def test_permissions_on_custom_links(client, settings): """ we honour permissions for the rendering of custom links """ user = user_with_permissions() user2 = user_with_permissions('polls.view_poll') url = reverse('admin:index') settings.JAZZMIN_SETTINGS['custom_links'] = { 'polls': [{ 'name': 'Make Messages', 'url': 'make_messages', 'icon': 'fa-comments', 'permissions': ['polls.view_poll'] }] } client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {'Global': ['/admin/']} client.force_login(user2) response = client.get(url) assert parse_sidemenu(response) == { 'Global': ['/admin/'], 'Polls': ['/admin/polls/poll/', '/make_messages/'] }
def test_get_model_permissions(): """ We can create the correct model permissions from user permissions """ user = user_with_permissions('polls.view_poll', 'polls.view_choice') assert get_view_permissions(user) == {'polls.poll', 'polls.choice'}
def test_get_model_permissions_lowercased(): """ When our permissions are upper cased (we had an app with an upper case letter) we still get user perms in lower case """ user = user_with_permissions("polls.view_poll", "polls.view_choice") user.user_permissions.update(codename=Upper("codename")) assert get_view_permissions(user) == {"polls.poll", "polls.choice"}
def test_no_permission(client): """ When our user has no permissions at all, they see no menu or dashboard """ user = user_with_permissions() url = reverse('admin:index') client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {'Global': ['/admin/']}
def test_no_view_permission(client): """ When our user has no view permission, they dont see things they are not supposed to """ user = user_with_permissions('polls.change_poll') url = reverse('admin:index') client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {'Global': ['/admin/']}
def test_no_add_permission(client): """ When our user has no add permission, they dont see things they are not supposed to """ user = user_with_permissions('polls.view_poll') url = reverse('admin:polls_poll_changelist') add_url = reverse('admin:polls_poll_add') client.force_login(user) response = client.get(url) assert add_url not in response.content.decode()
def test_no_delete_permission(client): """ When our user has no delete permission, they dont see things they are not supposed to """ user = user_with_permissions('polls.view_poll') poll = Poll.objects.create(owner=user, text='question') url = reverse('admin:polls_poll_change', args=(poll.pk, )) delete_url = reverse('admin:polls_poll_delete', args=(poll.pk, )) client.force_login(user) response = client.get(url) assert delete_url not in response.content.decode()
def test_permissions_on_custom_links(client, settings): """ we honour permissions for the rendering of custom links """ user = user_with_permissions() user2 = user_with_permissions("polls.view_poll") url = reverse("admin:index") settings.JAZZMIN_SETTINGS["custom_links"] = { "polls": [ {"name": "Make Messages", "url": "make_messages", "icon": "fa-comments", "permissions": ["polls.view_poll"]} ] } client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {"Global": ["/admin/"]} client.force_login(user2) response = client.get(url) assert parse_sidemenu(response) == {"Global": ["/admin/"], "Polls": ["/admin/polls/poll/", "/make_messages/"]}
def test_no_permission(client): """ When our user has no permissions at all, they see no menu or dashboard As in Plain old Django Admin """ user = user_with_permissions() url = reverse("admin:index") client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {"Global": ["/admin/"]}
def test_delete_but_no_view_permission(client): """ When our user has delete but no view/change permission, menu items render out, but with no links As in Plain old Django Admin """ user = user_with_permissions("polls.delete_poll") url = reverse("admin:index") client.force_login(user) response = client.get(url) assert parse_sidemenu(response) == {"Global": ['/admin/'], 'Polls': [None]}