def test_check_access_perms_detects_organization_admins(self): org_user = OrganizationUserFactory(is_admin=True) org = org_user.organization user = org_user.user org_user_delete_view = CustomOrganizationUserDelete() org_user_delete_view.kwargs = {'organization_pk': org.pk} self.assertIsNone(org_user_delete_view._check_access_perms(user))
def test_check_access_perms_doesnt_detect_normal_users(self): org_user = OrganizationUserFactory() org = org_user.organization user = org_user.user org_user_delete_view = CustomOrganizationUserDelete() org_user_delete_view.kwargs = {'organization_pk': org.pk} self.assertIsInstance( org_user_delete_view._check_access_perms(user), HttpResponseForbidden)
def test_delete_deletes_the_unused_permissions(self): org_user_delete_view = CustomOrganizationUserDelete() org_user = OrganizationUserFactory() org = org_user.organization user = org_user.user assign(GUARDIAN_PERMISSION, user, org) self.assertTrue(user.has_perm(GUARDIAN_PERMISSION, org)) org_user_delete_view.get_object = lambda: org_user request = RequestFactory() request.user = user org_user_delete_view.delete(request) self.assertFalse(user.has_perm(GUARDIAN_PERMISSION, org))
def test_delete_stops_users_watching_decisions_for_the_organization(self): org_user_delete_view = CustomOrganizationUserDelete() observed_item = ObservedItemFactory() org = observed_item.observed_object.organization user = observed_item.user org_user = OrganizationUserFactory(organization=org, user=user) decision = observed_item.observed_object org_user_delete_view.get_object = lambda: org_user request = RequestFactory() request.user = user org_user_delete_view.delete(request) self.assertSequenceEqual([], decision.watchers.all())
def test_delete_deletes_the_unused_permissions(self): org_user_delete_view = CustomOrganizationUserDelete() org_user = OrganizationUserFactory() org = org_user.organization user = org_user.user assign_perm(GUARDIAN_PERMISSION, user, org) self.assertTrue(user.has_perm(GUARDIAN_PERMISSION, org)) org_user_delete_view.get_object = lambda: org_user request = RequestFactory() request.user = user org_user_delete_view.delete(request) self.assertFalse(user.has_perm(GUARDIAN_PERMISSION, org))
def test_delete_stops_users_watching_feedback_for_the_organization(self): org_user_delete_view = CustomOrganizationUserDelete() feedback = FeedbackFactory() observed_item = ObservedItemFactory(observed_object=feedback) org = observed_item.observed_object.decision.organization user = feedback.author org_user = OrganizationUserFactory(organization=org, user=user) org_user_delete_view.get_object = lambda: org_user request = RequestFactory() request.user = user org_user_delete_view.delete(request) # Two observed items were created for different users # Only the second one should remain after the delete request self.assertSequenceEqual([observed_item], feedback.watchers.all())
def test_organisation_user_delete_view_doesnt_let_user_delete_others(self): org_user_delete_view = CustomOrganizationUserDelete() org_user = OrganizationUserFactory() org = org_user.organization user_1 = org_user.user user_2 = UserFactory() assign_perm(GUARDIAN_PERMISSION, user_1, org) request = RequestFactory().post("/", {'submit': "Delete"}) request.user = user_1 org_user_delete_view.get_object = lambda: org_user response = org_user_delete_view.dispatch( request, organization_pk=unicode(org.pk), user_pk=unicode(user_2.pk)) self.assertIsInstance(response, HttpResponseForbidden)
def test_organisation_user_delete_view_is_accessible_to_admin(self): org_user_delete_view = CustomOrganizationUserDelete() org_user = OrganizationUserFactory(is_admin=True) org = org_user.organization user_1 = org_user.user user_2 = UserFactory() assign_perm(GUARDIAN_PERMISSION, user_1, org) request = RequestFactory().post("/", {'submit': "Delete"}) request.user = user_1 org_user_delete_view.get_object = lambda: org_user response = org_user_delete_view.dispatch( request, organization_pk=org.pk, user_pk=user_2.pk) self.assertEqual( reverse('organization_user_list', args=[org.pk]), response['Location'])