Ticket #6810: 6810-2.patch

File 6810-2.patch, 16.8 KB (added by Robert Myers, 17 years ago)

Cleaned up the test a little to improve readability

  • tests/regressiontests/admin_views/__init__.py

  • tests/regressiontests/admin_views/fixtures/admin-views-users.xml

     
     1<?xml version="1.0" encoding="utf-8"?>
     2<django-objects version="1.0">
     3    <object pk="100" model="auth.user">
     4        <field type="CharField" name="username">super</field>
     5        <field type="CharField" name="first_name">Super</field>
     6        <field type="CharField" name="last_name">User</field>
     7        <field type="CharField" name="email">super@example.com</field>
     8        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     9        <field type="BooleanField" name="is_staff">True</field>
     10        <field type="BooleanField" name="is_active">True</field>
     11        <field type="BooleanField" name="is_superuser">True</field>
     12        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     13        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     14        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     15        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     16    </object>
     17    <object pk="101" model="auth.user">
     18        <field type="CharField" name="username">adduser</field>
     19        <field type="CharField" name="first_name">Add</field>
     20        <field type="CharField" name="last_name">User</field>
     21        <field type="CharField" name="email">auser@example.com</field>
     22        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     23        <field type="BooleanField" name="is_staff">True</field>
     24        <field type="BooleanField" name="is_active">True</field>
     25        <field type="BooleanField" name="is_superuser">False</field>
     26        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     27        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     28        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     29        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     30    </object>
     31    <object pk="102" model="auth.user">
     32        <field type="CharField" name="username">changeuser</field>
     33        <field type="CharField" name="first_name">Change</field>
     34        <field type="CharField" name="last_name">User</field>
     35        <field type="CharField" name="email">cuser@example.com</field>
     36        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     37        <field type="BooleanField" name="is_staff">True</field>
     38        <field type="BooleanField" name="is_active">True</field>
     39        <field type="BooleanField" name="is_superuser">False</field>
     40        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     41        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     42        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     43        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     44    </object>
     45    <object pk="103" model="auth.user">
     46        <field type="CharField" name="username">deleteuser</field>
     47        <field type="CharField" name="first_name">Delete</field>
     48        <field type="CharField" name="last_name">User</field>
     49        <field type="CharField" name="email">duser@example.com</field>
     50        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     51        <field type="BooleanField" name="is_staff">True</field>
     52        <field type="BooleanField" name="is_active">True</field>
     53        <field type="BooleanField" name="is_superuser">False</field>
     54        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     55        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     56        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     57        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     58    </object>
     59    <object pk="104" model="auth.user">
     60        <field type="CharField" name="username">joepublic</field>
     61        <field type="CharField" name="first_name">Joe</field>
     62        <field type="CharField" name="last_name">Public</field>
     63        <field type="CharField" name="email">joepublic@example.com</field>
     64        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     65        <field type="BooleanField" name="is_staff">False</field>
     66        <field type="BooleanField" name="is_active">True</field>
     67        <field type="BooleanField" name="is_superuser">False</field>
     68        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     69        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     70        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     71        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     72    </object>
     73    <object pk="1" model="admin_views.article">
     74        <field type="TextField" name="content">&lt;p&gt;test content&lt;/p&gt;</field>
     75        <field type="DateTimeField" name="date">2008-03-18 11:54:58</field>
     76    </object>
     77</django-objects>
     78 No newline at end of file
  • tests/regressiontests/admin_views/models.py

     
     1from django.db import models
     2from django.contrib import admin
     3
     4class Article(models.Model):
     5    """An simple article to test admin views. Test backwards compabilty."""
     6    content = models.TextField()
     7    date = models.DateTimeField()
     8       
     9class ArticleAdmin(admin.ModelAdmin):
     10        list_display = ('content', 'date')
     11        list_filter = ('date',)
     12       
     13admin.site.register(Article, ArticleAdmin)
     14 No newline at end of file
  • tests/regressiontests/admin_views/tests.py

