def test_login_as_staff_as_staff(rf): """ Staff user 1 tries to impersonat staff user 2 """ shop = get_default_shop() staff_user1 = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user1.groups.add(permission_group) shop.staff_members.add(staff_user1) staff_user2 = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user1) with pytest.raises(PermissionDenied): view_func(request, pk=staff_user2.pk) set_permissions_for_group(permission_group, ["user.login-as-staff"]) response = view_func(request, pk=staff_user2.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user2 # Stop impersonating and since staff1 does not have user detail permission # he/she should find him/herself from dashboard response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user1 response = stop_impersonating_staff(request) assert response.status_code == 403
def test_login_as_staff_user(rf, admin_user): get_default_shop() staff_user = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) context = dict(request=request) assert get_logout_url(context) == "/sa/logout/" response = view_func(request, pk=staff_user.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user assert get_logout_url(context) == "/sa/stop-impersonating-staff/" # Stop impersonating and since admin user have all access he should # be in user detail for staff user response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:user.detail", kwargs={"pk": staff_user.pk}) assert get_user(request) == admin_user