diff options
author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-14 17:49:37 +0100 |
---|---|---|
committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:43:48 +0100 |
commit | 4f60b4805a7eac04c2a8ec2116a245dbeec3c822 (patch) | |
tree | 561f87e11ae60c96320523c80c6317ff8f1d2f99 /archaeological_finds/tests.py | |
parent | 94f357939957dc8a5de453224913dbecdc4dc9db (diff) | |
download | Ishtar-4f60b4805a7eac04c2a8ec2116a245dbeec3c822.tar.bz2 Ishtar-4f60b4805a7eac04c2a8ec2116a245dbeec3c822.zip |
✨ generate_permissions
manage:
- possession (direct, creation, basket)
- heritage
- areas association
- requests ({USER} special syntax)
Diffstat (limited to 'archaeological_finds/tests.py')
-rw-r--r-- | archaeological_finds/tests.py | 185 |
1 files changed, 183 insertions, 2 deletions
diff --git a/archaeological_finds/tests.py b/archaeological_finds/tests.py index 5df18cf64..e0532effc 100644 --- a/archaeological_finds/tests.py +++ b/archaeological_finds/tests.py @@ -95,7 +95,7 @@ from ishtar_common.tests import ( SearchText, ) from archaeological_operations.tests import ImportTest, create_operation, \ - create_administrativact + create_administrativact, TestPermissionRequest from archaeological_context_records.tests import ContextRecordInit from archaeological_operations.serializers import operation_serialization @@ -1918,11 +1918,12 @@ class FindAutocompleteTest(FindInit, TestCase): self.assertEqual(res[2]["id"], find4.pk) # 12 - contains -class FindPermissionTest(FindInit, TestCase): +class FindOldPermissionTest(FindInit, TestCase): fixtures = FIND_FIXTURES model = models.Find def setUp(self): + print("Theses tests should fail on v5") profile_type = ProfileType.objects.create( label="xxCollaborateur", txt_idx="xxcollaborator", @@ -2021,6 +2022,186 @@ class FindPermissionTest(FindInit, TestCase): self.assertEqual(json.loads(content)["recordsTotal"], 1) +class FindPermissionTest(FindInit, TestPermissionRequest, TestCase): + fixtures = FIND_FIXTURES + model = models.Find + + def setUp(self): + self.setup_permission_requests( + "find", + "find", + permissions=["view_own_find", "change_own_find"], + perm_requests=['id="new-*"', 'excavator="{USER}"'] + ) + + self.users = {} + username, password, user = create_superuser() + self.users["superuser"] = (username, password, user) + + upstream_username, upstream_password, upstream_user = create_user( + username="up", password="up" + ) + UserProfile.objects.create( + profile_type=self.profile_types["find_upstream"], + person=upstream_user.ishtaruser.person, + current=True, + ) + self.users["upstream"] = (upstream_username, upstream_password, upstream_user) + + # nosec: hard coded password for test purposes + areas_username, areas_password, areas_user = create_user( # nosec + username="luke", password="iamyourfather" + ) + profile = UserProfile.objects.create( + profile_type=self.profile_types["find_areas"], + person=areas_user.ishtaruser.person, + current=True, + ) + self.users["areas"] = ( + areas_username, areas_password, areas_user + ) + + town = Town.objects.create(name="Tatouine", numero_insee="66000") + area = Area.objects.create(label="Galaxie", txt_idx="galaxie") + area.towns.add(town) + profile.areas.add(area) + + self.orgas = self.create_orgas(user) + self.create_operation(user, self.orgas[0]) + self.create_operation(areas_user, self.orgas[0]) + + self.create_context_record( + user=user, data={"label": "CR 1", "operation": self.operations[0]} + ) + self.create_context_record( + user=areas_user, data={"label": "CR 2", "operation": self.operations[1]} + ) + self.cr_1 = self.context_records[-2] + self.cr_2 = self.context_records[-1] + + self.create_finds( + data_base={"context_record": self.cr_1}, user=user, force=True + ) + self.create_finds( + data_base={"context_record": self.cr_2}, user=areas_user, force=True + ) + + self.find_1 = self.finds[-2] + self.find_2 = self.finds[-1] + self.operations[-1].towns.add(town) + + self.operations[-1].context_record.all()[0].ishtar_users.add( + upstream_user.ishtaruser + ) + + associated_username, associated_password, associated_user = create_user( + username="as", password="as" + ) + UserProfile.objects.create( + profile_type=self.profile_types["find_associated_items"], + person=associated_user.ishtaruser.person, + current=True, + ) + self.users["associated"] = ( + associated_username, associated_password, associated_user + ) + + # read permission + self.basket = models.FindBasket.objects.create( + label="My basket", + user=IshtarUser.objects.get(pk=user.pk), + ) + self.basket.items.add(self.find_1) + self.basket.shared_with.add(associated_user.ishtaruser) + + upstream_user.ishtaruser.generate_permission() + areas_user.ishtaruser.generate_permission() + associated_user.ishtaruser.generate_permission() + + def test_own_search(self): + # no result when no authentification + c = Client() + response = c.get(reverse("get-find")) + self.assertTrue(not response.content or not json.loads(response.content)) + + url = reverse("get-find") + + # possession of associated operation + # only one "own" context record available + self._test_search( + url, + 'possession', + self.users["upstream"], + 1 + ) + + # area filter + # only one "own" operation available + self._test_search( + url, + 'areas filter', + self.users["areas"], + 1 + ) + + # filter associated by basket + self._test_search( + url, + 'associated basket filter', + self.users["associated"], + 1 + ) + + def test_own_modify(self): + # no result when no authentification + c = Client() + response = c.get(reverse("find_modify", args=[self.cr_2.pk])) + self.assertRedirects(response, "/") + + modif_url = "/find_modification/find-find_modification" + + # upstream + c = Client() + upstream_username, upstream_password, upstream_user = self.users["upstream"] + c.login(username=upstream_username, password=upstream_password) + response = c.get(reverse("find_modify", args=[self.find_2.pk]), follow=True) + self.assertRedirects(response, modif_url) + response = c.get(modif_url) + + self.assertEqual(response.status_code, 200) + response = c.get(reverse("find_modify", args=[self.find_1.pk]), follow=True) + self.assertRedirects(response, "/") + + # area filter + c = Client() + areas_username, areas_password, areas_user = self.users["areas"] + c.login(username=areas_username, password=areas_password) + response = c.get(reverse("find_modify", args=[self.find_2.pk]), follow=True) + self.assertRedirects(response, modif_url) + response = c.get(modif_url) + self.assertEqual(response.status_code, 200) + response = c.get(reverse("find_modify", args=[self.find_1.pk]), follow=True) + self.assertRedirects(response, "/") + + # basket filter + c = Client() + basket_username, basket_password, basket_user = self.users["associated"] + c.login(username=basket_username, password=basket_password) + response = c.get(reverse("find_modify", args=[self.find_1.pk]), follow=True) + self.assertRedirects(response, "/") + + self.basket.shared_write_with.add(basket_user.ishtaruser) + basket_user.ishtaruser.generate_permission() + + response = c.get(reverse("find_modify", args=[self.find_1.pk]), follow=True) + self.assertRedirects(response, modif_url) + response = c.get(modif_url) + self.assertEqual(response.status_code, 200) + + response = c.get(reverse("find_modify", args=[self.find_2.pk]), follow=True) + self.assertRedirects(response, "/") + + class FindQATest(FindInit, TestCase): fixtures = WAREHOUSE_FIXTURES model = models.Find |