def test_user_cant_manage(self): issue = IssueSubmissionFactory(journal=self.journal) user = UserFactory() is_granted = user.has_perm('editor.manage_issuesubmission', issue.journal) self.assertEqual(is_granted, False)
def setUp(self): super(ViewsTestCase, self).setUp() self.user_granted = UserFactory.create(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory.create(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save()
def setUp(self): super(TestAuthorizationDeleteView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save()
def test_return_all_organisations_for_superusers_and_staff_users(self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() user_1 = UserFactory.create(is_superuser=True) user_2 = UserFactory.create(is_staff=True) # Run & check self.assertEqual(list(get_managed_organisations(user_1)), [org_1, org_2, ]) self.assertEqual(list(get_managed_organisations(user_2)), [org_1, org_2, ])
def test_knows_if_a_user_cannot_manage_authorizations(self): user = UserFactory() journal = JournalFactory(collection=self.collection) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False) journal.members.add(user) journal.save() is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False)
def test_cannot_allow_users_to_use_the_email_associated_with_another_user(self): # Setup u1 = UserFactory.create(username='******', email='*****@*****.**') u2 = UserFactory.create(username='******', email='*****@*****.**') form_data = { 'username': '******', 'email': u2.email, } # Run form = UserParametersForm(form_data, instance=u1) # Check assert not form.is_valid()
def test_knows_if_a_user_can_manage_authorizations(self): user = UserFactory() journal = JournalFactory(collection=self.collection) journal.members.add(user) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=user, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
def test_return_all_organisations_for_superusers_and_staff_users(self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() user_1 = UserFactory.create(is_superuser=True) user_2 = UserFactory.create(is_staff=True) # Run & check self.assertEqual(list(get_managed_organisations(user_1)), [ org_1, org_2, ]) self.assertEqual(list(get_managed_organisations(user_2)), [ org_1, org_2, ])
def test_user_can_manage(self): journal = JournalFactory(collection=self.collection) user = UserFactory() journal.members.add(user) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=user, object_id=journal.id, authorization_codename=AC.can_manage_issuesubmission.codename) issue = IssueSubmissionFactory(journal=journal) is_granted = user.has_perm('editor.manage_issuesubmission', issue.journal) self.assertEqual(is_granted, True)
class TestAUser(WebTest): def setUp(self): self.user = UserFactory() def tearDown(self): pass def test_can_see_homepage(self): # goes to homepage res = self.app.get('/') assert_equal(res.status_code, 200) def test_can_login(self): # goes to homepage res = self.app.get('/') # logs in form = res.forms['loginForm'] form['username'] = self.user.username form['password'] = self.user.password res = form.submit() assert_equal(res.status_code, 200) assert_true(self.user.is_authenticated()) def test_can_go_to_signup_page(self): # goes to homepage res = self.app.get('/') # clicks sign up res = res.click('Register') assert_equal(res.status_code, 200)
def test_can_return_only_organisations_that_have_the_considered_users_in_their_members(self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() org_3 = OrganisationFactory.create() user = UserFactory.create() org_1.members.add(user) subscription_1 = JournalAccessSubscriptionFactory.create(organisation=org_1) subscription_2 = JournalAccessSubscriptionFactory.create(organisation=org_2) subscription_3 = JournalAccessSubscriptionFactory.create(organisation=org_3) now_dt = dt.datetime.now() JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_1, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_2, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_3, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) # Run & check self.assertEqual(list(get_managed_organisations(user)), [org_1, ])
def test_can_return_all_the_journals_if_the_user_is_a_member_of_a_production_team( self): # Setup class MyView(JournalScopeMixin, TemplateView): allow_production_team_access = True template_name = 'dummy.html' user = UserFactory.create() group = GroupFactory.create(name='Production team') ProductionTeamFactory.create(group=group, identifier='main') user.groups.add(group) journal = JournalFactory.create(collection=self.collection) url = reverse('userspace:journal:information:update', kwargs={'journal_pk': journal.pk}) request = self.get_request(url) request.user = user my_view = MyView() my_view.request = request # Run & check journals = my_view.get_user_journals() assert journals assert list(journals) == list( Journal.objects.filter(collection__code='erudit'))
