def test_login_as_user_errors(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=regular_user) # log in as self with pytest.raises(Problem): view_func(request, pk=regular_user.pk) user = UserFactory() get_person_contact(user) # non superuser trying to login as someone else with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) request = apply_request_middleware(rf.post("/"), user=admin_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk)
def test_login_as_user_errors(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=regular_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=regular_user.pk) user = UserFactory() get_person_contact(user) # non superuser trying to login as someone else with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) request = apply_request_middleware(rf.post("/"), user=admin_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk)
def test_login_as_requires_staff_member(rf, regular_user): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) def do_nothing(request, shop=None): pass def get_default(request): return get_default_shop() # Maybe some vendors and non marketplace staff members has access to admin module with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing): with patch("shuup.admin.shop_provider.get_shop", side_effect=get_default): view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user) # not staff member with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) shop.staff_members.add(staff_user) # no permission with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user
def test_login_as_user(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) get_person_contact(regular_user) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user
def test_login_as_without_front_url(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) def get_none(): return None with patch("shuup.admin.modules.users.views.detail.get_front_url", side_effect=get_none): with pytest.raises(Problem): view_func(request, pk=regular_user.pk)
def test_login_as_staff_member(rf): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=staff_user.pk) user = UserFactory() get_person_contact(user) request = apply_request_middleware(rf.post("/"), user=staff_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk) user.is_active = True user.save() # staff user without "user.login-as" permission trying to login as valid user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) permission_group = staff_user.groups.first() set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == user
def test_stop_impersonating(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) assert get_logout_url({"request": request}) == reverse("shuup:logout") get_person_contact(regular_user) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user assert "impersonator_user_id" in request.session assert get_logout_url({"request": request}) == reverse("shuup:stop-impersonating") assert is_authenticated(get_user(request)) response = stop_impersonating(request) assert response.status_code in [301, 302] # redirect assert "impersonator_user_id" not in request.session assert is_authenticated(get_user(request)) assert request.user == admin_user