def test_model_url_with_permissions(): permissions = set( ["shop_product.new", "shop_product.delete", "shop_product.edit"]) shop = get_default_shop() p = get_default_product() # If no user is given, don't check for permissions assert get_model_url(p, shop=shop) # If a user is given and no permissions are provided, check for default model permissions user = get_default_staff_user() with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, shop=shop) # If a user is given and permissions are provided, check for those permissions assert get_model_url(p, user=user, required_permissions=(), shop=shop) with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, required_permissions=["shop_product.new"], shop=shop) # Confirm that url is returned with correct permissions set_permissions_for_group(user.groups.first(), permissions) assert get_model_url(p, user=user, shop=shop) assert get_model_url(p, user=user, required_permissions=permissions, shop=shop)
def test_reports_admin_permissions(rf): shop = get_default_shop() # We need a shop to exists staff_user = get_default_staff_user(shop) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) request = apply_request_middleware(rf.get("/"), user=staff_user) request.user = staff_user with replace_modules([ReportsAdminModule]): with override_provides("reports", REPORTS): extra_permissions = ReportsAdminModule().get_extra_permissions() assert len(extra_permissions) == 3 assert SalesReport.identifier in extra_permissions assert TotalSales.identifier in extra_permissions assert SalesPerHour.identifier in extra_permissions with admin_only_urls(): view_func = ReportView.as_view() response = view_func(request) response.render() response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) assert soup.find("div", {"class": "content-block"}).text == "No reports available" expected_report_identifiers = [] for report_cls in [SalesReport, TotalSales, SalesPerHour]: expected_report_identifiers.append(report_cls.identifier) set_permissions_for_group(permission_group, [report_cls.identifier]) response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) for option in soup.find("select", {"id": "id_report"}).findAll("option"): assert option["value"] in expected_report_identifiers
def test_reports_admin_permissions(rf): shop = get_default_shop() # We need a shop to exists staff_user = get_default_staff_user(shop) permission_group = get_default_permission_group() staff_user.groups = [permission_group] request = apply_request_middleware(rf.get("/"), user=staff_user) request.user = staff_user with replace_modules([ReportsAdminModule]): with override_provides("reports", REPORTS): extra_permissions = ReportsAdminModule().get_extra_permissions() assert len(extra_permissions) == 3 assert SalesReport.identifier in extra_permissions assert TotalSales.identifier in extra_permissions assert SalesPerHour.identifier in extra_permissions with admin_only_urls(): view_func = ReportView.as_view() response = view_func(request) response.render() response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) assert soup.find("div", {"class": "content-block"}).text == "No reports available" expected_report_identifiers = [] for report_cls in [SalesReport, TotalSales, SalesPerHour]: expected_report_identifiers.append(report_cls.identifier) set_permissions_for_group(permission_group, [report_cls.identifier]) response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) for option in soup.find("select", {"id": "id_report"}).findAll("option"): assert option["value"] in expected_report_identifiers
def test_login_as_requires_staff_member(rf, regular_user): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) def do_nothing(request, shop=None): pass def get_default(request): return get_default_shop() # Maybe some vendors and non marketplace staff members has access to admin module with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing): with patch("shuup.admin.shop_provider.get_shop", side_effect=get_default): view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user) # not staff member with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) shop.staff_members.add(staff_user) # no permission with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user
def test_media_view_images_without_root_access(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) folder = get_or_create_folder(shop, "Root") File.objects.create(name="normalfile", folder=folder) img = Image.objects.create(name="imagefile", folder=folder, is_public=True) request = apply_request_middleware(rf.get("/", { "filter": "images", "action": "folder" }), user=staff_user) request.user = staff_user view_func = MediaBrowserView.as_view() response = view_func(request) assert isinstance(response, JsonResponse) content = json.loads(response.content.decode("utf-8")) assert len(content["folder"]["folders"]) == 0 assert len(content["folder"]["files"]) == 0