def test_can_return_only_organisations_that_have_the_considered_users_in_their_members( self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() org_3 = OrganisationFactory.create() user = UserFactory.create() org_1.members.add(user) subscription_1 = JournalAccessSubscriptionFactory.create( organisation=org_1) subscription_2 = JournalAccessSubscriptionFactory.create( organisation=org_2) subscription_3 = JournalAccessSubscriptionFactory.create( organisation=org_3) now_dt = dt.datetime.now() JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_1, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_2, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_3, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) # Run & check self.assertEqual(list(get_managed_organisations(user)), [ org_1, ])
def test_can_return_only_organisations_that_are_associated_with_a_valid_subscription( self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() org_3 = OrganisationFactory.create() user = UserFactory.create() org_1.members.add(user) org_2.members.add(user) org_3.members.add(user) subscription_1 = JournalAccessSubscriptionFactory.create( organisation=org_1) subscription_2 = JournalAccessSubscriptionFactory.create( organisation=org_2) JournalAccessSubscriptionFactory.create(organisation=org_3) now_dt = dt.datetime.now() JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_1, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_2, start=now_dt - dt.timedelta(days=10), end=now_dt - dt.timedelta(days=8)) # Run & check self.assertEqual(list(get_managed_organisations(user)), [ org_1, ])
class TestAuthorizationDeleteView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationDeleteView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_delete_restricted(self): self.client.login(username=self.user_non_granted.username, password="******") journal = JournalFactory(collection=self.collection) journal.save() self.client.login(username=self.user_granted.username, password="******") ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) journal.members.add(self.user_granted) journal.save() response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 200) def test_permission_delete_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:delete', args=(journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200)
def test_non_staff_users_cannot_fake_ip(self): request = self.factory.get('/') request.user = UserFactory(is_staff=False) request.session = dict() request.META['HTTP_X_FORWARDED_FOR'] = '1.1.1.1' request.META['HTTP_CLIENT_IP'] = '1.2.3.4' middleware = SubscriptionMiddleware() assert middleware._get_user_ip_address(request) == '1.1.1.1'
def test_contact_filter(self): user = UserFactory() user2 = UserFactory() journal_in = JournalFactory(collection=self.collection) journal_in.members.add(user) journal_in.save() journal_not_in = JournalFactory(collection=self.collection) journal_not_in.members.add(user2) journal_not_in.save() data = {'user': user, 'journal': journal_in} form = IssueSubmissionForm(**data) choices = [c[0] for c in form.fields['contact'].choices] self.assertTrue(user.id in choices) self.assertFalse(user2.id in choices)
def test_returns_a_403_error_if_no_journal_can_be_associated_with_the_current_user(self): # Setup class MyView(JournalScopeMixin, TemplateView): template_name = "dummy.html" user = UserFactory.create() journal = JournalFactory.create(collection=self.collection) url = reverse("userspace:journal:information:update", kwargs={"journal_pk": journal.pk}) request = self.get_request(url) request.user = user my_view = MyView.as_view() # Run & check with self.assertRaises(PermissionDenied): my_view(request, journal_pk=self.journal.pk)
def test_returns_a_403_error_if_no_organisation_can_be_associated_with_the_current_user(self): # Setup class MyView(OrganisationScopeMixin, TemplateView): template_name = 'dummy.html' user = UserFactory.create() url = reverse( 'userspace:library:home', kwargs={'organisation_pk': self.organisation.pk}) request = self.get_request(url) request.user = user my_view = MyView.as_view() # Run & check with self.assertRaises(PermissionDenied): my_view(request, organisation_pk=self.organisation.pk)
def test_returns_a_403_error_if_no_journal_can_be_associated_with_the_current_user( self): # Setup class MyView(JournalScopeMixin, TemplateView): template_name = 'dummy.html' user = UserFactory.create() journal = JournalFactory.create(collection=self.collection) url = reverse('userspace:journal:information:update', kwargs={'journal_pk': journal.pk}) request = self.get_request(url) request.user = user my_view = MyView.as_view() # Run & check with self.assertRaises(PermissionDenied): my_view(request, journal_pk=self.journal.pk)
