class PowerUserTest(TestCase):
def setUp(self):
# Every test needs a client.
self.client = PowerUserAuthClient()
self.article = Article.objects.create(
title='TestArticle',
body='<h1>Test Body</h1>',
published=True)
def test_my_accesses(self):
for symbolicurl in ['article-update',
'article-delete',
]:
response = self.client.get(
reverse(symbolicurl, kwargs={'pk': self.article.pk}))
self.assertEqual(response.status_code, 200, symbolicurl)
response = self.client.get(reverse('article-create'))
self.assertEqual(response.status_code, 200, 'Article creation')
class PowerUserTest(SeasonTestCaseMixin):
def setUp(self):
self.client = PowerUserAuthClient()
super(PowerUserTest, self).setUp()
def test_access_to_season_list(self):
for symbolicurl in restrictedgenericurls:
url = reverse(symbolicurl)
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
def test_access_to_season_detail(self):
for symbolicurl in restrictedspecificurls:
url = reverse(symbolicurl, kwargs={'pk': self.season.pk})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
for symbolicurl in restrictedhelperspecificurls:
for helper in self.users:
url = reverse(
symbolicurl,
kwargs={
'pk': self.season.pk,
'helperpk': helper.pk
})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
def test_access_to_foreignsession(self):
for session in self.foreignsessions:
urls = [
reverse(
'session-list',
kwargs={
'seasonpk': self.foreignseason.pk,
'year': session.day.year,
'week': session.day.strftime('%W'),
}),
reverse(
'session-create',
kwargs={
'seasonpk': self.foreignseason.pk,
}),
reverse(
'session-detail',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-update',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-staff-choices',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-delete',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
]
for url in urls:
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
def test_access_to_mysession(self):
for session in self.sessions:
urls = [
reverse(
'session-list',
kwargs={
'seasonpk': self.season.pk,
'year': session.day.year,
'week': session.day.strftime('%W'),
}),
reverse(
'session-create',
kwargs={
'seasonpk': self.season.pk,
}),
reverse(
'session-detail',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-update',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-staff-choices',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-delete',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
]
for url in urls:
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
class PowerUserTest(ProfileTestCase):
def setUp(self):
super(PowerUserTest, self).setUp()
self.client = PowerUserAuthClient()
def test_my_allowances(self):
for symbolicurl in myurlsforall + myurlsforoffice:
for exportformat in ["csv", "ods", "xls"]:
url = tryurl(symbolicurl, self.client.user, exportformat)
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
def test_otherusers_access(self):
for symbolicurl in othersurls:
for otheruser in self.users:
url = tryurl(symbolicurl, otheruser)
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
def test_send_creds(self):
nmails = 0
for otheruser in self.users:
url = tryurl("user-sendcredentials", otheruser)
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
# Now post to it, to get the mail sent
response = self.client.post(url, {})
self.assertEqual(response.status_code, 302, url)
nmails += 1
self.assertEqual(len(mail.outbox), nmails)
# Verify what they are from the DB
dbuser = get_user_model().objects.get(pk=otheruser.pk)
self.assertTrue(dbuser.is_active)
self.assertTrue(dbuser.has_usable_password())
self.assertTrue(dbuser.profile.can_login)
# Second try should fail, now that each of the users has a
# a valid email and got a password sent
response = self.client.get(url)
self.assertEqual(response.status_code, 403, url)
# Unallowed to re-send creds either
url = tryurl("user-resendcredentials", otheruser)
response = self.client.get(url)
self.assertEqual(response.status_code, 403, url)
def test_other_profile_accesses(self):
for user in self.users:
# Pre-update profile and user
user.profile.formation = FORMATION_M1
user.profile.save()
url = reverse("user-update", kwargs={"pk": user.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
initial = self.getprofileinitial(user)
# Test some update, that must go through
initial["first_name"] = "newfirstname"
initial["activity_cantons"] = ["JU", "VD", "GE"]
# And some that mustn't
initial["formation"] = FORMATION_M2
initial["affiliation_canton"] = "VD"
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 302, url)
# Get our user from DB
her = get_user_model().objects.get(pk=user.pk)
# Updated
self.assertEqual(her.first_name, "newfirstname")
# Pas de VD parce que le canton d'affiliation est 'VD'
self.assertEqual(her.profile.activity_cantons, ["JU", "GE"])
# Updated as well
self.assertEqual(her.profile.formation, FORMATION_M2)
self.assertEqual(her.profile.affiliation_canton, "VD")
def test_autocompletes(self):
# All autocompletes are permitted
for al in profile_autocompletes:
url = reverse("autocomplete_light_autocomplete", kwargs={"autocomplete": al})
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)