def test_user_permission_cache_bump(rf): user = factories.get_default_staff_user() group_a = Group.objects.create(name="Group A") group_b = Group.objects.create(name="Group B") group_a_permissions = ["purchase", "sell"] group_b_permissions = ["delete", "create"] set_permissions_for_group(group_a, set(group_a_permissions)) set_permissions_for_group(group_b, set(group_b_permissions)) all_permissions = set(group_a_permissions + group_b_permissions) # as user is not in any group, it misses all the groups assert get_missing_permissions(user, all_permissions) == all_permissions # add the user to Group A user.groups.add(group_a) # the user misses the group_b permissions assert get_missing_permissions(user, all_permissions) == set(group_b_permissions) # make the user be part only of group b group_b.user_set.add(user) group_a.user_set.remove(user) # the user misses the group_a permissions assert get_missing_permissions(user, all_permissions) == set(group_a_permissions) # user is part of all groups user.groups.set([group_a, group_b]) assert get_missing_permissions(user, all_permissions) == set()
def test_login_as_staff_as_staff(rf): """ Staff user 1 tries to impersonat staff user 2 """ shop = get_default_shop() staff_user1 = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user1.groups.add(permission_group) shop.staff_members.add(staff_user1) staff_user2 = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user1) with pytest.raises(PermissionDenied): view_func(request, pk=staff_user2.pk) set_permissions_for_group(permission_group, ["user.login-as-staff"]) response = view_func(request, pk=staff_user2.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user2 # Stop impersonating and since staff1 does not have user detail permission # he/she should find him/herself from dashboard response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user1 response = stop_impersonating_staff(request) assert response.status_code == 403
def get_staff_user(): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"]) return staff_user
def test_media_view_images(rf): with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True): shop1 = factories.get_shop(identifier="shop1", enabled=True) shop1_staff1 = _create_random_staff(shop1) shop1_staff2 = _create_random_staff(shop1) group = factories.get_default_permission_group() set_permissions_for_group(group, ["media.upload-to-folder", "media.view-all"]) shop2 = factories.get_shop(identifier="shop2", enabled=True) shop2_staff = _create_random_staff(shop2) shop1_staff1.groups.add(group) shop1_staff2.groups.add(group) shop2_staff.groups.add(group) # Let's agree this folder is created by for example carousel # so it would be shared with all the shops. folder = Folder.objects.create(name="Root") assert MediaFolder.objects.count() == 0 path = "%s" % folder.name File.objects.create(name="normalfile", folder=folder) # Shared between shops # Let's create 4 images for shop 1 _mbv_upload(shop1, shop1_staff1, path=path) _mbv_upload(shop1, shop1_staff1, path=path) _mbv_upload(shop1, shop1_staff2, path=path) _mbv_upload(shop1, shop1_staff2, path=path) assert MediaFile.objects.count() == 4 # Let's create 3 images for shop 2 _mbv_upload(shop2, shop2_staff, path=path) _mbv_upload(shop2, shop2_staff, path=path) _mbv_upload(shop2, shop2_staff, path=path) assert MediaFile.objects.count() == 7 # All files were created to same folder and while uploading # the each shop declared that they own the folder. assert Folder.objects.count() == 1 assert MediaFolder.objects.count() == 1 assert MediaFolder.objects.filter(shops=shop1).exists() assert shop1.media_folders.count() == 1 assert shop1.media_files.count() == 4 assert MediaFolder.objects.filter(shops=shop2).exists() assert shop2.media_folders.count() == 1 assert shop2.media_files.count() == 3 # Now let's make sure that each staff can view the folder # and all the files she should see. _check_that_staff_can_see_folder(rf, shop1, shop1_staff1, folder, 5) _check_that_staff_can_see_folder(rf, shop1, shop1_staff2, folder, 5) _check_that_staff_can_see_folder(rf, shop2, shop2_staff, folder, 4)
def test_url_buttons_permission(rf, button, permission, instance): request = rf.get("/") assert isinstance(button, instance) if button is not None: request.user = factories.get_default_staff_user() assert not "".join(bit for bit in button.render(request)) set_permissions_for_group(request.user.groups.first(), (permission, )) assert "".join(bit for bit in button.render(request))
def get_supplier_user(): factories.get_default_shop() supplier = factories.get_default_supplier() supplier_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() supplier_user.groups.add(permission_group) set_permissions_for_group(permission_group, [ "Customize Supplier Admin Menu", "menu.arrange_supplier", "menu.reset_staff" ]) return supplier_user
