def test_can_view_stats(self): c = Collection.objects.create(author=self.user, slug='boom') fake_request = mock.Mock() fake_request.groups = () fake_request.user.is_authenticated.return_value = True # Owner. fake_request.user = self.user eq_(c.can_view_stats(fake_request), True) # Bad user. fake_request.user = UserProfile.objects.create(username='******', email='ez@dee') eq_(c.can_view_stats(fake_request), False) # Member of group with Collections:Edit permission. fake_request.groups = (Group(name='Collections Agency', rules='CollectionStats:View'), ) eq_(c.can_view_stats(fake_request), True) # Developer. CollectionUser.objects.create(collection=c, user=self.user) fake_request.groups = () fake_request.user = self.user eq_(c.can_view_stats(fake_request), True)
def test_edit_buttons(self): """Ensure admin/user edit buttons are shown.""" def get_links(id): """Grab profile, return edit links.""" url = reverse('users.profile', args=[id]) r = self.client.get(url) return PyQuery(r.content)('p.editprofile a') # Anonymous user. links = get_links(self.user.id) eq_(links.length, 0) # Non-admin, someone else's profile. self.client.login(username='******', password='******') links = get_links(9945) eq_(links.length, 0) # Non-admin, own profile. links = get_links(self.user.id) eq_(links.length, 1) eq_(links.eq(0).attr('href'), reverse('users.edit')) # Admin, someone else's profile. admingroup = Group(rules='Admin:EditAnyUser') admingroup.save() GroupUser.objects.create(group=admingroup, user=self.user_profile) cache.clear()
def test_password_empty(self): admingroup = Group(rules='Users:Edit') admingroup.save() GroupUser.objects.create(group=admingroup, user=self.user) homepage = {'username': '******', 'email': '*****@*****.**', 'homepage': 'http://cbc.ca'} res = self.client.post(self.url, homepage) eq_(res.status_code, 302)