def test_login_as_staff_as_staff(rf):
"""
Staff user 1 tries to impersonat staff user 2
"""
shop = get_default_shop()
staff_user1 = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user1.groups.add(permission_group)
shop.staff_members.add(staff_user1)
staff_user2 = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user1)
with pytest.raises(PermissionDenied):
view_func(request, pk=staff_user2.pk)
set_permissions_for_group(permission_group, ["user.login-as-staff"])
response = view_func(request, pk=staff_user2.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user2
# Stop impersonating and since staff1 does not have user detail permission
# he/she should find him/herself from dashboard
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user1
response = stop_impersonating_staff(request)
assert response.status_code == 403
def test_login_as_staff_user(rf, admin_user):
get_default_shop()
staff_user = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
context = dict(request=request)
assert get_logout_url(context) == "/sa/logout/"
response = view_func(request, pk=staff_user.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user
assert get_logout_url(context) == "/sa/stop-impersonating-staff/"
# Stop impersonating and since admin user have all access he should
# be in user detail for staff user
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:user.detail", kwargs={"pk": staff_user.pk})
assert get_user(request) == admin_user