def test_login_as_staff_member(rf): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=staff_user.pk) user = UserFactory() get_person_contact(user) request = apply_request_middleware(rf.post("/"), user=staff_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk) user.is_active = True user.save() # staff user without "user.login-as" permission trying to login as valid user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) permission_group = staff_user.groups.first() set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == user
def test_can_see_root_folder(rf, admin_user): assert not can_see_root_folder(None) assert can_see_root_folder(admin_user) shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) assert not can_see_root_folder(staff_user) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["media.view-all"]) assert can_see_root_folder(staff_user)
def test_toolbar_button_permissions(rf, button_class, kwargs): permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) request = rf.get("/") request.user = factories.get_default_staff_user() button = button_class(required_permissions=permissions, **kwargs) rendered_button = "".join(bit for bit in button.render(request)) assert not rendered_button # Set permissions for the user set_permissions_for_group(request.user.groups.first(), permissions) rendered_button = "".join(bit for bit in button.render(request)) assert rendered_button
def test_toolbar_button_permissions(rf, button_class, kwargs): permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"]) request = rf.get("/") request.user = factories.get_default_staff_user() button = button_class(required_permissions=permissions, **kwargs) rendered_button = "".join(bit for bit in button.render(request)) assert not rendered_button # Set permissions for the user set_permissions_for_group(request.user.groups.first(), permissions) rendered_button = "".join(bit for bit in button.render(request)) assert rendered_button
def test_dashboard_blocks_permissions(rf, client): with replace_modules([ARestrictedTestModule]): request = rf.get("/") request.user = get_default_staff_user(get_default_shop()) # Dashboard permission is added by default request.session = client.session view = DashboardView(request=request) assert not view.get_context_data()["blocks"] # By default there is only dashboard permission so to be # able to see some blocks permission to some admin module # providing dashboard bocks needed. set_permissions_for_group( request.user.groups.first(), set("dashboard") | set(ARestrictedTestModule().get_required_permissions()) ) view = DashboardView(request=request) assert view.get_context_data()["blocks"]
def test_dashboard_blocks_permissions(rf, client): with replace_modules([ARestrictedTestModule]): request = rf.get("/") request.user = get_default_staff_user(get_default_shop()) # Dashboard permission is added by default request.session = client.session view = DashboardView(request=request) assert not view.get_context_data()["blocks"] # By default there is only dashboard permission so to be # able to see some blocks permission to some admin module # providing dashboard bocks needed. set_permissions_for_group( request.user.groups.first(), set("dashboard") | set(ARestrictedTestModule().get_required_permissions()) ) view = DashboardView(request=request) assert view.get_context_data()["blocks"]
def test_browser_config_as_shop_staff(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.post("/"), user=staff_user) urls = get_browser_urls(request) # staff does not have media permission assert urls["media"] is None set_permissions_for_group(permission_group, ["media.browse"]) urls = get_browser_urls(request) assert urls["media"] == reverse("shuup_admin:media.browse") media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls())) assert "media.browse" in media_module_permission_urls assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_permissions_for_menu_entries(rf, admin_user): request = rf.get("/") request.user = factories.get_default_staff_user() permission_group = request.user.groups.first() set_permissions_for_group( permission_group, set("dashboard") | set(ARestrictedTestModule().get_required_permissions()) ) with replace_modules([ARestrictedTestModule]): categories = get_menu_entry_categories(request) assert categories # Make sure category is displayed if user has correct permissions test_category_menu_entries = [cat for cat in categories if cat.name == "RestrictedTest"][0] assert any(me.text == "OK" for me in test_category_menu_entries) # No menu items should be displayed if user has no permissions set_permissions_for_group(permission_group, set()) categories = get_menu_entry_categories(request) assert not categories
def test_permissions_for_menu_entries(rf, admin_user): request = rf.get("/") request.user = factories.get_default_staff_user() permission_group = request.user.groups.first() set_permissions_for_group( permission_group, set("dashboard") | set(ARestrictedTestModule().get_required_permissions()) ) with replace_modules([ARestrictedTestModule]): categories = get_menu_entry_categories(request) assert categories # Make sure category is displayed if user has correct permissions test_category_menu_entries = [cat for cat in categories if cat.name == "RestrictedTest"][0] assert any(me.text == "OK" for me in test_category_menu_entries) # No menu items should be displayed if user has no permissions set_permissions_for_group(permission_group, set()) categories = get_menu_entry_categories(request) assert not categories
