def test_notarypublic_changelist(agreed_users, user, rf,
django_assert_num_queries,
django_assert_max_num_queries):
model_admin = admin.NotaryPublicAdmin(models.NotaryPublic, site)
user = getattr(agreed_users, user)
url = reverse("admin:letsagree_notarypublic_changelist")
request = rf.get(url)
request.user = user
# A regular admin user can only see his agreements
if not user.is_superuser:
with django_assert_num_queries(2):
qs = model_admin.get_queryset(request)
assert qs.count() == user.agreed_terms.count()
# A superuser can see all agreements
else:
with django_assert_num_queries(2):
qs = model_admin.get_queryset(request)
assert qs.count() == models.NotaryPublic.objects.all().count()
# Superuser 3 queries, staff 5 queries due to permissions queries
with django_assert_max_num_queries(5):
view = model_admin.changelist_view(request)
assert view.status_code == 200
def test_notarypublic_actions(main_user, other_user, action, agreed_users, rf):
model_admin = admin.NotaryPublicAdmin(models.NotaryPublic, site)
active_user = getattr(agreed_users, main_user)
inactive_user = getattr(agreed_users, other_user)
agreement_id = active_user.agreed_terms.last().id
if action == "add":
url = reverse("admin:letsagree_notarypublic_{0}".format(action))
else:
url = reverse("admin:letsagree_notarypublic_{0}".format(action),
args=(agreement_id, ))
request = rf.get(url)
# A user can only delete his agreements
if action == "delete":
request.user = active_user
view = model_admin.delete_view(request, object_id=str(agreement_id))
assert view.status_code == 200
data = {"post": "yes", "_popup": "1"}
client = Client()
client.force_login(request.user)
post_view = client.post(url, data)
assert post_view.status_code == 302
assert post_view.url == reverse(
"admin:letsagree_notarypublic_changelist")
# Another (super)user cannot delete the active user's agreement
request.user = inactive_user
with pytest.raises(PermissionDenied):
model_admin.delete_view(request, object_id=str(agreement_id))
elif action == "add":
# Noone is allowed to add any agreement.
request.user = active_user
with pytest.raises(PermissionDenied):
model_admin.add_view(request)
elif action == "change":
# The active user can view the agreement (in order to delete it)
request.user = active_user
view = model_admin.change_view(request, object_id=str(agreement_id))
assert view.status_code == 200
assert "delete" in view.rendered_content
assert "readonly" in view.rendered_content
assert '<input type="submit"' not in view.rendered_content
if inactive_user.is_superuser:
# The inactive super user can view the active user's agreement
# get_queryset() guarantees that the inactive admin user will not
# have access to the change view of another user's agreement.
# It is tested next.
view = model_admin.change_view(request,
object_id=str(agreement_id))
assert view.status_code == 200