def test_label_access_admin(organization_factory):
'''can_change because I am an admin of that org'''
no_members = organization_factory("no_members")
members = organization_factory("has_members",
users=['admin'],
labels=['test'])
label = members.labels.test
admin = members.users.admin
members.organization.admin_role.members.add(admin)
access = LabelAccess(admin)
assert not access.can_change(label,
{'organization': no_members.organization.id})
assert access.can_read(label)
assert access.can_change(label, None)
assert access.can_change(label, {'organization': members.organization.id})
assert access.can_delete(label)
def test_label_access_user(label, user):
access = LabelAccess(user('user', False))
label.organization.member_role.members.add(user('user', False))
assert not access.can_add({'organization': None})
assert not access.can_change(label, None)
assert not access.can_delete(label)
assert access.can_read(label)
assert access.can_add({'organization': label.organization.id})
def test_label_access_superuser(label, user):
access = LabelAccess(user('admin', True))
assert access.can_read(label)
assert access.can_change(label, None)
assert access.can_delete(label)