feat(access): during organization permission check, check to ensure user is logged on
!13
This commit is contained in:
@ -1,5 +1,5 @@
|
||||
|
||||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||
from django.contrib.auth.mixins import AccessMixin, PermissionRequiredMixin
|
||||
from django.contrib.auth.models import Group
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.utils.functional import cached_property
|
||||
@ -148,13 +148,16 @@ class OrganizationMixin():
|
||||
|
||||
|
||||
|
||||
class OrganizationPermission(OrganizationMixin):
|
||||
class OrganizationPermission(AccessMixin, OrganizationMixin):
|
||||
"""checking organization membership"""
|
||||
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
self.request = request
|
||||
|
||||
if not request.user.is_authenticated:
|
||||
return self.handle_no_permission()
|
||||
|
||||
if hasattr(self, 'get_object'):
|
||||
|
||||
if not self.has_permission() and not request.user.is_superuser:
|
||||
|
||||
@ -172,7 +172,7 @@ class OrganizationPermissions(TestCase):
|
||||
|
||||
response = client.get(url)
|
||||
|
||||
assert response.status_code == 403
|
||||
assert response.status_code == 302 and response.url.startswith('/account/login')
|
||||
|
||||
|
||||
def test_organization_auth_view_no_permission_denied(self):
|
||||
@ -326,11 +326,7 @@ class OrganizationPermissions(TestCase):
|
||||
|
||||
response = client.patch(url, data={'device': 'device'})
|
||||
|
||||
assert (
|
||||
response.status_code == 302
|
||||
or
|
||||
response.status_code == 403
|
||||
)
|
||||
assert response.status_code == 302 and response.url.startswith('/account/login')
|
||||
|
||||
|
||||
def test_organization_auth_change_no_permission_denied(self):
|
||||
|
||||
@ -34,30 +34,7 @@ def test_require_login_organizations():
|
||||
|
||||
response = client.get(url)
|
||||
|
||||
assert response.status_code == 302
|
||||
|
||||
@pytest.mark.skip(reason="to be re-written for orgmixin")
|
||||
@pytest.mark.django_db
|
||||
def test_require_login_organization_pk(organization):
|
||||
"""Ensure login is required to view an organization"""
|
||||
client = Client()
|
||||
url = reverse('Access:_organization', kwargs={'organization_id': 1})
|
||||
|
||||
response = client.get(url)
|
||||
|
||||
assert response.status_code == 302
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_login_view_organizations_no_permission(user):
|
||||
"""Some docstring defining what the test is checking."""
|
||||
client = Client()
|
||||
url = reverse('Access:Organizations')
|
||||
client.force_login(user)
|
||||
|
||||
response = client.get(url)
|
||||
|
||||
assert response.status_code == 403
|
||||
assert response.status_code == 302 and response.url.startswith('/account/login')
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="to be written")
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
from django.contrib.auth import decorators as auth_decorator
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.views import generic
|
||||
|
||||
@ -9,7 +8,9 @@ from access.models import *
|
||||
|
||||
|
||||
class IndexView(OrganizationPermission, generic.ListView):
|
||||
permission_required = 'access.view_organization'
|
||||
permission_required = [
|
||||
'access.view_organization'
|
||||
]
|
||||
template_name = 'access/index.html.j2'
|
||||
context_object_name = "organization_list"
|
||||
|
||||
@ -64,12 +65,12 @@ class View(OrganizationPermission, generic.UpdateView):
|
||||
|
||||
|
||||
|
||||
class Change(LoginRequiredMixin, OrganizationPermission, generic.DetailView):
|
||||
class Change(OrganizationPermission, generic.DetailView):
|
||||
pass
|
||||
|
||||
|
||||
|
||||
class Delete(LoginRequiredMixin, OrganizationPermission, generic.DetailView):
|
||||
class Delete(OrganizationPermission, generic.DetailView):
|
||||
pass
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user