def test_is_authorized(self):
self.assertFalse(hijack_settings.HIJACK_AUTHORIZE_STAFF)
self.assertFalse(hijack_settings.HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF)
self.assertTrue(is_authorized(self.superuser, self.superuser))
self.assertTrue(is_authorized(self.superuser, self.staff_user))
self.assertTrue(is_authorized(self.superuser, self.user))
self.assertFalse(is_authorized(self.staff_user, self.superuser))
self.assertFalse(is_authorized(self.staff_user, self.staff_user))
self.assertFalse(is_authorized(self.staff_user, self.user))
self.assertFalse(is_authorized(self.user, self.superuser))
self.assertFalse(is_authorized(self.user, self.staff_user))
self.assertFalse(is_authorized(self.user, self.user))
def test_is_authorized(self):
self.assertFalse(hijack_settings.HIJACK_AUTHORIZE_STAFF)
self.assertFalse(hijack_settings.HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF)
self.assertTrue(is_authorized(self.superuser, self.superuser))
self.assertTrue(is_authorized(self.superuser, self.staff_user))
self.assertTrue(is_authorized(self.superuser, self.user))
self.assertFalse(is_authorized(self.staff_user, self.superuser))
self.assertFalse(is_authorized(self.staff_user, self.staff_user))
self.assertFalse(is_authorized(self.staff_user, self.user))
self.assertFalse(is_authorized(self.user, self.superuser))
self.assertFalse(is_authorized(self.user, self.staff_user))
self.assertFalse(is_authorized(self.user, self.user))
def test_custom_authorization_check(self):
for custom_check_path in [
"hijack.tests.test_app.authorization_checks.can_hijack_default",
"hijack.tests.test_app.authorization_checks.everybody_can_hijack",
"hijack.tests.test_app.authorization_checks.nobody_can_hijack",
]:
with SettingsOverride(
hijack_settings, HIJACK_AUTHORIZATION_CHECK=custom_check_path
):
custom_check = import_string(custom_check_path)
for hijacker, hijacked in [
(self.superuser, self.superuser),
(self.superuser, self.staff_user),
(self.superuser, self.user),
(self.staff_user, self.superuser),
(self.staff_user, self.staff_user),
(self.staff_user, self.user),
(self.user, self.superuser),
(self.user, self.staff_user),
(self.user, self.user),
]:
self.assertEqual(
custom_check(hijacker, hijacked),
is_authorized(hijacker, hijacked),
)
def test_is_authorized_staff_authorized_to_hijack_staff(self):
with SettingsOverride(hijack_settings, HIJACK_AUTHORIZE_STAFF=True, HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF=True):
self.assertTrue(hijack_settings.HIJACK_AUTHORIZE_STAFF)
self.assertTrue(hijack_settings.HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF)
self.assertTrue(is_authorized(self.superuser, self.superuser))
self.assertTrue(is_authorized(self.superuser, self.staff_user))
self.assertTrue(is_authorized(self.superuser, self.user))
self.assertFalse(is_authorized(self.staff_user, self.superuser))
self.assertTrue(is_authorized(self.staff_user, self.staff_user))
self.assertTrue(is_authorized(self.staff_user, self.user))
self.assertFalse(is_authorized(self.user, self.superuser))
self.assertFalse(is_authorized(self.user, self.staff_user))
self.assertFalse(is_authorized(self.user, self.user))
def test_is_authorized_staff_authorized_to_hijack_staff(self):
with SettingsOverride(hijack_settings,
HIJACK_AUTHORIZE_STAFF=True,
HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF=True):
self.assertTrue(hijack_settings.HIJACK_AUTHORIZE_STAFF)
self.assertTrue(
hijack_settings.HIJACK_AUTHORIZE_STAFF_TO_HIJACK_STAFF)
self.assertTrue(is_authorized(self.superuser, self.superuser))
self.assertTrue(is_authorized(self.superuser, self.staff_user))
self.assertTrue(is_authorized(self.superuser, self.user))
self.assertFalse(is_authorized(self.staff_user, self.superuser))
self.assertTrue(is_authorized(self.staff_user, self.staff_user))
self.assertTrue(is_authorized(self.staff_user, self.user))
self.assertFalse(is_authorized(self.user, self.superuser))
self.assertFalse(is_authorized(self.user, self.staff_user))
self.assertFalse(is_authorized(self.user, self.user))
def test_custom_authorization_check(self):
for custom_check_path in [
'hijack.tests.test_app.authorization_checks.can_hijack_default',
'hijack.tests.test_app.authorization_checks.everybody_can_hijack',
'hijack.tests.test_app.authorization_checks.nobody_can_hijack',
]:
with SettingsOverride(hijack_settings, HIJACK_AUTHORIZATION_CHECK=custom_check_path):
custom_check = import_string(custom_check_path)
for hijacker, hijacked in [
(self.superuser, self.superuser),
(self.superuser, self.staff_user),
(self.superuser, self.user),
(self.staff_user, self.superuser),
(self.staff_user, self.staff_user),
(self.staff_user, self.user),
(self.user, self.superuser),
(self.user, self.staff_user),
(self.user, self.user),
]:
self.assertEqual(custom_check(hijacker, hijacked), is_authorized(hijacker, hijacked))
def has_permission(self):
from hijack.helpers import is_authorized
return is_authorized(self.request.user, self.get_object())