def test_model_url_with_permissions(): permissions = set(["shop_product.new", "shop_product.delete", "shop_product.edit"]) shop = get_default_shop() p = get_default_product() # If no user is given, don't check for permissions assert get_model_url(p, shop=shop) # If a user is given and no permissions are provided, check for default model permissions user = get_default_staff_user() with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, shop=shop) # If a user is given and permissions are provided, check for those permissions assert get_model_url(p, user=user, required_permissions=(), shop=shop) with pytest.raises(NoModelUrl): assert get_model_url(p, user=user, required_permissions=["shop_product.new"], shop=shop) # Confirm that url is returned with correct permissions set_permissions_for_group(user.groups.first(), permissions) assert get_model_url(p, user=user, shop=shop) assert get_model_url(p, user=user, required_permissions=permissions, shop=shop)
def test_get_folders_without_view_all_permission(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) # Create a structure and retrieve it folder1 = get_or_create_folder(shop, printable_gibberish()) folder1_media_folder = ensure_media_folder(shop, folder1) folder1_media_folder.owners.add(staff_user) folder2 = get_or_create_folder(shop, printable_gibberish()) folder3 = get_or_create_folder(shop, printable_gibberish()) folder4 = get_or_create_folder(shop, printable_gibberish()) folder4.parent = folder2 folder4.save() folder4_media_folder = ensure_media_folder(shop, folder4) folder4_media_folder.owners.add(staff_user) folder5 = get_or_create_folder(shop, printable_gibberish()) folder5.parent = folder4 folder5.save() folder6 = get_or_create_folder(shop, printable_gibberish()) folder6.parent = folder5 folder6.save() folder6_media_folder = ensure_media_folder(shop, folder6) folder6_media_folder.owners.add(staff_user) folder7 = get_or_create_folder(shop, printable_gibberish()) folder7.parent = folder6 folder7.save() tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET")) assert set((folder1.id, folder4.id)) <= set(tree.keys())
def get_default_permission_group(permissions=("dashboard",)): group, _ = PermissionGroup.objects.get_or_create(name=DEFAULT_NAME) set_permissions_for_group(group.id, permissions) return group
def get_default_permission_group(permissions=("dashboard",)): group, _ = PermissionGroup.objects.get_or_create(name=DEFAULT_NAME) set_permissions_for_group(group.id, permissions) return group
def save(self): obj = super(PermissionGroupForm, self).save() obj.user_set = set(self.cleaned_data["members"]) set_permissions_for_group(obj.pk, self.cleaned_data["permissions"]) return obj
def test_ajax_object_select_view_with_contacts_multipleshop(rf, contact_cls): shop1 = get_default_shop() shop2 = get_shop(identifier="shop2") staff = create_random_user(is_staff=True) shop1.staff_members.add(staff) shop2.staff_members.add(staff) view = ObjectSelectorView.as_view() model_name = "shuup.%s" % contact_cls._meta.model_name customer = contact_cls.objects.create(name="Michael Jackson", email="*****@*****.**") customer_shop1 = contact_cls.objects.create(name="Roberto", email="*****@*****.**") customer_shop2 = contact_cls.objects.create(name="Maria", email="*****@*****.**") permission_group = get_default_permission_group() staff.groups.add(permission_group) permission_name = "%s.object_selector" % contact_cls._meta.model_name set_permissions_for_group(permission_group, [permission_name]) results = _get_object_selector_results(rf, view, model_name, "michael", staff) assert len(results) == 0 customer.add_to_shop(shop1) customer.add_to_shop(shop2) customer_shop1.add_to_shop(shop1) customer_shop2.add_to_shop(shop2) for shop in [shop1, shop2]: results = _get_object_selector_results(rf, view, model_name, "michael", staff, shop=shop) assert len(results) == 1 assert results[0].get("id") == customer.id assert results[0].get("name") == customer.name results = _get_object_selector_results(rf, view, model_name, "roberto", staff, shop=shop) if shop == shop1: assert len(results) == 1 assert results[0].get("id") == customer_shop1.id assert results[0].get("name") == customer_shop1.name else: assert len(results) == 0 results = _get_object_selector_results(rf, view, model_name, "maria", staff, shop=shop) if shop == shop2: assert len(results) == 1 assert results[0].get("id") == customer_shop2.id assert results[0].get("name") == customer_shop2.name else: assert len(results) == 0
