from django.test import TestCase, Client from interface import models, utils from django.contrib.auth.models import User from django.utils import timezone from datetime import timedelta class AccessTestCase(TestCase): @classmethod def setUpTestData(cls): admin = User.objects.create_user(username='admin', password='foobar', is_superuser=True, is_staff=True) homer = User.objects.create_user(username='homer', password='maggie') now = timezone.now() b_sharps = models.Ensemble.objects.create(name='The Be Sharps') b_sharps.admins.add(homer) bleeding_gums = models.Ensemble.objects.create(name='Lisa and the Bleeding Gums', slug='bleeding-gums') party_posse = models.Ensemble.objects.create(name="Party Posse", slug='party-posse') bleeding_gums.projects.create(name='Baker St', event_date=now-timedelta(days=12)) party_posse.projects.create(name='Navy Recruitment Day', event_date=now+timedelta(days=6)) b_sharps.projects.create(name='Baby on Board', event_date=now+timedelta(days=28)) bleeding_gums.projects.create(name='Open Mic Night', event_date=now+timedelta(hours=1)) def test_admin_ensembles(self): self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) response = self.client.get('/ensembles') self.assertObjectList(response, ['Lisa and the Bleeding Gums', 'Party Posse', 'The Be Sharps']) self.assertContains(response, 'Django Admin') def test_admin_ensemble_permissions(self): self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) response = self.client.get('/ensembles/party-posse') self.assertTrue(response.context['request'].is_admin) self.assertContains(response, "Add project") self.assertAccess({ '/ensembles/the-be-sharps': True, '/ensembles/bleeding-gums': True, '/ensembles/party-posse': True, '/ensembles/unknown': False, '/ensembles/the-be-sharps/new-project': True, }) def test_admin_projects(self): self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) response = self.client.get('/projects') self.assertObjectList(response, ['Open Mic Night', 'Navy Recruitment Day', 'Baby on Board']) self.assertObjectList(self.client.get('/ensembles/bleeding-gums'), ['Open Mic Night']) self.assertObjectList(self.client.get('/ensembles/bleeding-gums?inactive'), ['Open Mic Night', 'Baker St']) def test_user_ensembles(self): self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) response = self.client.get('/ensembles') self.assertObjectList(response, ['The Be Sharps']) self.assertNotContains(response, 'Django Admin') def test_user_ensemble_permissions(self): self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) response = self.client.get('/ensembles/the-be-sharps') self.assertTrue(response.context['request'].is_admin) self.assertContains(response, "Add project") self.assertContains(response, 'Show all') self.assertAccess({ '/ensembles/the-be-sharps': True, '/ensembles/bleeding-gums': False, '/ensembles/party-posse': False, '/ensembles/the-be-sharps/new-project': True, '/ensembles/party-posse/new-project': False, }) self.authorize(models.Ensemble, slug='bleeding-gums') self.assertAccess({ '/ensembles/the-be-sharps': True, '/ensembles/bleeding-gums': True, '/ensembles/party-posse': False, '/ensembles/the-be-sharps/new-project': True, '/ensembles/party-posse/new-project': False, }) response = self.client.get('/ensembles/bleeding-gums') self.assertFalse(response.context['request'].is_admin) self.assertNotContains(response, 'Add project') self.assertNotContains(response, 'Show all') def test_user_projects(self): self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) response = self.client.get('/projects') self.assertObjectList(response, ['Baby on Board']) response = self.client.get('/projects/3') self.assertTrue(response.context['request'].is_admin) self.assertAccess({ '/projects/3': True, '/projects/3/resources': True, '/projects/3/resources/add': True, '/projects/4': False, '/projects/4/resources': False, '/projects/4/resources/add': False, }) self.authorize(models.Project, pk=4) response = self.client.get('/projects') self.assertObjectList(response, ['Open Mic Night', 'Baby on Board']) response = self.client.get('/projects/4') self.assertFalse(response.context['request'].is_admin) def test_anon_ensembles(self): response = self.client.get('/ensembles') self.assertObjectList(response, []) self.assertContains(response, 