def test_can_return_all_the_journals_if_the_user_is_a_member_of_a_production_team(self): # Setup class MyView(JournalScopeMixin, TemplateView): allow_production_team_access = True template_name = "dummy.html" user = UserFactory.create() group = GroupFactory.create(name="Production team") ProductionTeamFactory.create(group=group, identifier="main") user.groups.add(group) journal = JournalFactory.create(collection=self.collection) url = reverse("userspace:journal:information:update", kwargs={"journal_pk": journal.pk}) request = self.get_request(url) request.user = user my_view = MyView() my_view.request = request # Run & check journals = my_view.get_user_journals() assert journals assert list(journals) == list(Journal.objects.filter(collection__code="erudit"))
def test_associates_the_subscription_type_to_the_request_in_case_of_individual_access( self): # Setup now_dt = dt.datetime.now() user = UserFactory() subscription = JournalAccessSubscriptionFactory.create( user=user, journal=self.journal) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) request = self.factory.get('/') request.user = user request.session = dict() middleware = SubscriptionMiddleware() # Run middleware.process_request(request) # Check self.assertTrue(request.subscription_type == 'individual')
def setup(self): self.client = Client() self.user = UserFactory.create(username='******') self.user.set_password('notsecret') self.user.save() self.organisation = OrganisationFactory.create() self.organisation.members.add(self.user) self.subscription = JournalAccessSubscriptionFactory.create(organisation=self.organisation) now_dt = dt.datetime.now() JournalAccessSubscriptionPeriodFactory.create( subscription=self.subscription, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) # Set up some images used for doing image tests images_dict = {} # Fetch an image aimed to be resized f = open(settings.MEDIA_ROOT + "/200x200.png", "rb") images_dict['200x200'] = File(f) self.images_dict = images_dict yield # teardown # -- for img in self.images_dict.values(): img.close() try: self.organisation.badge.delete() except: pass self.organisation.delete()
def test_can_return_only_organisations_that_are_associated_with_a_valid_subscription(self): # Setup org_1 = OrganisationFactory.create() org_2 = OrganisationFactory.create() org_3 = OrganisationFactory.create() user = UserFactory.create() org_1.members.add(user) org_2.members.add(user) org_3.members.add(user) subscription_1 = JournalAccessSubscriptionFactory.create(organisation=org_1) subscription_2 = JournalAccessSubscriptionFactory.create(organisation=org_2) JournalAccessSubscriptionFactory.create(organisation=org_3) now_dt = dt.datetime.now() JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_1, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription_2, start=now_dt - dt.timedelta(days=10), end=now_dt - dt.timedelta(days=8)) # Run & check self.assertEqual(list(get_managed_organisations(user)), [org_1, ])
def test_knows_that_a_staff_member_can_manage_authorizations(self): user = UserFactory(is_staff=True) journal = JournalFactory(collection=self.collection) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
class TestAuthorizationCreateView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationCreateView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_create_restricted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_create_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url, {'codename': AC.can_manage_authorizations.codename}) self.assertEqual(response.status_code, 200) def test_returns_an_http_404_error_if_the_codename_is_not_passed(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get(url) # Check self.assertEqual(response.status_code, 404) def test_returns_an_http_404_error_if_the_codename_is_not_known(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get(url, {'codename': 'dummy'}) # Check self.assertEqual(response.status_code, 404) def test_can_return_an_http_403_error_if_the_journal_has_no_management_subscription(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get( url, {'codename': AC.can_manage_individual_subscription.codename}) # Check self.assertEqual(response.status_code, 403)
class TestAuthorizationUserView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationUserView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_list_restricted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_list_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_do_not_show_the_individual_subscription_authorization_section_without_management(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) # Run response = self.client.get(url, {'codename': AC.can_manage_authorizations.codename}) # Check self.assertEqual(response.status_code, 200) self.assertTrue( AC.can_manage_individual_subscription.codename not in response.context['authorizations']) def test_shows_the_individual_subscription_authorization_section_with_management(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) plan = JournalManagementPlanFactory.create(max_accounts=10) JournalManagementSubscriptionFactory.create(journal=journal, plan=plan) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) # Run response = self.client.get(url, {'codename': AC.can_manage_authorizations.codename}) # Check self.assertEqual(response.status_code, 200) self.assertTrue( AC.can_manage_individual_subscription.codename in response.context['authorizations'])
