def test_cannot_access(test_case: TestCase, url: str,
expected_url: str, data: dict = None):
"""Check if test_case cannot access url with
GET request and POST request with optional data and
is redirected to expected_url."""
response = test_case.client.get(url)
test_case.assertRedirects(response, expected_url=expected_url)
response = test_case.client.post(url, data)
test_case.assertRedirects(response, expected_url=expected_url)
def test_can_access(test_case: TestCase,
url: str,
get_redirect_url: str = None,
post_redirect_url: str = None,
data: dict = None):
"""Check if test_case can access url with
GET request and POST request with optional data and
is redirected to expected url, if specified."""
response = test_case.client.get(url)
if get_redirect_url:
test_case.assertRedirects(response, expected_url=get_redirect_url)
else:
test_case.assertEqual(response.status_code, 200)
response = test_case.client.post(url, data)
if post_redirect_url:
test_case.assertRedirects(response, expected_url=post_redirect_url)
else:
test_case.assertEqual(response.status_code, 200)
def checkAccessPermissions(test: TestCase,
url: str,
httpMethod: str,
permissionLevel: PermissionLevel,
user: User = None,
redirectUrl: str = "",
data: dict = {}) -> None:
client = Client()
# Ensure the correct type of user makes the request
if permissionLevel == PermissionLevel.LEVEL_USER:
if user is None:
user = User.objects.get(username='******')
elif user.is_superuser:
user.is_superuser = False
User.save(user)
elif permissionLevel == PermissionLevel.LEVEL_ADMIN:
if user is None:
user = User.objects.get(username='******')
elif not user.is_superuser:
user.is_superuser = True
User.save(user)
# Ensure the correct user is logged in
if user:
client.force_login(user)
# Issue a HTTP request.
response = getattr(client, httpMethod)(url,
data=data,
follow=(bool(redirectUrl)),
secure=True)
# Ensure that a 200 OK response is received
test.assertEqual(response.status_code, 200)
# Ensure we were redirected to the correct page
if redirectUrl:
# Ensure a redirection to the expected URL took place
test.assertRedirects(response, redirectUrl)
# Check if we get redirected to the login page if not logged in, but a login is required
# Skip this check if we expect a different redirect (which was already checked earlier)
if permissionLevel <= PermissionLevel.LEVEL_PUBLIC or redirectUrl:
return
# Ensure the client is not logged in
client.logout()
# Issue a HTTP request.
response = getattr(client, httpMethod)(url,
data=data,
follow=True,
secure=True)
# Ensure that a 200 OK response is received
test.assertEqual(response.status_code, 200)
# Ensure a redirection to the login page took place
test.assertRedirects(response,
'{0}?next={1}'.format(settings.LOGIN_URL, url))
# Check if we get redirected to the login page if we're not an admin
if permissionLevel <= PermissionLevel.LEVEL_USER:
return
# Ensure the client is not logged in
client.force_login(user)
# Issue a HTTP request.
response = getattr(client, httpMethod)(url,
data=data,
follow=True,
secure=True)
# Ensure that a 200 OK response is received
test.assertEqual(response.status_code, 200)
# Ensure a redirection to the login page took place
test.assertRedirects(response,
'{0}?next={1}'.format(settings.LOGIN_URL, url))
