Code

Ticket #6810: 6810-2.patch

File 6810-2.patch, 16.8 KB (added by rmyers, 6 years ago)

Cleaned up the test a little to improve readability

  • tests/regressiontests/admin_views/__init__.py

  • tests/regressiontests/admin_views/fixtures/admin-views-users.xml

     
     1<?xml version="1.0" encoding="utf-8"?> 
     2<django-objects version="1.0"> 
     3    <object pk="100" model="auth.user"> 
     4        <field type="CharField" name="username">super</field> 
     5        <field type="CharField" name="first_name">Super</field> 
     6        <field type="CharField" name="last_name">User</field> 
     7        <field type="CharField" name="email">super@example.com</field> 
     8        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> 
     9        <field type="BooleanField" name="is_staff">True</field> 
     10        <field type="BooleanField" name="is_active">True</field> 
     11        <field type="BooleanField" name="is_superuser">True</field> 
     12        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> 
     13        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> 
     14        <field to="auth.group" name="groups" rel="ManyToManyRel"></field> 
     15        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> 
     16    </object> 
     17    <object pk="101" model="auth.user"> 
     18        <field type="CharField" name="username">adduser</field> 
     19        <field type="CharField" name="first_name">Add</field> 
     20        <field type="CharField" name="last_name">User</field> 
     21        <field type="CharField" name="email">auser@example.com</field> 
     22        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> 
     23        <field type="BooleanField" name="is_staff">True</field> 
     24        <field type="BooleanField" name="is_active">True</field> 
     25        <field type="BooleanField" name="is_superuser">False</field> 
     26        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> 
     27        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> 
     28        <field to="auth.group" name="groups" rel="ManyToManyRel"></field> 
     29        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> 
     30    </object> 
     31    <object pk="102" model="auth.user"> 
     32        <field type="CharField" name="username">changeuser</field> 
     33        <field type="CharField" name="first_name">Change</field> 
     34        <field type="CharField" name="last_name">User</field> 
     35        <field type="CharField" name="email">cuser@example.com</field> 
     36        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> 
     37        <field type="BooleanField" name="is_staff">True</field> 
     38        <field type="BooleanField" name="is_active">True</field> 
     39        <field type="BooleanField" name="is_superuser">False</field> 
     40        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> 
     41        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> 
     42        <field to="auth.group" name="groups" rel="ManyToManyRel"></field> 
     43        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> 
     44    </object> 
     45    <object pk="103" model="auth.user"> 
     46        <field type="CharField" name="username">deleteuser</field> 
     47        <field type="CharField" name="first_name">Delete</field> 
     48        <field type="CharField" name="last_name">User</field> 
     49        <field type="CharField" name="email">duser@example.com</field> 
     50        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> 
     51        <field type="BooleanField" name="is_staff">True</field> 
     52        <field type="BooleanField" name="is_active">True</field> 
     53        <field type="BooleanField" name="is_superuser">False</field> 
     54        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> 
     55        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> 
     56        <field to="auth.group" name="groups" rel="ManyToManyRel"></field> 
     57        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> 
     58    </object> 
     59    <object pk="104" model="auth.user"> 
     60        <field type="CharField" name="username">joepublic</field> 
     61        <field type="CharField" name="first_name">Joe</field> 
     62        <field type="CharField" name="last_name">Public</field> 
     63        <field type="CharField" name="email">joepublic@example.com</field> 
     64        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> 
     65        <field type="BooleanField" name="is_staff">False</field> 
     66        <field type="BooleanField" name="is_active">True</field> 
     67        <field type="BooleanField" name="is_superuser">False</field> 
     68        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> 
     69        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> 
     70        <field to="auth.group" name="groups" rel="ManyToManyRel"></field> 
     71        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> 
     72    </object> 
     73    <object pk="1" model="admin_views.article"> 
     74        <field type="TextField" name="content">&lt;p&gt;test content&lt;/p&gt;</field> 
     75        <field type="DateTimeField" name="date">2008-03-18 11:54:58</field> 
     76    </object> 
     77</django-objects> 
     78 No newline at end of file 
  • tests/regressiontests/admin_views/models.py

     
     1from django.db import models 
     2from django.contrib import admin 
     3 
     4class Article(models.Model): 
     5    """An simple article to test admin views. Test backwards compabilty.""" 
     6    content = models.TextField() 
     7    date = models.DateTimeField() 
     8         
     9class ArticleAdmin(admin.ModelAdmin): 
     10        list_display = ('content', 'date') 
     11        list_filter = ('date',) 
     12         
     13admin.site.register(Article, ArticleAdmin) 
     14 No newline at end of file 
  • tests/regressiontests/admin_views/tests.py

