def setUp(self): super(TestAuthorizationDeleteView, self).setUp() self.user_granted = UserFactory(username="******") self.user_granted.set_password("user") self.user_granted.save() self.user_non_granted = UserFactory(username="******") self.user_non_granted.set_password("user") self.user_non_granted.save()
def test_user_cant_manage(self): issue = IssueSubmissionFactory(journal=self.journal) user = UserFactory() is_granted = user.has_perm('editor.manage_issuesubmission', issue.journal) self.assertEqual(is_granted, False)
def test_non_staff_users_cannot_fake_ip(self): request = self.factory.get('/') request.user = UserFactory(is_staff=False) request.session = dict() request.META['HTTP_X_FORWARDED_FOR'] = '1.1.1.1' request.META['HTTP_CLIENT_IP'] = '1.2.3.4' middleware = SubscriptionMiddleware() assert middleware._get_user_ip_address(request) == '1.1.1.1'
def test_contact_filter(self): user = UserFactory() user2 = UserFactory() journal_in = JournalFactory(collection=self.collection) journal_in.members.add(user) journal_in.save() journal_not_in = JournalFactory(collection=self.collection) journal_not_in.members.add(user2) journal_not_in.save() data = {'user': user, 'journal': journal_in} form = IssueSubmissionForm(**data) choices = [c[0] for c in form.fields['contact'].choices] self.assertTrue(user.id in choices) self.assertFalse(user2.id in choices)
def test_knows_if_a_user_cannot_manage_authorizations(self): user = UserFactory() journal = JournalFactory(collection=self.collection) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False) journal.members.add(user) journal.save() is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, False)
def test_knows_if_a_user_can_manage_authorizations(self): user = UserFactory() journal = JournalFactory(collection=self.collection) journal.members.add(user) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=user, object_id=journal.id, authorization_codename=AC.can_manage_authorizations.codename) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
def test_user_can_manage(self): journal = JournalFactory(collection=self.collection) user = UserFactory() journal.members.add(user) journal.save() ct = ContentType.objects.get(app_label="erudit", model="journal") Authorization.objects.create( content_type=ct, user=user, object_id=journal.id, authorization_codename=AC.can_manage_issuesubmission.codename) issue = IssueSubmissionFactory(journal=journal) is_granted = user.has_perm('editor.manage_issuesubmission', issue.journal) self.assertEqual(is_granted, True)
def test_associates_the_subscription_type_to_the_request_in_case_of_individual_access( self): # Setup now_dt = dt.datetime.now() user = UserFactory() subscription = JournalAccessSubscriptionFactory.create( user=user, journal=self.journal) JournalAccessSubscriptionPeriodFactory.create( subscription=subscription, start=now_dt - dt.timedelta(days=10), end=now_dt + dt.timedelta(days=8)) request = self.factory.get('/') request.user = user request.session = dict() middleware = SubscriptionMiddleware() # Run middleware.process_request(request) # Check self.assertTrue(request.subscription_type == 'individual')
def test_knows_that_a_staff_member_can_manage_authorizations(self): user = UserFactory(is_staff=True) journal = JournalFactory(collection=self.collection) is_granted = user.has_perm('authorization.manage_authorizations', journal) self.assertEqual(is_granted, True)
def test_staff_can_manage(self): user = UserFactory(is_staff=True) issue = IssueSubmissionFactory(journal=self.journal) is_granted = user.has_perm('editor.manage_issuesubmission', issue) self.assertEqual(is_granted, True)