def test_permission_group_form_updates_members(regular_user):
with replace_modules([ARestrictedTestModule]):
modules = [m for m in get_modules()]
test_module = modules[0]
module_permissions = test_module.get_required_permissions()
assert module_permissions
group = get_default_permission_group()
form = PermissionGroupForm(instance=group, prefix=None)
assert not group.permissions.all()
assert not group.user_set.all()
data = {
"name": "New Name",
"modules": [force_text(test_module.name)],
"members": [force_text(regular_user.pk)],
}
form = PermissionGroupForm(instance=group, prefix=None, data=data)
form.save()
module_permissions = [get_permission_object_from_string(m) for m in module_permissions]
assert group.name == "New Name"
assert set(module_permissions) == set(group.permissions.all())
assert regular_user in group.user_set.all()
form = PermissionGroupForm(instance=group, prefix=None, data={"name": "Name"})
form.save()
assert not group.permissions.all()
assert not group.user_set.all()
def test_permission_group_form_updates_members(regular_user):
with replace_modules([ARestrictedTestModule]):
modules = [m for m in get_modules()]
test_module = modules[0]
module_permissions = test_module.get_required_permissions()
assert module_permissions
group = get_default_permission_group()
form = PermissionGroupForm(instance=group, prefix=None)
assert not group.permissions.all()
assert not group.user_set.all()
data = {
"name": "New Name",
"modules": [force_text(test_module.name)],
"members": [force_text(regular_user.pk)],
}
form = PermissionGroupForm(instance=group, prefix=None, data=data)
form.save()
module_permissions = [get_permission_object_from_string(m) for m in module_permissions]
assert group.name == "New Name"
assert set(module_permissions) == set(group.permissions.all())
assert regular_user in group.user_set.all()
form = PermissionGroupForm(instance=group, prefix=None, data={"name": "Name"})
form.save()
assert not group.permissions.all()
assert not group.user_set.all()
def test_valid_permissions_for_all_modules():
"""
If a module requires permissions, make sure all url and module-
level permissions are valid.
"""
for module in get_modules():
url_permissions = set(get_permissions_from_urls(module.get_urls()))
module_permissions = set(module.get_required_permissions())
for permission in (url_permissions | module_permissions):
assert get_permission_object_from_string(permission)
def test_valid_permissions_for_all_modules():
"""
If a module requires permissions, make sure all url and module-
level permissions are valid.
"""
for module in get_modules():
url_permissions = set(get_permissions_from_urls(module.get_urls()))
module_permissions = set(module.get_required_permissions())
for permission in (url_permissions | module_permissions):
assert get_permission_object_from_string(permission)
def clean(self):
cleaned_data = super(PermissionGroupForm, self).clean()
permissions = set()
modules = cleaned_data.pop("modules", [])
required_permissions = self._get_required_permissions(modules)
for permission in required_permissions:
permissions.add(get_permission_object_from_string(permission))
cleaned_data["required_permissions"] = permissions
return cleaned_data
def clean(self):
cleaned_data = super(PermissionGroupForm, self).clean()
permissions = set()
modules = cleaned_data.pop("modules", [])
required_permissions = self._get_required_permissions(modules)
for permission in required_permissions:
permissions.add(get_permission_object_from_string(permission))
cleaned_data["required_permissions"] = permissions
return cleaned_data
def test_valid_permissions_for_all_modules():
"""
If a module requires permissions, make sure all url and module-
level permissions are valid.
Modules that add permissions using migrations must be checked
manually since their permissions will not be in the test database.
"""
for module in get_modules():
url_permissions = set(get_permissions_from_urls(module.get_urls()))
module_permissions = set(module.get_required_permissions())
for permission in (url_permissions | module_permissions):
if module.__class__ in migrated_permissions:
assert permission in migrated_permissions[module.__class__]
else:
assert get_permission_object_from_string(permission)
def test_valid_permissions_for_all_modules():
"""
If a module requires permissions, make sure all url and module-
level permissions are valid.
Modules that add permissions using migrations must be checked
manually since their permissions will not be in the test database.
"""
for module in get_modules():
url_permissions = set(get_permissions_from_urls(module.get_urls()))
module_permissions = set(module.get_required_permissions())
for permission in (url_permissions | module_permissions):
if module.__class__ in migrated_permissions:
assert permission in migrated_permissions[module.__class__]
else:
assert get_permission_object_from_string(permission)
def test_edit_button_no_permission(browser, admin_user, live_server, settings):
shop = get_default_shop()
manager_group = Group.objects.create(name="Managers")
manager = create_random_user("en", is_staff=True)
manager.username = "******"
manager.set_password("password")
manager.save()
manager.groups.add(manager_group)
shop.staff_members.add(manager)
# add permissions for Product
permission_models = [Shop, Product, ShopProduct]
for model in permission_models:
for permission in get_default_model_permissions(model):
manager_group.permissions.add(
get_permission_object_from_string(permission))
get_default_product_type()
get_default_sales_unit()
get_default_tax_class()
initialize_admin_browser_test(browser,
live_server,
settings,
username=manager.username)
url = reverse("shuup_admin:shop_product.new")
browser.visit("%s%s" % (live_server, url))
sku = "testsku"
name = "Some product name"
price_value = 10
short_description = "short but gold"
browser.fill("base-sku", sku)
browser.fill("base-name__en", name)
browser.fill("base-short_description__en", short_description)
browser.fill("shop%s-default_price_value" % shop.pk, price_value)
wait_until_appeared(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
click_element(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# no permission to add category
with browser.get_iframe('create-object-iframe') as iframe:
error = "Can't view this page. You do not have the required permissions: %s" % ", ".join(
get_default_model_permissions(Category))
wait_until_condition(iframe,
condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
# add permission to add category
for permission in get_default_model_permissions(Category):
manager_group.permissions.add(
get_permission_object_from_string(permission))
# click to add category again
click_element(
browser,
"#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
# add the category
with browser.get_iframe('create-object-iframe') as iframe:
assert Category.objects.count() == 0
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", "Test Category")
time.sleep(
3
) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(browser,
condition=lambda x: Category.objects.count() == 1,
timeout=20)
assert Category.objects.first().name == "Test Category"
# remove the edit category permissions
# add permission to add category
for permission in get_default_model_permissions(Category):
manager_group.permissions.remove(
get_permission_object_from_string(permission))
# click to edit the button
click_element(
browser,
"#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
# no permission to edit category
with browser.get_iframe('create-object-iframe') as iframe:
error = "Can't view this page. You do not have the required permission(s): shuup.change_category"
wait_until_condition(iframe,
condition=lambda x: x.is_text_present(error))
# close iframe
click_element(browser, "#create-object-overlay a.close-btn")
for permission in get_default_model_permissions(Category):
manager_group.permissions.add(
get_permission_object_from_string(permission))
click_element(
browser,
"#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id)
wait_until_appeared(browser, "#create-object-iframe")
new_cat_name = "Changed Name"
with browser.get_iframe('create-object-iframe') as iframe:
wait_until_appeared(iframe, "input[name='base-name__en']")
iframe.fill("base-name__en", new_cat_name)
time.sleep(
3
) # Let's just wait here to the iFrame to open fully (for Chrome and headless)
wait_until_appeared(iframe, "button[form='category_form']")
click_element(browser, "button[form='category_form']")
wait_until_condition(
browser,
condition=lambda x: Category.objects.first().name == new_cat_name,
timeout=20)
