def test_model_url_with_permissions():
permissions = set(
["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
shop = get_default_shop()
p = get_default_product()
# If no user is given, don't check for permissions
assert get_model_url(p, shop=shop)
# If a user is given and no permissions are provided, check for default model permissions
user = StaffUser()
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user, shop=shop)
# If a user is given and permissions are provided, check for those permissions
assert get_model_url(p, user=user, required_permissions=(), shop=shop)
with pytest.raises(NoModelUrl):
assert get_model_url(p,
user=user,
required_permissions=["shuup.add_product"],
shop=shop)
# Confirm that url is returned with correct permissions
user.permissions = permissions
assert get_model_url(p, user=user, shop=shop)
assert get_model_url(p,
user=user,
required_permissions=permissions,
shop=shop)
def test_permissions_for_menu_entries(rf, admin_user):
permissions = set(
["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
request = rf.get("/")
request.user = StaffUser()
request.user.permissions = permissions
with replace_modules([ARestrictedTestModule]):
modules = [m for m in get_modules()]
assert request.user.permissions == modules[0].get_required_permissions(
)
categories = get_menu_entry_categories(request)
assert categories
# Make sure category is displayed if user has correct permissions
test_category_menu_entries = [
cat for cat in categories if cat.name == "RestrictedTest"
][0]
assert any(me.text == "OK" for me in test_category_menu_entries)
# No menu items should be displayed if user has no permissions
request.user.permissions = []
categories = get_menu_entry_categories(request)
assert not categories
def test_url_auth(rf):
def did_disallow(view, request):
try:
return isinstance(view(request), HttpResponseRedirect)
except Problem as prob:
return True # Problems are fine here
with replace_modules([ATestModule]):
urls = dict((u.name, u) for u in get_module_urls())
request = rf.get("/")
request.user = AnonymousUser()
assert did_disallow(urls["test-auth"].callback, request)
assert did_disallow(urls["test-perm"].callback, request)
assert not did_disallow(urls["test-unauth"].callback, request)
request.user = AuthenticatedUser()
assert did_disallow(urls["test-auth"].callback, request)
assert did_disallow(urls["test-perm"].callback, request)
assert not did_disallow(urls["test-unauth"].callback, request)
request.user = StaffUser()
assert not did_disallow(urls["test-auth"].callback, request)
assert did_disallow(urls["test-perm"].callback, request)
assert not did_disallow(urls["test-unauth"].callback, request)
request.user = SuperUser() # Can access all
assert not did_disallow(urls["test-auth"].callback, request)
assert not did_disallow(urls["test-perm"].callback, request)
assert not did_disallow(urls["test-unauth"].callback, request)
def test_dashboard_blocks_permissions(rf, client):
with replace_modules([ARestrictedTestModule]):
permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
request = rf.get("/")
request.user = StaffUser()
request.session = client.session
view = DashboardView(request=request)
assert not view.get_context_data()["blocks"]
request.user.permissions = permissions
view = DashboardView(request=request)
assert view.get_context_data()["blocks"]
def test_toolbar_button_permissions(rf, button_class, kwargs):
permissions = set(
["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
request = rf.get("/")
request.user = StaffUser()
button = button_class(required_permissions=permissions, **kwargs)
rendered_button = "".join(bit for bit in button.render(request))
assert not rendered_button
request.user.permissions = permissions
rendered_button = "".join(bit for bit in button.render(request))
assert rendered_button
def test_model_url_with_permissions():
permissions = set(["shuup.add_product", "shuup.delete_product", "shuup.change_product"])
p = get_default_product()
# If no user is given, don't check for permissions
assert get_model_url(p)
# If a user is given and no permissions are provided, check for default model permissions
user = StaffUser()
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user)
# If a user is given and permissions are provided, check for those permissions
assert get_model_url(p, user=user, required_permissions=())
with pytest.raises(NoModelUrl):
assert get_model_url(p, user=user, required_permissions=["shuup.add_product"])
# Confirm that url is returned with correct permissions
user.permissions = permissions
assert get_model_url(p, user=user)
assert get_model_url(p, user=user, required_permissions=permissions)
