def setUp(self): self.pep_type = PepTypeFactory() self.pep_status = PepStatusFactory() self.pep_category = PepCategoryFactory() self.pep_owner = PepOwnerFactory() self.staff_user = StaffUserFactory() self.staff_key = self.staff_user.api_key.key self.Authorization = "ApiKey %s:%s" % (self.staff_user.username, self.staff_key)
def test_job_detail_security(self): """ Ensure the public can only see approved jobs, but staff can view all jobs """ staff_user = StaffUserFactory() response = self.client.get(self.job.get_absolute_url()) self.assertEqual(response.status_code, 200) # Normal users can't see non-approved Jobs response = self.client.get(self.job_draft.get_absolute_url()) self.assertEqual(response.status_code, 404) # Staff can see everything self.client.login(username=staff_user.username, password='******') response = self.client.get(self.job.get_absolute_url()) self.assertEqual(response.status_code, 200) response = self.client.get(self.job_draft.get_absolute_url()) self.assertEqual(response.status_code, 200)