nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test(settings): view permission check for user settings

Browse Source 
!18 #48 #15
This commit is contained in:
Jon Lockwood
2024-06-06 01:20:50 +09:30
parent f053b9c6a8
commit b24cf33207
1 changed files with 153 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
app/settings/tests/user_settings/test_user_settings_permissions.py Normal file
View File

@ -0,0 +1,153 @@
import pytest
import unittest
import requests
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
from access.models import Organization, Team, TeamUsers, Permission
from settings.models.user_settings import UserSettings
class UserSettingsPermissions(TestCase):
model = UserSettings
model_name = 'usersettings'
app_label = 'settings'
@classmethod
def setUpTestData(self):
"""Setup Test
1. Create an organization for user and item
. create an organization that is different to item
2. Create a device
3. create teams with each permission: view, add, change, delete
4. create a user per team
"""
organization = Organization.objects.create(name='test_org')
self.organization = organization
different_organization = Organization.objects.create(name='test_different_organization')
view_permissions = Permission.objects.get(
codename = 'view_' + self.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
)
)
view_team = Team.objects.create(
team_name = 'view_team',
organization = organization,
)
view_team.permissions.set([view_permissions])
self.no_permissions_user = User.objects.create_user(username="test_no_permissions", password="password")
self.view_user = User.objects.create_user(username="test_user_view", password="password")
teamuser = TeamUsers.objects.create(
team = view_team,
user = self.view_user
)
self.different_organization_user = User.objects.create_user(username="test_different_organization_user", password="password")
different_organization_team = Team.objects.create(
team_name = 'different_organization_team',
organization = different_organization,
)
different_organization_team.permissions.set([
view_permissions,
])
TeamUsers.objects.create(
team = different_organization_team,
user = self.different_organization_user
)
self.item = self.model.objects.get(
user=self.view_user,
)
def test_user_settings_auth_view_user_anon_denied(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse('_settings_user', kwargs={'pk': self.view_user.id})
response = client.get(url)
assert response.status_code == 403
def test_user_settings_auth_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse('_settings_user', kwargs={'pk': self.view_user.id})
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_device_auth_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse('_settings_user', kwargs={'pk': self.view_user.id})
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_device_auth_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse('_settings_user', kwargs={'pk': self.view_user.id})
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200