'You don\'t currently have access to any ensembles') def test_anon_authorized_ensemble(self): self.authorize(models.Ensemble, slug='party-posse') response = self.client.get('/ensembles/party-posse') self.assertContains(response, 'Party Posse') response = self.client.get('/ensembles') self.assertObjectList(response, ['Party Posse']) self.assertAccess({ '/ensembles/the-be-sharps': False, '/ensembles/party-posse': True, '/ensembles/bleeding-gums': False, '/ensembles/unknown': False, }) response = self.client.get('/projects') self.assertObjectList(response, ['Navy Recruitment Day']) def test_anon_authorized_project(self): self.authorize(models.Project, pk=4) self.assertObjectList(self.client.get('/projects'), ['Open Mic Night']) self.assertObjectList(self.client.get('/ensembles'), ['Lisa and the Bleeding Gums']) self.assertAccess({ '/projects/4': True, '/projects/4/resources': True, '/projects/1': False, '/projects/1/resources': False, }) def test_anon_permission_denied(self): self.assertAccess({ '/ensembles': True, '/ensembles/the-be-sharps': False, '/ensembles/party-posse': False, '/ensembles/bleeding-gums': False, '/ensembles/unknown': False, }) def authorize(self, model, **kwargs): object = model.objects.get(**kwargs) response = self.client.get(f'{object.get_absolute_url()}?auth={object.auth()}') self.assertEqual(response.status_code, 302) def assertAccess(self, urls): for url, expected in urls.items(): response = self.client.get(url) self.assertEqual(response.status_code == 200, expected, f"Expected {expected} for {url} (status: {response.status_code})") def assertObjectList(self, response, expected, element='name'): self.assertEqual(response.status_code, 200, "No result returned") objects = response.context['object_list'].values_list(element, flat=True) self.assertEqual(list(objects), expected) """ def test_redirect(self): self.skipTest("No redirect") response = self.client.get('/') self.assertRedirects(response, '/register?') def test_redirect_project(self): response = self.client.get('/projects/1') self.assertEqual(response.status_code, 404) #def test_redirect_with_code(self): # response = self.client.get('/?code=123-456-789') # self.assertRedirects(response, '/register?code=123-456-789') def test_register(self): response = self.client.get('/ensembles/1') self.assertEqual(response.status_code, 404) url = utils.signed_url('register', group='ensemble', pk=1) response = self.client.get(url + "i") self.assertEqual(response.status_code, 400) response = self.client.get(url) self.assertRedirects(response, '/ensembles/1') response = self.client.get('/ensembles/1') self.assertEqual(response.context['object'].pk, 1) response = self.client.get('/projects/1', ) def old_test_register(self): response = self.client.post('/register', {'code': '123-456-789', }) self.assertFormError(response, 'form', 'passphrase', 'This field is required.') response = self.client.post('/register', {'code': '123-456-789', 'passphrase': 'Foo'}) self.assertFormError(response, 'form', None, 'Incorrect code or passphrase') response = self.client.post('/register', {'code': '12-34', 'passphrase': 'Homer'}) self.assertRedirects(response, '/') response = self.client.get(response.url) self.assertEqual(response.context['object'].pk, 1) # revisting original url get redirected back to homepage response = self.client.get('/?code=12-34') response = self.client.get(response.url) response = self.client.get(response.url) self.assertEqual(response.context['object'].pk, 1) # providing a new code response = self.client.get('/?code=23-45') self.assertRedirects(response, '/register?code=23-45') response = self.client.get(response.url) #self.assertQuerysetEqual(response.context['current'], ['']) #self.assertEqual(response.context['form'].code.initial, 'foo') response = self.client.post('/register', {'code': '23-45', 'passphrase': 'maggie'}) self.assertRedirects(response, '/') response = self.client.get('/') self.assertEqual(response.context['object'].pk, 2) # can use previous link to switch back without passphrase response = self.client.get('/?code=12-34') response = self.client.get(response.url) response = self.client.get(response.url) self.assertEqual(response.context['object'].pk, 1) """