class OrgaBasicTest(TestCase): def setUp(self): # Every test needs a client. self.client = AuthClient() self.expected_code = 403 self.expected_save_code = 403 self.expect_templates = False self.orga = OrganizationFactory() self.orga.save() def test_access_to_orga_list(self): response = self.client.get(reverse('organization-list')) if self.expect_templates: self.assertTemplateUsed(response, 'orga/organization_filter.html') self.assertEqual(response.status_code, self.expected_code) response = self.client.get(reverse( 'organization-list-export', kwargs={'format': 'csv'})) self.assertEqual(response.status_code, self.expected_code) def test_access_to_orga_detail(self): # Issue a GET request. response = self.client.get(reverse('organization-detail', kwargs={'pk': self.orga.pk})) if self.expect_templates: self.assertTemplateUsed(response, 'orga/organization_detail.html') self.assertEqual(response.status_code, self.expected_code) def test_access_to_orga_edit(self): url = reverse('organization-update', kwargs={'pk': self.orga.pk}) response = self.client.get(url) if self.expect_templates: self.assertTemplateUsed(response, 'orga/organization_form.html') self.assertEqual(response.status_code, self.expected_code) def test_autocompletes(self): for al in ['OrganizationAutocomplete']: url = reverse( 'autocomplete_light_autocomplete', kwargs={'autocomplete': al} ) response = self.client.get(url) self.assertEqual(response.status_code, self.expected_code, url)
class AuthUserTest(TestCase): def setUp(self): # Every test needs a client. self.client = AuthClient() self.article = Article.objects.create( title='TestArticle', body='<h1>Test Body</h1>', published=True) def test_my_restrictions(self): for symbolicurl in ['article-update', 'article-delete', ]: response = self.client.get( reverse(symbolicurl, kwargs={'pk': self.article.pk})) self.assertEqual(response.status_code, 403, symbolicurl) response = self.client.get(reverse('article-create')) self.assertEqual(response.status_code, 403, 'Article creation')
class AuthUserTest(SeasonTestCaseMixin): def setUp(self): self.client = AuthClient() super(AuthUserTest, self).setUp() def test_access_to_season_list(self): for symbolicurl in freeforallurls: url = reverse(symbolicurl) # Final URL is OK response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 200, url) def test_no_access_to_season_create(self): for symbolicurl in restrictedgenericurls: url = reverse(symbolicurl) # Final URL is forbidden response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 403, url) def test_no_access_to_season_detail(self): for symbolicurl in restrictedspecificurls: url = reverse(symbolicurl, kwargs={'pk': self.season.pk}) # Final URL is forbidden response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 403, url) for symbolicurl in restrictedhelperspecificurls: for helper in self.users: url = reverse( symbolicurl, kwargs={ 'pk': self.season.pk, 'helperpk': helper.pk }) # Final URL is forbidden response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 403, url) def test_access_to_myseason_availabilities(self): for symbolicurl in restrictedhelperspecificurls: url = reverse( symbolicurl, kwargs={ 'pk': self.season.pk, 'helperpk': self.client.user.pk }) # Fails, we have no formation self.assertEqual(self.client.get(url).status_code, 403, url) # Fails, we have not a common canton self.client.user.profile.formation = FORMATION_M1 self.client.user.profile.save() self.assertEqual(self.client.get(url).status_code, 403, url) # Works, we have it all self.client.user.profile.affiliation_canton = \ self.season.cantons[0] self.client.user.profile.save() self.assertEqual(self.client.get(url).status_code, 200, url) # Fails, we have a common canton, but no Formation self.client.user.profile.formation = '' self.client.user.profile.save() self.assertEqual(self.client.get(url).status_code, 403, url) def test_no_access_to_session(self): for session in self.sessions: urls = [ reverse( 'session-list', kwargs={ 'seasonpk': self.season.pk, 'year': session.day.year, 'week': session.day.strftime('%W'), }), reverse( 'session-create', kwargs={ 'seasonpk': self.season.pk, }), reverse( 'session-detail', kwargs={ 'seasonpk': self.season.pk, 'pk': session.pk, }), reverse( 'session-update', kwargs={ 'seasonpk': self.season.pk, 'pk': session.pk, }), reverse( 'session-staff-choices', kwargs={ 'seasonpk': self.season.pk, 'pk': session.pk, }), reverse( 'session-delete', kwargs={ 'seasonpk': self.season.pk, 'pk': session.pk, }), ] for url in urls: # Final URL is forbidden response = self.client.get(url, follow=True) self.assertEqual(response.status_code, 403, url)