def test_view_remove_user(self):
"""
Test view for adding a user:
Verifies:
* GET redirects user to 405
* POST with a user id remove user, returns 1
* POST without user id returns error as json
* users lacking perms receive 403
* removing user not in group returns error as json
* removing user that does not exist returns error as json
* user loses all permissions when removed from group
"""
group = self.test_save()
c = Client()
group.user_set.add(self.user0)
url = '/group/%d/user/remove/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# invalid permissions
self.assertTrue(c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorize and login
grant(self.user0, 'admin', group)
# invalid method
response = c.get(url % args)
self.assertEqual(405, response.status_code)
# valid request (perm)
data = {'user':self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertEqual([], self.user0.get_perms(group))
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_remove_user.connect(callback)
# valid request (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
group.user_set.add(self.user0)
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_remove_user.disconnect(callback)
# remove user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertNotEqual('1', response.content)
# remove invalid user
response = c.post(url % args, {'user':0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('1', response.content)
def test_view_remove_user(self):
"""
Test view for adding a user:
Verifies:
* GET redirects user to 405
* POST with a user id remove user, returns 1
* POST without user id returns error as json
* users lacking perms receive 403
* removing user not in group returns error as json
* removing user that does not exist returns error as json
* user loses all permissions when removed from group
"""
group = self.test_save()
c = Client()
group.user_set.add(self.user0)
url = '/group/%d/user/remove/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# invalid permissions
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorize and login
grant(self.user0, 'admin', group)
# invalid method
response = c.get(url % args)
self.assertEqual(405, response.status_code)
# valid request (perm)
data = {'user': self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertEqual([], self.user0.get_perms(group))
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_remove_user.connect(callback)
# valid request (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
group.user_set.add(self.user0)
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEqual('1', response.content)
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_remove_user.disconnect(callback)
# remove user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertFalse(group.user_set.filter(id=self.user0.id).exists())
self.assertNotEqual('1', response.content)
# remove invalid user
response = c.post(url % args, {'user': 0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertNotEqual('1', response.content)
def test_view_add_user(self):
"""
Test view for adding a user:
Verifies:
* request from unauthorized user results in 403
* GET returns a 200 code, response is html
* POST with a user id adds user, response is html for user
* POST without user id returns error as json
* POST for invalid user id returns error as json
* adding user a second time returns error as json
"""
group = self.test_save()
c = Client()
url = '/group/%d/user/add/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized
self.assertTrue(c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorized get (perm granted)
grant(self.user0, 'admin', group)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# authorized get (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# missing user id
response = c.post(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# invalid user
response = c.post(url % args, {'user':0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_add_user.connect(callback)
# valid post
data = {'user':self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'muddle/group/user_row.html')
self.assertTrue(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_add_user.disconnect(callback)
# same user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)
def test_view_add_user(self):
"""
Test view for adding a user:
Verifies:
* request from unauthorized user results in 403
* GET returns a 200 code, response is html
* POST with a user id adds user, response is html for user
* POST without user id returns error as json
* POST for invalid user id returns error as json
* adding user a second time returns error as json
"""
group = self.test_save()
c = Client()
url = '/group/%d/user/add/'
args = group.id
# anonymous user
response = c.get(url % args, follow=True)
self.assertEqual(200, response.status_code)
self.assertTemplateUsed(response, 'registration/login.html')
# unauthorized
self.assertTrue(
c.login(username=self.user0.username, password='******'))
response = c.get(url % args)
self.assertEqual(403, response.status_code)
response = c.post(url % args)
self.assertEqual(403, response.status_code)
# authorized get (perm granted)
grant(self.user0, 'admin', group)
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# authorized get (superuser)
revoke(self.user0, 'admin', group)
self.user0.is_superuser = True
self.user0.save()
response = c.get(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/add_user.html')
# missing user id
response = c.post(url % args)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# invalid user
response = c.post(url % args, {'user': 0})
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
# setup signal
self.signal_sender = self.signal_user = self.signal_obj = None
def callback(sender, user, obj, **kwargs):
self.signal_sender = sender
self.signal_user = user
self.signal_obj = obj
view_add_user.connect(callback)
# valid post
data = {'user': self.user0.id}
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('text/html; charset=utf-8', response['content-type'])
self.assertTemplateUsed(response, 'group/user_row.html')
self.assertTrue(group.user_set.filter(id=self.user0.id).exists())
# check signal fired
self.assertEqual(self.signal_sender, self.user0)
self.assertEqual(self.signal_user, self.user0)
self.assertEqual(self.signal_obj, group)
view_add_user.disconnect(callback)
# same user again
response = c.post(url % args, data)
self.assertEqual(200, response.status_code)
self.assertEquals('application/json', response['content-type'])
self.assertEquals(group.user_set.filter(id=self.user0.id).count(), 1)