summaryrefslogtreecommitdiff
path: root/archaeological_operations/tests.py
diff options
context:
space:
mode:
authorÉtienne Loks <etienne.loks@iggdrasil.net>2025-02-14 17:49:37 +0100
committerÉtienne Loks <etienne.loks@iggdrasil.net>2025-02-19 14:43:48 +0100
commit4f60b4805a7eac04c2a8ec2116a245dbeec3c822 (patch)
tree561f87e11ae60c96320523c80c6317ff8f1d2f99 /archaeological_operations/tests.py
parent94f357939957dc8a5de453224913dbecdc4dc9db (diff)
downloadIshtar-4f60b4805a7eac04c2a8ec2116a245dbeec3c822.tar.bz2
Ishtar-4f60b4805a7eac04c2a8ec2116a245dbeec3c822.zip
✨ generate_permissions
manage: - possession (direct, creation, basket) - heritage - areas association - requests ({USER} special syntax)
Diffstat (limited to 'archaeological_operations/tests.py')
-rw-r--r--archaeological_operations/tests.py288
1 files changed, 282 insertions, 6 deletions
diff --git a/archaeological_operations/tests.py b/archaeological_operations/tests.py
index fa2471bbd..10bc52967 100644
--- a/archaeological_operations/tests.py
+++ b/archaeological_operations/tests.py
@@ -69,10 +69,8 @@ from ishtar_common.models import (
Town,
ImporterColumn,
ImportColumnValue,
+ PermissionRequest,
Person,
- Author,
- SourceType,
- AuthorType,
DocumentTemplate,
PersonType,
TargetKeyGroup,
@@ -2014,14 +2012,14 @@ class OperationInitTest(object):
self.parcels.pop(0)
return self.create_operation()[-1]
- def create_operation(self, user=None, orga=None):
+ def create_operation(self, user=None, orga=None, values=None):
if not orga:
self.get_default_orga(user)
if not user:
self.get_default_user()
if not getattr(self, "operations", None):
self.operations = []
- self.operations.append(create_operation(user, orga))
+ self.operations.append(create_operation(user, orga, values=values))
return self.operations
def get_default_operation(self, force=False, user=None):
@@ -3472,10 +3470,94 @@ class OperationSearchTest(TestCase, OperationInitTest, SearchText):
self.assertEqual(values["data"], expected_result)
-class OperationPermissionTest(TestCase, OperationInitTest):
+class TestPermissionRequest:
+ def setup_permission_requests(self, prefix, model_name, permissions,
+ perm_requests=None, create_profiles=True):
+ content_type = ContentType.objects.get(model=model_name)
+ if not hasattr(self, "permission_requests"):
+ self.permission_requests = {}
+ self.permission_requests.update({
+ f"{prefix}_associated_items": PermissionRequest.objects.create(
+ model=content_type,
+ request="",
+ include_associated_items=True,
+ include_upstream_items=False,
+ slug=f'{prefix}-associated_items'
+ ),
+ f"{prefix}_upstream": PermissionRequest.objects.create(
+ model=content_type,
+ request="",
+ include_associated_items=False,
+ include_upstream_items=True,
+ slug=f"{prefix}-upstream"
+ ),
+ f"{prefix}_areas": PermissionRequest.objects.create(
+ model=content_type,
+ request="",
+ include_associated_items=False,
+ include_upstream_items=False,
+ limit_to_attached_areas=True,
+ slug=f"{prefix}-areas"
+ ),
+ })
+ if perm_requests:
+ for idx, request in enumerate(perm_requests):
+ pr = PermissionRequest.objects.create(
+ model=content_type,
+ request=request,
+ include_associated_items=False,
+ include_upstream_items=False,
+ slug=f"{prefix}-req-{idx+1}"
+ )
+ self.permission_requests[f"{prefix}_request_{idx + 1}"] = pr
+ pr = PermissionRequest.objects.create(
+ model=content_type,
+ request=request,
+ include_associated_items=False,
+ include_upstream_items=False,
+ limit_to_attached_areas=True,
+ slug=f"{prefix}-req-areas-{idx+1}"
+ )
+ self.permission_requests[f"{prefix}_request_areas_{idx + 1}"] = pr
+ gp = Group.objects.create(name=f"{prefix}_xxx")
+ for permission in permissions:
+ for p in Permission.objects.filter(codename=permission).all():
+ gp.permissions.add(p)
+ if not create_profiles:
+ return
+ if not hasattr(self, "profile_types"):
+ self.profile_types = {}
+ for key in self.permission_requests.keys():
