def test_login(self, mock_check_sms_token):
mock_check_sms_token.side_effect = [{'mobile': '18812341234'}]
user = User.create_user(username='******', password='******')
user.mobile = '18812341234'
user.private_email = '*****@*****.**'
user.save()
client = APIClient()
res = client.get(reverse('siteapi:user_self_perm'))
self.assertEqual(res.status_code, 401)
res = client.post(reverse('siteapi:user_login'), data={'username': '******', 'password': '******'})
self.assertEqual(res.status_code, 200)
res = client.post(reverse('siteapi:user_login'), data={'private_email': '*****@*****.**', 'password': '******'})
self.assertEqual(res.status_code, 200)
res = client.post(reverse('siteapi:user_login'), data={'mobile': '18812341234', 'sms_token': 'mock'})
self.assertEqual(res.status_code, 200)
user = User.objects.get(username='******')
self.assertIsNotNone(user.last_active_time)
self.assertTrue(user.is_settled)
client.credentials(HTTP_AUTHORIZATION='Token ' + res.json()['token'])
res = client.get(reverse('siteapi:user_self_perm'))
self.assertEqual(res.status_code, 200)
res = client.post(reverse('siteapi:user_login'), data={'username': '******', 'password': '******'})
self.assertEqual(res.json()['perms'], ['system_oneid_all', 'system_ark-meta-server_all'])
# test login failed because of account_config
email_config = EmailConfig.get_current()
email_config.is_valid = False
email_config.save()
res = client.post(reverse('siteapi:user_login'), data={'private_email': '*****@*****.**', 'password': '******'})
self.assertEqual(res.status_code, 400)
mobile_config = SMSConfig.get_current()
mobile_config.is_valid = False
mobile_config.save()
res = client.post(reverse('siteapi:user_login'), data={'mobile': '18812341234', 'sms_token': 'mock'})
self.assertEqual(res.status_code, 400)
class DeptPermTestCase(TestCase):
def setUp(self):
super(DeptPermTestCase, self).setUp()
root = Dept.valid_objects.get(uid='root')
level_1 = Dept.valid_objects.create(uid='l1', name='l1', parent=root)
Dept.valid_objects.create(uid='l11', name='l11', parent=level_1, order_no=2)
Dept.valid_objects.create(uid='l12', name='l12', parent=level_1, order_no=1)
user = User.create_user('employee', 'employee')
DeptMember.valid_objects.create(user=user, owner=root)
user = User.create_user('employee_2', 'employee_2')
token = self.client.post(reverse('siteapi:user_login'), data={
'username': '******',
'password': '******'
}).json()['token']
self.employee = APIClient()
self.employee.credentials(HTTP_AUTHORIZATION='Token ' + token)
def test_no_perm(self):
res = self.anonymous.get(reverse('siteapi:ucenter_node_detail', args=('d_l11', )))
self.assertEqual(res.status_code, 401)
res = self.employee.get(reverse('siteapi:ucenter_node_detail', args=('d_l11', )))
self.assertEqual(res.status_code, 200)
res = self.employee.get(reverse('siteapi:dept_tree', args=('l11', )))
self.assertEqual(res.status_code, 403)
res = self.employee.get(reverse('siteapi:dept_child_user', args=('l11', )))
self.assertEqual(res.status_code, 200)
res = self.employee.get(reverse('siteapi:dept_child_dept', args=('l11', )))
self.assertEqual(res.status_code, 200)
res = self.employee.delete(reverse('siteapi:dept_detail', args=('l11', )))
self.assertEqual(res.status_code, 403)
res = self.employee.json_post(reverse('siteapi:dept_child_dept', args=('l11', )))
self.assertEqual(res.status_code, 403)
res = self.employee.json_patch(reverse('siteapi:dept_child_user', args=('l11', )))
self.assertEqual(res.status_code, 403)
def test_node_perm(self):
perm = Perm.get('dept_nodel1_admin')
UserPerm.valid_objects.create(owner=User.objects.get(username='******'), perm=perm, value=True)
group = Group.objects.create(name='test')
ManagerGroup.objects.create(group=group, scope_subject=2, nodes=['d_l11'])
GroupMember.objects.create(owner=group, user=User.objects.get(username='******'))
res = self.employee.json_patch(reverse('siteapi:dept_detail', args=('l11', )), data={'name': 'new'})
Dept.objects.get(uid='l11')
self.assertEqual(res.status_code, 200)
res = self.employee.json_patch(reverse('siteapi:dept_detail', args=('l1', )), data={'name': 'new'})
self.assertEqual(res.status_code, 403)
def test_boss(self):
employee = User.objects.get(username='******')
employee.is_boss = True
employee.save()
res = self.employee.json_patch(reverse('siteapi:dept_detail', args=('l11', )), data={'name': 'new'})
self.assertEqual(res.status_code, 200)
res = self.employee.json_patch(reverse('siteapi:dept_detail', args=('l1', )), data={'name': 'new'})
self.assertEqual(res.status_code, 200)