     
     1
     2from django.test import TestCase
     3from django.contrib.auth.models import User, Permission
     4from django.contrib.contenttypes.models import ContentType
     5from django.contrib.admin.sites import LOGIN_FORM_KEY, _encode_post_data
     6
     7# local test models
     8from models import Article
     9
     10def get_perm(Model, perm):
     11    """Return the permission object, for the Model"""
     12    ct = ContentType.objects.get_for_model(Model)
     13    return Permission.objects.get(content_type=ct,codename=perm)
     14   
     15
     16class AdminViewPermissionsTest(TestCase):
     17    """Tests for Admin Views Permissions."""
     18   
     19    fixtures = ['admin-views-users.xml']
     20   
     21    def setUp(self):
     22        """Test setup."""
     23        # Setup permissions, for our users who can add, change, and delete.
     24        # We can't put this into the fixture, because the content type id
     25        # and the permission id could be different on each run of the test.
     26       
     27        opts = Article._meta
     28       
     29        # User who can add Articles
     30        add_user = User.objects.get(username='adduser')
     31        add_user.user_permissions.add(get_perm(Article, opts.get_add_permission()))
     32       
     33        # User who can change Articles
     34        change_user = User.objects.get(username='changeuser')
     35        change_user.user_permissions.add(get_perm(Article, opts.get_change_permission()))
     36       
     37        # User who can delete Articles
     38        delete_user = User.objects.get(username='deleteuser')
     39        delete_user.user_permissions.add(get_perm(Article, opts.get_delete_permission()))
     40       
     41        # login POST dicts
     42        self.super_login = {'post_data': _encode_post_data({}),
     43                     LOGIN_FORM_KEY: 1,
     44                     'username': 'super',
     45                     'password': 'secret'}
     46        self.adduser_login = {'post_data': _encode_post_data({}),
     47                     LOGIN_FORM_KEY: 1,
     48                     'username': 'adduser',
     49                     'password': 'secret'}
     50        self.changeuser_login = {'post_data': _encode_post_data({}),
     51                     LOGIN_FORM_KEY: 1,
     52                     'username': 'changeuser',
     53                     'password': 'secret'}
     54        self.deleteuser_login = {'post_data': _encode_post_data({}),
     55                     LOGIN_FORM_KEY: 1,
     56                     'username': 'deleteuser',
     57                     'password': 'secret'}
     58        self.joepublic_login = {'post_data': _encode_post_data({}),
     59                     LOGIN_FORM_KEY: 1,
     60                     'username': 'joepublic',
     61                     'password': 'secret'}
     62           
     63       
     64    def testLogin(self):
     65        """Make sure only staff members can log in.
     66       
     67        Successful posts to the login page will redirect to the orignal url.
     68        Unsuccessfull attempts will continue to render the login page with
     69        a 200 status code.
     70        """
     71        # Super User
     72        request = self.client.get('/test_admin/admin/')
     73        self.failUnlessEqual(request.status_code, 200)
     74        login = self.client.post('/test_admin/admin/', self.super_login)
     75        self.assertRedirects(login, '/test_admin/admin/')
     76        self.assertFalse(login.context)
     77        self.client.get('/test_admin/admin/logout/')
     78       
     79        # Add User
     80        request = self.client.get('/test_admin/admin/')
     81        self.failUnlessEqual(request.status_code, 200)
     82        login = self.client.post('/test_admin/admin/', self.adduser_login)
     83        self.assertRedirects(login, '/test_admin/admin/')
     84        self.assertFalse(login.context)
     85        self.client.get('/test_admin/admin/logout/')
     86       
     87        # Change User
     88        request = self.client.get('/test_admin/admin/')
     89        self.failUnlessEqual(request.status_code, 200)
     90        login = self.client.post('/test_admin/admin/', self.changeuser_login)
     91        self.assertRedirects(login, '/test_admin/admin/')
     92        self.assertFalse(login.context)
     93        self.client.get('/test_admin/admin/logout/')
     94       
     95        # Delete User
     96        request = self.client.get('/test_admin/admin/')
     97        self.failUnlessEqual(request.status_code, 200)
     98        login = self.client.post('/test_admin/admin/', self.deleteuser_login)
     99        self.assertRedirects(login, '/test_admin/admin/')
     100        self.assertFalse(login.context)
     101        self.client.get('/test_admin/admin/logout/')
     102       
     103        # Regular User should not be able to login.
     104        request = self.client.get('/test_admin/admin/')
     105        self.failUnlessEqual(request.status_code, 200)
     106        login = self.client.post('/test_admin/admin/', self.joepublic_login)
     107        self.failUnlessEqual(login.status_code, 200)
     108        # Login.context is a list of context dicts we just need to check the first one.
     109        self.assert_(login.context[0].get('error_message'))
     110   
     111    def testAddView(self):
     112        """Test add view restricts access and actually adds items."""
     113       