+ profile_type = ProfileType.objects.create(
+ label=key,
+ txt_idx=key,
+ )
+ profile_type.groups.add(gp)
+ profile_type.permission_requests.add(self.permission_requests[key])
+ self.profile_types[key] = profile_type
+
+ def _test_search(self, url, label, user, expected):
+ c = Client()
+ username, password, __ = user
+ c.login(username=username, password=password)
+ response = c.get(url)
+ content = response.content.decode()
+ if expected:
+ self.assertTrue(
+ json.loads(content),
+ f"search own test for {label}"
+ )
+ self.assertEqual(
+ json.loads(content)["recordsTotal"], expected,
+ f"search own test for {label} - {expected} expected"
+ )
+
+
+class OperationOldPermissionTest(TestCase, OperationInitTest):
fixtures = FILE_FIXTURES
def setUp(self):
+ print("Theses tests should fail on v5")
IshtarSiteProfile.objects.get_or_create(slug="default", active=True)
self.username, self.password, self.user = create_superuser()
@@ -3638,6 +3720,200 @@ class OperationPermissionTest(TestCase, OperationInitTest):
self.assertRedirects(response, "/")
+class OperationPermissionTest(TestCase, TestPermissionRequest, OperationInitTest):
+ fixtures = FILE_FIXTURES
+
+ def setUp(self):
+ IshtarSiteProfile.objects.get_or_create(slug="default", active=True)
+
+ self.setup_permission_requests(
+ "ope",
+ "operation",
+ permissions=["view_own_operation", "change_own_operation"],
+ )
+
+ self.users = {}
+ username, password, user = create_superuser()
+ self.users["superuser"] = (username, password, user)
+
+ # nosec: hard coded password for test purposes
+ associated_username, associated_password, associated_user = create_user( # nosec
+ username="vador", password="darth"
+ )
+ profile = UserProfile.objects.create(
+ profile_type=self.profile_types["ope_associated_items"],
+ person=associated_user.ishtaruser.person,
+ current=True,
+ )
+ self.users["associated"] = (
+ associated_username, associated_password, associated_user
+ )
+
+ # nosec: hard coded password for test purposes
+ areas_username, areas_password, areas_user = create_user( # nosec
+ username="luke", password="iamyourfather"
+ )
+ profile = UserProfile.objects.create(
+ profile_type=self.profile_types["ope_areas"],
+ person=areas_user.ishtaruser.person,
+ current=True,
+ )
+ self.users["areas"] = (
+ areas_username, areas_password, areas_user
+ )
+
+ town = Town.objects.create(name="Tatouine", numero_insee="66000")
+ area = Area.objects.create(label="Galaxie", txt_idx="galaxie")
+ area.towns.add(town)
+ profile.areas.add(area)
+
+ self.orgas = self.create_orgas(user)
+ self.create_operation(user, self.orgas[0])
+ self.operations = self.create_operation(user, self.orgas[0])
+ self.operations[1].towns.add(town)
+ self.item = self.operations[0]
+ associated_user.ishtaruser.generate_permission()
+
+ def test_permission_generation(self):
+ __, __, associated_user = self.users["associated"]
+ self.assertFalse(
+ associated_user.has_perm(
+ "archaeological_operations.change_own_operation",
+ self.operations[1]
+ )
+ )
+ self.assertFalse(
+ associated_user.has_perm(
+ "archaeological_operations.view_own_operation",
+ self.operations[1]
+ )
+ )
+ self.operations[1].ishtar_users.add(associated_user.ishtaruser)
+ associated_user.ishtaruser.generate_permission()
+ self.assertTrue(
+ associated_user.has_perm(
+ "archaeological_operations.view_own_operation",
+ self.operations[1]
+ )
+ )
+ self.assertTrue(
+ associated_user.has_perm(
+ "archaeological_operations.change_own_operation",
+ self.operations[1]
+ )
+ )
+ # general permission is assigned
+ self.assertTrue(
+ associated_user.has_perm(
+ "archaeological_operations.change_own_operation",
+ )
+ )
+ self.assertFalse(
+ associated_user.has_perm(
+ "archaeological_operations.change_own_operation",
+ self.operations[0]
+ )
+ )
+
+ def test_own_search(self):
+ # no result when no authentification
+ c = Client()
+ response = c.get(reverse("get-operation"), {"year": "2010"})