def test_order_shipments(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers.set([supplier1]) product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers.set([supplier2]) product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 assert len(context["set_sent_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 assert len(context["set_sent_urls"].keys()) == 0 set_permissions_for_group(group, [ "order.create-shipment", "order.delete-shipment", "order.set-shipment-sent" ]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 assert len(context["set_sent_urls"].keys()) == 3 # works fine while rendering rendered_content = loader.render_to_string(ShipmentSection.template, context={ ShipmentSection.identifier: context, "order": order, }) all_urls = list(context["delete_urls"].values()) all_urls.extend(list(context["set_sent_urls"].values())) for url in all_urls: assert url in rendered_content assert order.get_sent_shipments().count() == 0 order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 3 client = Client() client.force_login(admin_user) # mark all shipments as sent! for mark_sent_url in context["set_sent_urls"].values(): response = client.post(mark_sent_url) assert response.status_code == 302 assert order.get_sent_shipments().count() == 3 order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 0 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # list all shipments in shipments list view response = client.get("{}?jq={}".format( reverse("shuup_admin:order.shipments.list"), json.dumps({ "perPage": 10, "page": 1 }))) assert response.status_code == 200 data = json.loads(response.content) assert len(data["items"]) == 3 for item in data["items"]: assert item["status"] == "Sent" # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)
def test_edit_button_no_permission(browser, admin_user, live_server, settings): shop = get_default_shop() manager_group = Group.objects.create(name="Managers") manager = create_random_user("en", is_staff=True) manager.username = "******" manager.set_password("password") manager.save() manager.groups.add(manager_group) shop.staff_members.add(manager) # add permissions for Product admin module manager_permissions = set(["dashboard", "Products", "shop_product.new"]) set_permissions_for_group(manager_group, manager_permissions) get_default_product_type() get_default_sales_unit() get_default_tax_class() initialize_admin_browser_test(browser, live_server, settings, username=manager.username) url = reverse("shuup_admin:shop_product.new") browser.visit("%s%s" % (live_server, url)) sku = "testsku" name = "Some product name" price_value = 10 short_description = "short but gold" browser.fill("base-sku", sku) browser.fill("base-name__en", name) browser.fill("base-short_description__en", short_description) browser.fill("shop%s-default_price_value" % shop.pk, price_value) wait_until_appeared(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) click_element(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") # no permission to add category with browser.get_iframe('create-object-iframe') as iframe: error = "Can't view this page. You do not have the required permissions: category.new" wait_until_condition(iframe, condition=lambda x: x.is_text_present(error)) # close iframe click_element(browser, "#create-object-overlay a.close-btn") # add permission to add category manager_permissions.add("category.new") manager_permissions.add("category.edit") set_permissions_for_group(manager_group, manager_permissions) # click to add category again click_element(browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") # add the category with browser.get_iframe('create-object-iframe') as iframe: assert Category.objects.count() == 0 wait_until_appeared(iframe, "input[name='base-name__en']") iframe.fill("base-name__en", "Test Category") time.sleep(3) # Let's just wait here to the iFrame to open fully (for Chrome and headless) wait_until_appeared(iframe, "button[form='category_form']") click_element(browser, "button[form='category_form']") wait_until_condition(browser, condition=lambda x: Category.objects.count() == 1, timeout=20) assert Category.objects.first().name == "Test Category" # remove the edit category permissions # add permission to add category manager_permissions.remove("category.edit") set_permissions_for_group(manager_group, manager_permissions) # click to edit the button click_element(browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id) # no permission to edit category with browser.get_iframe('create-object-iframe') as iframe: error = "Can't view this page. You do not have the required permission(s): category.edit" wait_until_condition(iframe, condition=lambda x: x.is_text_present(error)) # close iframe click_element(browser, "#create-object-overlay a.close-btn") manager_permissions.add("category.edit") set_permissions_for_group(manager_group, manager_permissions) click_element(browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") new_cat_name = "Changed Name" with browser.get_iframe('create-object-iframe') as iframe: wait_until_appeared(iframe, "input[name='base-name__en']") iframe.fill("base-name__en", new_cat_name) time.sleep(3) # Let's just wait here to the iFrame to open fully (for Chrome and headless) wait_until_appeared(iframe, "button[form='category_form']") click_element(browser, "button[form='category_form']") wait_until_condition(browser, condition=lambda x: Category.objects.first().name == new_cat_name, timeout=20)
