def test_POST(self, app): login(app, "admin", "secret") transaction_begin(app) create_user(app, "test") udata = search_data(app, "users", "login", "test") gdata = search_data(app, "usergroups", "name", "test") # Check that the default_gid is set to the users usergroup assert gdata.get("id") == udata.get("default_gid") transaction_rollback(app)
def test_setstandin(self, app): user = search_data(app, "users", "login", "test123") app.get("/usergroups/setstandin/%s" % user["default_gid"]) admin = search_data(app, "users", "login", "admin") app.post("/usergroups/setstandin/%s" % user["default_gid"], params={"members": [admin["id"], user["id"]]}, status=302) app.get("/") transaction_rollback(app)
def test_create(self, app): login(app, "admin", "secret") transaction_begin(app) create_user(app, "test") user = search_data(app, "users", "login", "test") user["login"] = "******" app.post("/users/update/%s" % user["id"], params=user, status=302) usergroup = search_data(app, "usergroups", "name", user["login"]) assert usergroup app.get("/") transaction_rollback(app)
def test_create(self, app): login(app, "admin", "secret") transaction_begin(app) create_user(app, "test") # Regression test for Issue1201 in Intevation waskiq tracker. If # the login is changed calling the setstandin page failed for # admin users. user = search_data(app, "users", "login", "test") user["login"] = "******" app.post("/users/update/%s" % user["id"], params=user, status=302)
def test_unauthorized(self, app): """Method is called with a different uid than the id uf the current user. This is not allowed the users are only allowed to delete their own account.""" login(app, "admin", "secret") transaction_begin(app) create_user(app, "test") user = search_data(app, "users", "login", "test") app.get("/users/removeaccount/%s" % user["id"], params=user, status=403) app.get("/") transaction_rollback(app)
def test_confirmed(self, app): """User must confirm the deletion twice""" transaction_begin(app) login(app, "admin", "secret") create_user(app, "test") user = search_data(app, "users", "login", "test") login(app, "test", "123123123qwe") app.get("/users/removeaccount/%s" % user["id"], status=200) params = {"_confirm_remove_account2": ["1"], "_confirm_remove_account": ["1"]} app.post("/users/removeaccount/%s" % user["id"], params=params, status=302) app.get("/") transaction_rollback(app)