Esempio n. 1
0
def test_admin_can_modify_allowed_user_attributes(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    user_to_modify = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=False,
        is_active=False,
    )
    old_password = user_to_modify.password
    handler.update_user(
        admin_user,
        user_to_modify.id,
        **{
            "username": "******",
            "name": "new full name",
            "is_active": True,
            "is_staff": True,
            "password": "******",
        },
    )
    user_to_modify.refresh_from_db()
    assert user_to_modify.username == "*****@*****.**"
    assert user_to_modify.email == "*****@*****.**"
    assert user_to_modify.first_name == "new full name"
    assert user_to_modify.is_staff
    assert user_to_modify.is_active
    assert old_password != user_to_modify.password
Esempio n. 2
0
def test_updating_a_users_password_uses_djangos_built_in_smart_set_password(
        data_fixture, mocker):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    user_to_modify = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=False,
        is_active=False,
    )
    old_password_hash = user_to_modify.password
    set_password_spy = mocker.spy(User, "set_password")
    updated_user = handler.update_user(
        admin_user,
        user_to_modify.id,
        password="******",
    )
    assert updated_user.password != "new_password"
    assert updated_user.password != old_password_hash
    assert set_password_spy.call_count == 1
Esempio n. 3
0
def test_non_admin_cant_delete_user(data_fixture):
    handler = UserAdminHandler()
    non_admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=False,
    )
    with pytest.raises(IsNotAdminError):
        handler.delete_user(non_admin_user, non_admin_user.id)
Esempio n. 4
0
def test_raises_exception_when_updating_an_unknown_user(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
        is_active=True,
    )
    with pytest.raises(UserDoesNotExistException):
        handler.update_user(admin_user, 99999, username="******")
Esempio n. 5
0
    def delete(self, request, user_id):
        """
        Deletes the specified user. Raises an exception if you attempt to delete
        yourself.
        """

        user_id = int(user_id)

        handler = UserAdminHandler()
        handler.delete_user(request.user, user_id)

        return Response(status=204)
Esempio n. 6
0
    def patch(self, request, user_id, data):
        """
        Updates the specified user with the supplied attributes. Will raise an exception
        if you attempt un-staff or de-activate yourself.
        """

        user_id = int(user_id)

        handler = UserAdminHandler()
        user = handler.update_user(request.user, user_id, **data)

        return Response(UserAdminResponseSerializer(user).data)
Esempio n. 7
0
def test_admin_cant_delete_themselves(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
        is_active=True,
    )
    with pytest.raises(CannotDeleteYourselfException):
        handler.delete_user(admin_user, admin_user.id)

    assert User.objects.filter(id=admin_user.id).exists()
Esempio n. 8
0
def test_non_admin_cant_edit_user(data_fixture):
    handler = UserAdminHandler()
    non_admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=False,
    )
    with pytest.raises(IsNotAdminError):
        handler.update_user(non_admin_user, non_admin_user.id,
                            "*****@*****.**")
    non_admin_user.refresh_from_db()
    assert non_admin_user.username == "*****@*****.**"
Esempio n. 9
0
def test_admin_can_delete_user(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    user_to_delete = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    handler.delete_user(admin_user, user_to_delete.id)
    assert not User.objects.filter(id=user_to_delete.id).exists()
Esempio n. 10
0
def test_admin_cant_destaff_themselves(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
        is_active=True,
    )
    with pytest.raises(CannotDeactivateYourselfException):
        handler.update_user(
            admin_user,
            admin_user.id,
            is_staff=False,
        )
    admin_user.refresh_from_db()
    assert admin_user.is_staff
Esempio n. 11
0
def test_admin_can_deactive_and_unstaff_other_users(data_fixture):
    handler = UserAdminHandler()
    admin_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    staff_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_staff=True,
    )
    active_user = data_fixture.create_user(
        email="*****@*****.**",
        password="******",
        first_name="Test1",
        is_active=True,
    )

    handler.update_user(
        admin_user,
        staff_user.id,
        is_staff=False,
    )
    staff_user.refresh_from_db()
    assert not staff_user.is_staff

    handler.update_user(
        admin_user,
        active_user.id,
        is_active=False,
    )
    active_user.refresh_from_db()
    assert not active_user.is_active