diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2024-10-23 18:51:15 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:43:48 +0100 |
| commit | 6f59b9e36a0971b3deb44562062a878eb26beedf (patch) | |
| tree | e22db164f77fc0ba6e30a539350bb5a37f36f5a6 /archaeological_finds/tests.py | |
| parent | be063a7032971db7c00a160595e69e1e67dd2c9f (diff) | |
| download | Ishtar-6f59b9e36a0971b3deb44562062a878eb26beedf.tar.bz2 Ishtar-6f59b9e36a0971b3deb44562062a878eb26beedf.zip | |
✨ permissions refactoring: generate permissions, adapt permissions checks
Diffstat (limited to 'archaeological_finds/tests.py')
| -rw-r--r-- | archaeological_finds/tests.py | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/archaeological_finds/tests.py b/archaeological_finds/tests.py index 16fb575c7..5df18cf64 100644 --- a/archaeological_finds/tests.py +++ b/archaeological_finds/tests.py @@ -27,7 +27,7 @@ from rest_framework.test import APITestCase from rest_framework.authtoken.models import Token from django.conf import settings -from django.contrib.auth.models import User, Permission, ContentType +from django.contrib.auth.models import User, Permission, ContentType, Group from django.core.files import File from django.core.files.uploadedfile import SimpleUploadedFile from django.db.utils import IntegrityError @@ -1923,23 +1923,42 @@ class FindPermissionTest(FindInit, TestCase): model = models.Find def setUp(self): - self.username, self.password, self.user = create_superuser() - self.alt_username, self.alt_password, self.alt_user = create_user() + profile_type = ProfileType.objects.create( + label="xxCollaborateur", + txt_idx="xxcollaborator", + ) + gp = Group.objects.create(name="xxMobilier rattachées : voir et modification") ct_find = ContentType.objects.get( app_label="archaeological_finds", model="find" ) - self.alt_user.user_permissions.add( - Permission.objects.get(codename="view_own_find", content_type=ct_find) + gp.permissions.add( + Permission.objects.get( + codename="view_own_find", + content_type=ct_find + ) ) - self.alt_user.user_permissions.add( - Permission.objects.get(codename="change_own_find", content_type=ct_find) + gp.permissions.add( + Permission.objects.get( + codename="change_own_find", + content_type=ct_find + ) ) + profile_type.groups.add(gp) + + self.username, self.password, self.user = create_superuser() + self.alt_username, self.alt_password, self.alt_user = create_user() + profile = UserProfile.objects.create( + profile_type=profile_type, + person=self.alt_user.ishtaruser.person, + current=True, + ) + # nosec: hard coded password for test purposes self.alt_username2, self.alt_password2, self.alt_user2 = create_user( # nosec username="luke", password="iamyourfather" ) profile = UserProfile.objects.create( - profile_type=ProfileType.objects.get(txt_idx="collaborator"), + profile_type=profile_type, person=self.alt_user2.ishtaruser.person, current=True, ) @@ -1973,6 +1992,9 @@ class FindPermissionTest(FindInit, TestCase): self.find_2 = self.finds[-1] self.operations[-1].towns.add(town) + self.alt_user.ishtaruser.generate_permission() + self.alt_user2.ishtaruser.generate_permission() + def test_own_search(self): # no result when no authentification c = Client() @@ -1985,7 +2007,7 @@ class FindPermissionTest(FindInit, TestCase): response = c.get(reverse("get-find")) # only one "own" context record available content = response.content.decode() - self.assertTrue(json.loads(content)) + self.assertTrue(content) self.assertEqual(json.loads(content)["recordsTotal"], 1) # area filter |