+ self.assertFalse(json.loads(response.content.decode()))
+
+ associated_username, associated_password, associated_user = self.users["associated"]
+ # possession
+ c = Client()
+ c.login(username=associated_username, password=associated_password)
+ response = c.get(reverse("get-operation"), {"year": "2010"})
+ content = json.loads(response.content.decode())
+ self.assertTrue(content)
+ self.assertEqual(content["recordsTotal"], 0)
+
+ self.operations[1].ishtar_users.add(associated_user.ishtaruser)
+ associated_user.ishtaruser.generate_permission()
+
+ response = c.get(reverse("get-operation"), {"year": "2010"})
+ # only one "own" operation available
+ content = json.loads(response.content.decode())
+ self.assertTrue(content)
+ self.assertEqual(content["recordsTotal"], 1)
+
+ operator_key = pgettext_lazy("key for text search", "operator")
+ response = c.get(reverse("get-operation"), {operator_key: self.orgas[0].name})
+ self.assertEqual(json.loads(response.content.decode())["recordsTotal"], 1)
+ response = c.get(
+ reverse("get-operation"),
+ {"search_vector": '{}="{}"'.format(operator_key, self.orgas[0].name)},
+ )
+ self.assertEqual(json.loads(response.content.decode())["recordsTotal"], 1)
+
+ # area filter
+ areas_username, areas_password, areas_user = self.users["areas"]
+ areas_user.ishtaruser.generate_permission()
+ c = Client()
+ c.login(username=areas_username, password=areas_password)
+ response = c.get(reverse("get-operation"), {"year": "2010"})
+ # only one "own" operation available
+ self.assertTrue(json.loads(response.content.decode()))
+ self.assertEqual(json.loads(response.content.decode())["recordsTotal"], 1)
+ response = c.get(reverse("get-operation"), {operator_key: self.orgas[0].name})
+ self.assertEqual(json.loads(response.content.decode())["recordsTotal"], 1)
+ response = c.get(
+ reverse("get-operation"),
+ {"search_vector": '{}="{}"'.format(operator_key, self.orgas[0].name)},
+ )
+ self.assertEqual(json.loads(response.content.decode())["recordsTotal"], 1)
+
+ def test_own_modify(self):
+ operation_pk1 = self.operations[0].pk
+ operation_pk2 = self.operations[1].pk
+
+ modif_url = "/operation_modification/general-operation_modification"
+
+ # no result when no authentification
+ c = Client()
+ response = c.get(reverse("operation_modify", args=[operation_pk2]))
+ self.assertRedirects(response, "/")
+
+ # possession
+ associated_username, associated_password, associated_user = self.users["associated"]
+ c = Client()
+ c.login(username=associated_username, password=associated_password)
+ associated_user.ishtaruser.generate_permission()
+ response = c.get(reverse("operation_modify", args=[operation_pk2]), follow=True)
+ self.assertRedirects(response, "/")
+
+ self.operations[1].ishtar_users.add(associated_user.ishtaruser)
+ associated_user.ishtaruser.generate_permission()
+ response = c.get(reverse("operation_modify", args=[operation_pk2]), follow=True)
+ self.assertRedirects(response, modif_url)
+
+ response = c.get(modif_url)
+ self.assertEqual(response.status_code, 200)
+ response = c.get(reverse("operation_modify", args=[operation_pk1]), follow=True)
+ self.assertRedirects(response, "/")
+
+ profile_type = ProfileType.objects.get(txt_idx="collaborator")
+ profile_type.groups.add(
+ Group.objects.get(
+ name="Opérations rattachées : " "modification/suppression"
+ )
+ )
+
+ # area filter
+ areas_username, areas_password, areas_user = self.users["areas"]
+ areas_user.ishtaruser.generate_permission()
+ c = Client()
+ c.login(username=areas_username, password=areas_password)
+ response = c.get(reverse("operation_modify", args=[operation_pk2]), follow=True)
+ self.assertRedirects(response, modif_url)
+ response = c.get(modif_url)
+ self.assertEqual(response.status_code, 200)
+ response = c.get(reverse("operation_modify", args=[operation_pk1]), follow=True)
+ self.assertRedirects(response, "/")
+
+
class LabelTest(TestCase, OperationInitTest):
fixtures = FILE_FIXTURES