def setUp(self):
super(TestAuthorizationDeleteView, self).setUp()
self.user_granted = UserFactory(username="******")
self.user_granted.set_password("user")
self.user_granted.save()
self.user_non_granted = UserFactory(username="******")
self.user_non_granted.set_password("user")
self.user_non_granted.save()
def test_user_cant_manage(self):
issue = IssueSubmissionFactory(journal=self.journal)
user = UserFactory()
is_granted = user.has_perm('editor.manage_issuesubmission',
issue.journal)
self.assertEqual(is_granted, False)
def test_non_staff_users_cannot_fake_ip(self):
request = self.factory.get('/')
request.user = UserFactory(is_staff=False)
request.session = dict()
request.META['HTTP_X_FORWARDED_FOR'] = '1.1.1.1'
request.META['HTTP_CLIENT_IP'] = '1.2.3.4'
middleware = SubscriptionMiddleware()
assert middleware._get_user_ip_address(request) == '1.1.1.1'
def test_contact_filter(self):
user = UserFactory()
user2 = UserFactory()
journal_in = JournalFactory(collection=self.collection)
journal_in.members.add(user)
journal_in.save()
journal_not_in = JournalFactory(collection=self.collection)
journal_not_in.members.add(user2)
journal_not_in.save()
data = {'user': user, 'journal': journal_in}
form = IssueSubmissionForm(**data)
choices = [c[0] for c in form.fields['contact'].choices]
self.assertTrue(user.id in choices)
self.assertFalse(user2.id in choices)
def test_knows_if_a_user_cannot_manage_authorizations(self):
user = UserFactory()
journal = JournalFactory(collection=self.collection)
is_granted = user.has_perm('authorization.manage_authorizations',
journal)
self.assertEqual(is_granted, False)
journal.members.add(user)
journal.save()
is_granted = user.has_perm('authorization.manage_authorizations',
journal)
self.assertEqual(is_granted, False)
def test_knows_if_a_user_can_manage_authorizations(self):
user = UserFactory()
journal = JournalFactory(collection=self.collection)
journal.members.add(user)
journal.save()
ct = ContentType.objects.get(app_label="erudit", model="journal")
Authorization.objects.create(
content_type=ct,
user=user,
object_id=journal.id,
authorization_codename=AC.can_manage_authorizations.codename)
is_granted = user.has_perm('authorization.manage_authorizations',
journal)
self.assertEqual(is_granted, True)
def test_user_can_manage(self):
journal = JournalFactory(collection=self.collection)
user = UserFactory()
journal.members.add(user)
journal.save()
ct = ContentType.objects.get(app_label="erudit", model="journal")
Authorization.objects.create(
content_type=ct,
user=user,
object_id=journal.id,
authorization_codename=AC.can_manage_issuesubmission.codename)
issue = IssueSubmissionFactory(journal=journal)
is_granted = user.has_perm('editor.manage_issuesubmission',
issue.journal)
self.assertEqual(is_granted, True)
def test_associates_the_subscription_type_to_the_request_in_case_of_individual_access(
self):
# Setup
now_dt = dt.datetime.now()
user = UserFactory()
subscription = JournalAccessSubscriptionFactory.create(
user=user, journal=self.journal)
JournalAccessSubscriptionPeriodFactory.create(
subscription=subscription,
start=now_dt - dt.timedelta(days=10),
end=now_dt + dt.timedelta(days=8))
request = self.factory.get('/')
request.user = user
request.session = dict()
middleware = SubscriptionMiddleware()
# Run
middleware.process_request(request)
# Check
self.assertTrue(request.subscription_type == 'individual')
def test_knows_that_a_staff_member_can_manage_authorizations(self):
user = UserFactory(is_staff=True)
journal = JournalFactory(collection=self.collection)
is_granted = user.has_perm('authorization.manage_authorizations',
journal)
self.assertEqual(is_granted, True)
def test_staff_can_manage(self):
user = UserFactory(is_staff=True)
issue = IssueSubmissionFactory(journal=self.journal)
is_granted = user.has_perm('editor.manage_issuesubmission', issue)
self.assertEqual(is_granted, True)