     
     1 
     2from django.test import TestCase 
     3from django.contrib.auth.models import User, Permission 
     4from django.contrib.contenttypes.models import ContentType 
     5from django.contrib.admin.sites import LOGIN_FORM_KEY, _encode_post_data 
     6 
     7# local test models 
     8from models import Article 
     9 
     10def get_perm(Model, perm): 
     11    """Return the permission object, for the Model""" 
     12    ct = ContentType.objects.get_for_model(Model) 
     13    return Permission.objects.get(content_type=ct,codename=perm) 
     14     
     15 
     16class AdminViewPermissionsTest(TestCase): 
     17    """Tests for Admin Views Permissions.""" 
     18     
     19    fixtures = ['admin-views-users.xml'] 
     20     
     21    def setUp(self): 
     22        """Test setup.""" 
     23        # Setup permissions, for our users who can add, change, and delete.  
     24        # We can't put this into the fixture, because the content type id 
     25        # and the permission id could be different on each run of the test. 
     26         
     27        opts = Article._meta 
     28         
     29        # User who can add Articles 
     30        add_user = User.objects.get(username='adduser') 
     31        add_user.user_permissions.add(get_perm(Article, opts.get_add_permission())) 
     32         
     33        # User who can change Articles 
     34        change_user = User.objects.get(username='changeuser') 
     35        change_user.user_permissions.add(get_perm(Article, opts.get_change_permission())) 
     36         
     37        # User who can delete Articles 
     38        delete_user = User.objects.get(username='deleteuser') 
     39        delete_user.user_permissions.add(get_perm(Article, opts.get_delete_permission())) 
     40         
     41        # login POST dicts 
     42        self.super_login = {'post_data': _encode_post_data({}), 
     43                     LOGIN_FORM_KEY: 1, 
     44                     'username': 'super', 
     45                     'password': 'secret'} 
     46        self.adduser_login = {'post_data': _encode_post_data({}), 
     47                     LOGIN_FORM_KEY: 1, 
     48                     'username': 'adduser', 
     49                     'password': 'secret'} 
     50        self.changeuser_login = {'post_data': _encode_post_data({}), 
     51                     LOGIN_FORM_KEY: 1, 
     52                     'username': 'changeuser', 
     53                     'password': 'secret'} 
     54        self.deleteuser_login = {'post_data': _encode_post_data({}), 
     55                     LOGIN_FORM_KEY: 1, 
     56                     'username': 'deleteuser', 
     57                     'password': 'secret'} 
     58        self.joepublic_login = {'post_data': _encode_post_data({}), 
     59                     LOGIN_FORM_KEY: 1, 
     60                     'username': 'joepublic', 
     61                     'password': 'secret'} 
     62            
     63         
     64    def testLogin(self): 
     65        """Make sure only staff members can log in. 
     66         
     67        Successful posts to the login page will redirect to the orignal url. 
     68        Unsuccessfull attempts will continue to render the login page with  
     69        a 200 status code. 
     70        """ 
     71        # Super User 
     72        request = self.client.get('/test_admin/admin/') 
     73        self.failUnlessEqual(request.status_code, 200) 
     74        login = self.client.post('/test_admin/admin/', self.super_login) 
     75        self.assertRedirects(login, '/test_admin/admin/') 
     76        self.assertFalse(login.context) 
     77        self.client.get('/test_admin/admin/logout/') 
     78         
     79        # Add User 
     80        request = self.client.get('/test_admin/admin/') 
     81        self.failUnlessEqual(request.status_code, 200) 
     82        login = self.client.post('/test_admin/admin/', self.adduser_login) 
     83        self.assertRedirects(login, '/test_admin/admin/') 
     84        self.assertFalse(login.context) 
     85        self.client.get('/test_admin/admin/logout/') 
     86         
     87        # Change User 
     88        request = self.client.get('/test_admin/admin/') 
     89        self.failUnlessEqual(request.status_code, 200) 
     90        login = self.client.post('/test_admin/admin/', self.changeuser_login) 
     91        self.assertRedirects(login, '/test_admin/admin/') 
     92        self.assertFalse(login.context) 
     93        self.client.get('/test_admin/admin/logout/') 
     94         
     95        # Delete User 
     96        request = self.client.get('/test_admin/admin/') 
     97        self.failUnlessEqual(request.status_code, 200) 
     98        login = self.client.post('/test_admin/admin/', self.deleteuser_login) 
     99        self.assertRedirects(login, '/test_admin/admin/') 
     100        self.assertFalse(login.context) 
     101        self.client.get('/test_admin/admin/logout/') 
     102         
     103        # Regular User should not be able to login. 
     104        request = self.client.get('/test_admin/admin/') 
     105        self.failUnlessEqual(request.status_code, 200) 
     106        login = self.client.post('/test_admin/admin/', self.joepublic_login) 
     107        self.failUnlessEqual(login.status_code, 200) 
     108        # Login.context is a list of context dicts we just need to check the first one. 
     109        self.assert_(login.context[0].get('error_message')) 
     110     
     111    def testAddView(self): 
     112        """Test add view restricts access and actually adds items.""" 
     113         
     114        add_dict = {'content': '<p>great article</p>', 
     115                    'date_0': '2008-03-18', 'date_1': '10:54:39'} 