def setup(self): self.client = Client() self.user = UserFactory.create(username='******') self.user.set_password('notsecret') self.user.save()
def test_staff_can_manage(self): user = UserFactory(is_staff=True) issue = IssueSubmissionFactory(journal=self.journal) is_granted = user.has_perm('editor.manage_issuesubmission', issue) self.assertEqual(is_granted, True)
class TestAuthorizationCreateView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationCreateView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_create_restricted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_create_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) response = self.client.get( url, {'codename': AC.can_manage_authorizations.codename}) self.assertEqual(response.status_code, 200) def test_returns_an_http_404_error_if_the_codename_is_not_passed(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get(url) # Check self.assertEqual(response.status_code, 404) def test_returns_an_http_404_error_if_the_codename_is_not_known(self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get(url, {'codename': 'dummy'}) # Check self.assertEqual(response.status_code, 404) def test_can_return_an_http_403_error_if_the_journal_has_no_management_subscription( self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:create', args=(journal.pk, )) # Run response = self.client.get( url, {'codename': AC.can_manage_individual_subscription.codename}) # Check self.assertEqual(response.status_code, 403)
class TestAuthorizationUserView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationUserView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_list_restricted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() self.client.login(username=self.user_non_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.get(url) self.assertEqual(response.status_code, 403) def test_permission_list_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200) def test_do_not_show_the_individual_subscription_authorization_section_without_management( self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) # Run response = self.client.get( url, {'codename': AC.can_manage_authorizations.codename}) # Check self.assertEqual(response.status_code, 200) self.assertTrue(AC.can_manage_individual_subscription.codename not in response.context['authorizations']) def test_shows_the_individual_subscription_authorization_section_with_management( self): # Setup journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) plan = JournalManagementPlanFactory.create(max_accounts=10) JournalManagementSubscriptionFactory.create(journal=journal, plan=plan) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:list', args=(journal.pk, )) # Run response = self.client.get( url, {'codename': AC.can_manage_authorizations.codename}) # Check self.assertEqual(response.status_code, 200) self.assertTrue(AC.can_manage_individual_subscription.codename in response.context['authorizations'])
class TestAuthorizationDeleteView(BaseEruditTestCase): def setUp(self): super(TestAuthorizationDeleteView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save() def test_permission_delete_restricted(self): self.client.login(username=self.user_non_granted.username, password="******") journal = JournalFactory(collection=self.collection) journal.save() self.client.login(username=self.user_granted.username, password="******") ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) url = reverse('userspace:journal:authorization:delete', args=( journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 403) journal.members.add(self.user_granted) journal.save() response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 200) def test_permission_delete_granted(self): journal = JournalFactory(collection=self.collection) journal.members.add(self.user_granted) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") authorization = Authorization.objects.create( content_type=ct, user=self.user_granted, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) self.client.login(username=self.user_granted.username, password="******") url = reverse('userspace:journal:authorization:delete', args=( journal.pk, authorization.pk, )) response = self.client.get(url) self.assertEqual(response.status_code, 200)
def setUp(self): self.user = UserFactory()