def test_order_shipment_section(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers.set([supplier1]) product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers.set([supplier2]) product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)
def save(self): obj = super(PermissionGroupForm, self).save() obj.user_set = set(self.cleaned_data["members"]) set_permissions_for_group(obj.pk, self.cleaned_data["permissions"]) return obj
def test_edit_button_no_permission(browser, admin_user, live_server, settings): shop = get_default_shop() manager_group = Group.objects.create(name="Managers") manager = create_random_user("en", is_staff=True) manager.username = "******" manager.set_password("password") manager.save() manager.groups.add(manager_group) shop.staff_members.add(manager) # add permissions for Product admin module manager_permissions = set(["dashboard", "Products", "shop_product.new"]) set_permissions_for_group(manager_group, manager_permissions) get_default_product_type() get_default_sales_unit() get_default_tax_class() initialize_admin_browser_test(browser, live_server, settings, username=manager.username) url = reverse("shuup_admin:shop_product.new") browser.visit("%s%s" % (live_server, url)) sku = "testsku" name = "Some product name" price_value = 10 short_description = "short but gold" browser.fill("base-sku", sku) browser.fill("base-name__en", name) browser.fill("base-short_description__en", short_description) browser.fill("shop%s-default_price_value" % shop.pk, price_value) wait_until_appeared( browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) click_element( browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") # no permission to add category with browser.get_iframe("create-object-iframe") as iframe: error = "Can't view this page. You do not have the required permissions: category.new" wait_until_condition(iframe, condition=lambda x: x.is_text_present(error)) # close iframe click_element(browser, "#create-object-overlay a.close-btn") # add permission to add category manager_permissions.add("category.new") manager_permissions.add("category.edit") set_permissions_for_group(manager_group, manager_permissions) # click to add category again click_element( browser, "#id_shop%d-primary_category ~ .quick-add-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") # add the category with browser.get_iframe("create-object-iframe") as iframe: assert Category.objects.count() == 0 wait_until_appeared(iframe, "input[name='base-name__en']") iframe.fill("base-name__en", "Test Category") time.sleep( 3 ) # Let's just wait here to the iFrame to open fully (for Chrome and headless) wait_until_appeared(iframe, "button[form='category_form']") click_element(browser, "button[form='category_form']") wait_until_condition(browser, condition=lambda x: Category.objects.count() == 1, timeout=20) assert Category.objects.first().name == "Test Category" # remove the edit category permissions # add permission to add category manager_permissions.remove("category.edit") set_permissions_for_group(manager_group, manager_permissions) # click to edit the button click_element( browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id) # no permission to edit category with browser.get_iframe("create-object-iframe") as iframe: error = "Can't view this page. You do not have the required permission(s): `category.edit`." wait_until_condition(iframe, condition=lambda x: x.is_text_present(error)) # close iframe click_element(browser, "#create-object-overlay a.close-btn") manager_permissions.add("category.edit") set_permissions_for_group(manager_group, manager_permissions) click_element( browser, "#id_shop%d-primary_category ~ .edit-object-btn a.btn" % shop.id) wait_until_appeared(browser, "#create-object-iframe") new_cat_name = "Changed Name" with browser.get_iframe("create-object-iframe") as iframe: wait_until_appeared(iframe, "input[name='base-name__en']") iframe.fill("base-name__en", new_cat_name) time.sleep( 3 ) # Let's just wait here to the iFrame to open fully (for Chrome and headless) wait_until_appeared(iframe, "button[form='category_form']") click_element(browser, "button[form='category_form']") wait_until_condition( browser, condition=lambda x: Category.objects.first().name == new_cat_name, timeout=20)
def test_order_shipment_section(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers = [supplier1] product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers = [supplier2] product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)