def test_notarypublic_changelist(agreed_users, user, rf, django_assert_num_queries, django_assert_max_num_queries): model_admin = admin.NotaryPublicAdmin(models.NotaryPublic, site) user = getattr(agreed_users, user) url = reverse("admin:letsagree_notarypublic_changelist") request = rf.get(url) request.user = user # A regular admin user can only see his agreements if not user.is_superuser: with django_assert_num_queries(2): qs = model_admin.get_queryset(request) assert qs.count() == user.agreed_terms.count() # A superuser can see all agreements else: with django_assert_num_queries(2): qs = model_admin.get_queryset(request) assert qs.count() == models.NotaryPublic.objects.all().count() # Superuser 3 queries, staff 5 queries due to permissions queries with django_assert_max_num_queries(5): view = model_admin.changelist_view(request) assert view.status_code == 200
def test_notarypublic_actions(main_user, other_user, action, agreed_users, rf): model_admin = admin.NotaryPublicAdmin(models.NotaryPublic, site) active_user = getattr(agreed_users, main_user) inactive_user = getattr(agreed_users, other_user) agreement_id = active_user.agreed_terms.last().id if action == "add": url = reverse("admin:letsagree_notarypublic_{0}".format(action)) else: url = reverse("admin:letsagree_notarypublic_{0}".format(action), args=(agreement_id, )) request = rf.get(url) # A user can only delete his agreements if action == "delete": request.user = active_user view = model_admin.delete_view(request, object_id=str(agreement_id)) assert view.status_code == 200 data = {"post": "yes", "_popup": "1"} client = Client() client.force_login(request.user) post_view = client.post(url, data) assert post_view.status_code == 302 assert post_view.url == reverse( "admin:letsagree_notarypublic_changelist") # Another (super)user cannot delete the active user's agreement request.user = inactive_user with pytest.raises(PermissionDenied): model_admin.delete_view(request, object_id=str(agreement_id)) elif action == "add": # Noone is allowed to add any agreement. request.user = active_user with pytest.raises(PermissionDenied): model_admin.add_view(request) elif action == "change": # The active user can view the agreement (in order to delete it) request.user = active_user view = model_admin.change_view(request, object_id=str(agreement_id)) assert view.status_code == 200 assert "delete" in view.rendered_content assert "readonly" in view.rendered_content assert '<input type="submit"' not in view.rendered_content if inactive_user.is_superuser: # The inactive super user can view the active user's agreement # get_queryset() guarantees that the inactive admin user will not # have access to the change view of another user's agreement. # It is tested next. view = model_admin.change_view(request, object_id=str(agreement_id)) assert view.status_code == 200