def test_view_in_whitelisted_app(self):
"""Checks that a view from an app considered safe
is considered safe itself"""
rules = {
'failclose': []
}
self.assertTrue(utils.is_safe(self.view, rules=rules))
def test_view_in_rules(self):
"""Checks that a view marked as safe in rules is
confirmed safe"""
rules = {
'failclose': ['ugly']
}
self.assertTrue(utils.is_safe(self.view, rules=rules))
def process_view(self, request, view_func, view_args, view_kwargs):
# if the view is marked as safe, we execute it
if is_safe(view_func):
return view_func(request, *view_args, **view_kwargs)
if settings.FORBIDDEN_URL:
return redirect(settings.FORBIDDEN_URL)
else:
return HttpResponseForbidden()
def test_view_namespaces(self):
"""Verifies that app namespaces are followed when checking
view safety in rules"""
# setting up the project used to check the view
self.old_project_name = getattr(settings, 'PROJECT_NAME', None)
settings.PROJECT_NAME = 'foobar'
rules = {
'foobar': ['ugly'],
}
self.assertFalse(utils.is_safe(self.view, rules=rules))
# rolling back the settings
if self.old_project_name is not None:
settings.PROJECT_NAME = self.old_project_name
def test_decorated_view(self):
"""Checks that a decorated view is marked as safe"""
self.decorated_view = utils.safe(self.view)
self.assertTrue(utils.is_safe(self.decorated_view, rules={}))
def test_unsafe_view(self):
"""Checks that an unsafe view is marked as such"""
self.assertFalse(utils.is_safe(self.view, rules={}))
