feat(access): during organization permission check, check to ensure user is logged on

!13

app/itam/tests/device/test_device_permission.py

@@ -171,7 +171,7 @@ class DevicePermissions(TestCase):
 
         response = client.get(url)
 
-        assert response.status_code == 403
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_device_auth_view_no_permission_denied(self):
@@ -235,11 +235,7 @@ class DevicePermissions(TestCase):
 
         response = client.put(url, data={'device': 'device'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
     # @pytest.mark.skip(reason="ToDO: figure out why fails")
     def test_device_auth_add_no_permission_denied(self):
@@ -320,11 +316,7 @@ class DevicePermissions(TestCase):
 
         response = client.patch(url, data={'device': 'device'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_device_auth_change_no_permission_denied(self):
@@ -420,11 +412,7 @@ class DevicePermissions(TestCase):
 
         response = client.delete(url, data={'device': 'device'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_device_auth_delete_no_permission_denied(self):

app/itam/tests/operating_system/test_operating_system_permission.py

@@ -171,7 +171,7 @@ class OperatingSystemPermissions(TestCase):
 
         response = client.get(url)
 
-        assert response.status_code == 403
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_operating_system_auth_view_no_permission_denied(self):
@@ -235,11 +235,7 @@ class OperatingSystemPermissions(TestCase):
 
         response = client.put(url, data={'operating_system': 'operating_system'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
     # @pytest.mark.skip(reason="ToDO: figure out why fails")
     def test_operating_system_auth_add_no_permission_denied(self):
@@ -320,12 +316,7 @@ class OperatingSystemPermissions(TestCase):
 
         response = client.patch(url, data={'operating_system': 'operating_system'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
-
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
     def test_operating_system_auth_change_no_permission_denied(self):
         """ Ensure permission view cant make change
@@ -420,11 +411,7 @@ class OperatingSystemPermissions(TestCase):
 
         response = client.delete(url, data={'operating_system': 'operating_system'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_operating_system_auth_delete_no_permission_denied(self):

app/itam/tests/software/test_software_permission.py

@@ -171,7 +171,7 @@ class SoftwarePermissions(TestCase):
 
         response = client.get(url)
 
-        assert response.status_code == 403
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_software_auth_view_no_permission_denied(self):
@@ -235,11 +235,7 @@ class SoftwarePermissions(TestCase):
 
         response = client.put(url, data={'software': 'software'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
     # @pytest.mark.skip(reason="ToDO: figure out why fails")
     def test_software_auth_add_no_permission_denied(self):
@@ -320,11 +316,7 @@ class SoftwarePermissions(TestCase):
 
         response = client.patch(url, data={'software': 'software'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_software_auth_change_no_permission_denied(self):
@@ -420,11 +412,7 @@ class SoftwarePermissions(TestCase):
 
         response = client.delete(url, data={'software': 'software'})
 
-        assert (
-            response.status_code == 302
-            or
-            response.status_code == 403
-        )
+        assert response.status_code == 302 and response.url.startswith('/account/login')
 
 
     def test_software_auth_delete_no_permission_denied(self):