def test_toggle_toggles_user_status(self):
self.request.user = User.get(User.username == 'admin')
self.request.context = User.get(User.username == 'manager')
self.assertEqual(User.get(User.username == 'manager').active, True)
response = self.views.toggle_status()
user = User.get(User.username == 'manager')
self.assertEqual(user.active, False)
self.assertIsInstance(response, HTTPFound)
self.assertEqual(response.location,
self.request.route_url('users', traverse=()))
def test_edit_user_post(self):
user = User.get(User.username == 'admin')
self.request.context = user
self.request.method = 'POST'
self.request.POST = MultiDict([('group', 'sm'),
('municipality_id', '2')])
response = self.views.edit()
user = User.get(User.username == 'admin')
self.assertEqual(user.group, 'sm')
self.assertEqual(user.municipality_id, '2')
self.assertIsInstance(response, HTTPFound)
self.assertEqual(
response.location,
self.request.route_url('users', traverse=(user.id, 'edit')))
def group_finder(user_id, request):
from composting.models.user import User
try:
user = User.get(User.id == user_id)
except NoResultFound:
return None
else:
municipality_id = user.municipality_id
effective_principals = []
# determine the user's permissions and extend effective_principals
# with the those
permissions = GROUP_PERMISSIONS.get(user.group, [])
# if the user has municipality-edit permissions and also belongs to a
# municipality, add a 'p:municipality-edit:1' permission
if municipality_id is not None:
permissions = [
p.format(municipality_id)
for p in GROUP_PERMISSIONS.get(user.group, [])
]
effective_principals.extend(permissions)
return effective_principals
def test_toggle_doenst_allow_deactivating_own_account(self):
user = User.get(User.username == 'admin')
self.request.user = user
self.request.context = user
response = self.views.toggle_status()
self.assertIsInstance(response, HTTPFound)
self.assertEqual(response.location,
self.request.route_url('users', traverse=()))
def sign_in(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
try:
user = User.get(User.username == username)
except NoResultFound:
# we're still here set the error message
request.session.flash(u"Invalid username or password", 'error')
else:
if user.active is False:
# we're still here set the error message
request.session.flash(
u"Inactive account, please contact your supervisor",
'error')
elif user.check_password(password):
headers = remember(request, user.id)
return HTTPFound(
request.route_url(
'municipalities', traverse=()), headers=headers)
else:
# we're still here set the error message
request.session.flash(u"Invalid username or password", 'error')
return {}
def test_update(self):
user = User.get(User.username == 'admin')
user.update(group='sm', municipality_id=1, active=True)
self.assertEqual(user.group, 'sm')
self.assertEqual(user.municipality_id, 1)
self.assertEqual(user.active, True)
def test_update_when_wb_or_nema(self):
user = User.get(User.username == 'manager')
user.update(group='nema', municipality_id=1, active=True)
self.assertIsNone(user.municipality_id)
def get_request_user(request):
user_id = authenticated_userid(request)
try:
return User.get(User.id == user_id)
except NoResultFound:
return None
def test_edit_when_municipality_user(self):
user = User.get(User.username == 'manager')
url = self.request.route_path('users', traverse=(user.id, 'edit'))
headers = self._login_user(2)
self.testapp.get(url, headers=headers, status=403)