reverse("admin:index")
settings.JAZZMIN_SETTINGS["custom_links"] = {
"polls": [
{"name": "Make Messages", "url": "make_messages", "icon": "fa-comments", "permissions": ["polls.view_poll"]}
]
}
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {"Global": ["/admin/"]}
client.force_login(user2)
response = client.get(url)
assert parse_sidemenu(response) == {"Global": ["/admin/"], "Polls": ["/admin/polls/poll/", "/make_messages/"]}
def test_no_permission(client):
"""
When our user has no permissions at all, they see no menu or dashboard
As in Plain old Django Admin
"""
user = user_with_permissions()
url = reverse("admin:index")
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {"Global": ["/admin/"]}
def test_delete_but_no_view_permission(client):
"""
When our user has delete but no view/change permission, menu items render out, but with no links
As in Plain old Django Admin
"""
user = user_with_permissions("polls.delete_poll")
url = reverse("admin:index")
client.force_login(user)
response = client.get(url)
assert parse_sidemenu(response) == {"Global": ['/admin/'], 'Polls': [None]}