     116         
     117        # Change User should not have access to add articles 
     118        self.client.get('/test_admin/admin/') 
     119        self.client.post('/test_admin/admin/', self.changeuser_login) 
     120        request = self.client.get('/test_admin/admin/admin_views/article/add/') 
     121        self.failUnlessEqual(request.status_code, 403) 
     122        # Try POST just to make sure 
     123        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) 
     124        self.failUnlessEqual(post.status_code, 403) 
     125        self.failUnlessEqual(Article.objects.all().count(), 1) 
     126        self.client.get('/test_admin/admin/logout/') 
     127         
     128        # Add user may login and POST to add view, then redirect to admin root 
     129        self.client.get('/test_admin/admin/') 
     130        self.client.post('/test_admin/admin/', self.adduser_login) 
     131        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) 
     132        self.assertRedirects(post, '/test_admin/admin/') 
     133        self.failUnlessEqual(Article.objects.all().count(), 2) 
     134        self.client.get('/test_admin/admin/logout/') 
     135         
     136        # Super can add too, but is redirected to the change list view 
     137        self.client.get('/test_admin/admin/') 
     138        self.client.post('/test_admin/admin/', self.super_login) 
     139        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) 
     140        self.assertRedirects(post, '/test_admin/admin/admin_views/article/') 
     141        self.failUnlessEqual(Article.objects.all().count(), 3) 
     142        self.client.get('/test_admin/admin/logout/') 
     143         
     144    def testChangeView(self): 
     145        """Change view should restrict access and allow users to edit items.""" 
     146         
     147        change_dict = {'content': '<p>edited article</p>', 
     148                    'date_0': '2008-03-18', 'date_1': '10:54:39'} 
     149         
     150        # add user shoud not be able to view the list of article or change any of them 
     151        self.client.get('/test_admin/admin/') 
     152        self.client.post('/test_admin/admin/', self.adduser_login) 
     153        request = self.client.get('/test_admin/admin/admin_views/article/') 
     154        self.failUnlessEqual(request.status_code, 403) 
     155        request = self.client.get('/test_admin/admin/admin_views/article/1/') 
     156        self.failUnlessEqual(request.status_code, 403) 
     157        post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) 
     158        self.failUnlessEqual(post.status_code, 403) 
     159        self.client.get('/test_admin/admin/logout/') 
     160         
     161        # change user can view all items and edit them 
     162        self.client.get('/test_admin/admin/') 
     163        self.client.post('/test_admin/admin/', self.changeuser_login) 
     164        request = self.client.get('/test_admin/admin/admin_views/article/') 
     165        self.failUnlessEqual(request.status_code, 200) 
     166        request = self.client.get('/test_admin/admin/admin_views/article/1/') 
     167        self.failUnlessEqual(request.status_code, 200) 
     168        post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) 
     169        self.assertRedirects(post, '/test_admin/admin/admin_views/article/') 
     170        self.failUnlessEqual(Article.objects.get(pk=1).content, '<p>edited article</p>') 
     171        self.client.get('/test_admin/admin/logout/') 
     172 
     173    def testDeleteView(self): 
     174        """Delete view should restrict access and actually delete items.""" 
     175 
     176        delete_dict = {'post': 'yes'} 
     177         
     178        # add user shoud not be able to delete articles 
     179        self.client.get('/test_admin/admin/') 
     180        self.client.post('/test_admin/admin/', self.adduser_login) 
     181        request = self.client.get('/test_admin/admin/admin_views/article/1/delete/') 
     182        self.failUnlessEqual(request.status_code, 403) 
     183        post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) 
     184        self.failUnlessEqual(post.status_code, 403) 
     185        self.failUnlessEqual(Article.objects.all().count(), 1) 
     186        self.client.get('/test_admin/admin/logout/') 
     187         
     188        # Delete user can delete 
     189        self.client.get('/test_admin/admin/') 
     190        self.client.post('/test_admin/admin/', self.deleteuser_login) 
     191        request = self.client.get('/test_admin/admin/admin_views/article/1/delete/') 
     192        self.failUnlessEqual(request.status_code, 200) 
     193        post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) 
     194        # TODO: http://code.djangoproject.com/ticket/6819 or the next line fails 
     195        self.assertRedirects(post, '/test_admin/admin/') 
     196        self.failUnlessEqual(Article.objects.all().count(), 0) 
     197        self.client.get('/test_admin/admin/logout/') 
     198 No newline at end of file 
  • tests/regressiontests/admin_views/urls.py

     
     1from django.conf.urls.defaults import * 
     2from django.contrib import admin 
     3 
     4urlpatterns = patterns('', 
     5    (r'^admin/doc/', include('django.contrib.admindocs.urls')), 
     6    (r'^admin/(.*)', admin.site.root), 
     7) 
     8 No newline at end of file 
  • tests/urls.py

     
    1717 
    1818    # test urlconf for middleware tests 
    1919    (r'^middleware/', include('regressiontests.middleware.urls')), 
     20     
     21    # test admin views 
     22    (r'^test_admin/', include('regressiontests.admin_views.urls')), 
    2023)