Exemple #1
0
    def setUp(self):
        self.pep_type = PepTypeFactory()
        self.pep_status = PepStatusFactory()
        self.pep_category = PepCategoryFactory()
        self.pep_owner = PepOwnerFactory()

        self.staff_user = StaffUserFactory()
        self.staff_key = self.staff_user.api_key.key
        self.Authorization = "ApiKey %s:%s" % (self.staff_user.username,
                                               self.staff_key)
    def test_job_detail_security(self):
        """
        Ensure the public can only see approved jobs, but staff can view
        all jobs
        """
        staff_user = StaffUserFactory()

        response = self.client.get(self.job.get_absolute_url())
        self.assertEqual(response.status_code, 200)

        # Normal users can't see non-approved Jobs
        response = self.client.get(self.job_draft.get_absolute_url())
        self.assertEqual(response.status_code, 404)

        # Staff can see everything
        self.client.login(username=staff_user.username, password='******')
        response = self.client.get(self.job.get_absolute_url())
        self.assertEqual(response.status_code, 200)

        response = self.client.get(self.job_draft.get_absolute_url())
        self.assertEqual(response.status_code, 200)