     114        add_dict = {'content': '<p>great article</p>',
     115                    'date_0': '2008-03-18', 'date_1': '10:54:39'}
     116       
     117        # Change User should not have access to add articles
     118        self.client.get('/test_admin/admin/')
     119        self.client.post('/test_admin/admin/', self.changeuser_login)
     120        request = self.client.get('/test_admin/admin/admin_views/article/add/')
     121        self.failUnlessEqual(request.status_code, 403)
     122        # Try POST just to make sure
     123        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
     124        self.failUnlessEqual(post.status_code, 403)
     125        self.failUnlessEqual(Article.objects.all().count(), 1)
     126        self.client.get('/test_admin/admin/logout/')
     127       
     128        # Add user may login and POST to add view, then redirect to admin root
     129        self.client.get('/test_admin/admin/')
     130        self.client.post('/test_admin/admin/', self.adduser_login)
     131        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
     132        self.assertRedirects(post, '/test_admin/admin/')
     133        self.failUnlessEqual(Article.objects.all().count(), 2)
     134        self.client.get('/test_admin/admin/logout/')
     135       
     136        # Super can add too, but is redirected to the change list view
     137        self.client.get('/test_admin/admin/')
     138        self.client.post('/test_admin/admin/', self.super_login)
     139        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
     140        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
     141        self.failUnlessEqual(Article.objects.all().count(), 3)
     142        self.client.get('/test_admin/admin/logout/')
     143       
     144    def testChangeView(self):
     145        """Change view should restrict access and allow users to edit items."""
     146       
     147        change_dict = {'content': '<p>edited article</p>',
     148                    'date_0': '2008-03-18', 'date_1': '10:54:39'}
     149       
     150        # add user shoud not be able to view the list of article or change any of them
     151        self.client.get('/test_admin/admin/')
     152        self.client.post('/test_admin/admin/', self.adduser_login)
     153        request = self.client.get('/test_admin/admin/admin_views/article/')
     154        self.failUnlessEqual(request.status_code, 403)
     155        request = self.client.get('/test_admin/admin/admin_views/article/1/')
     156        self.failUnlessEqual(request.status_code, 403)
     157        post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict)
     158        self.failUnlessEqual(post.status_code, 403)
     159        self.client.get('/test_admin/admin/logout/')
     160       
     161        # change user can view all items and edit them
     162        self.client.get('/test_admin/admin/')
     163        self.client.post('/test_admin/admin/', self.changeuser_login)
     164        request = self.client.get('/test_admin/admin/admin_views/article/')
     165        self.failUnlessEqual(request.status_code, 200)
     166        request = self.client.get('/test_admin/admin/admin_views/article/1/')
     167        self.failUnlessEqual(request.status_code, 200)
     168        post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict)
     169        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
     170        self.failUnlessEqual(Article.objects.get(pk=1).content, '<p>edited article</p>')
     171        self.client.get('/test_admin/admin/logout/')
     172
     173    def testDeleteView(self):
     174        """Delete view should restrict access and actually delete items."""
     175
     176        delete_dict = {'post': 'yes'}
     177       
     178        # add user shoud not be able to delete articles
     179        self.client.get('/test_admin/admin/')
     180        self.client.post('/test_admin/admin/', self.adduser_login)
     181        request = self.client.get('/test_admin/admin/admin_views/article/1/delete/')
     182        self.failUnlessEqual(request.status_code, 403)
     183        post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict)
     184        self.failUnlessEqual(post.status_code, 403)
     185        self.failUnlessEqual(Article.objects.all().count(), 1)
     186        self.client.get('/test_admin/admin/logout/')
     187       
     188        # Delete user can delete
     189        self.client.get('/test_admin/admin/')
     190        self.client.post('/test_admin/admin/', self.deleteuser_login)
     191        request = self.client.get('/test_admin/admin/admin_views/article/1/delete/')
     192        self.failUnlessEqual(request.status_code, 200)
     193        post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict)
     194        # TODO: http://code.djangoproject.com/ticket/6819 or the next line fails
     195        self.assertRedirects(post, '/test_admin/admin/')
     196        self.failUnlessEqual(Article.objects.all().count(), 0)
     197        self.client.get('/test_admin/admin/logout/')
     198 No newline at end of file
  • tests/regressiontests/admin_views/urls.py

     
     1from django.conf.urls.defaults import *
     2from django.contrib import admin
     3
     4urlpatterns = patterns('',
     5    (r'^admin/doc/', include('django.contrib.admindocs.urls')),
     6    (r'^admin/(.*)', admin.site.root),
     7)
     8 No newline at end of file
  • tests/urls.py

     
    1717
    1818    # test urlconf for middleware tests
    1919    (r'^middleware/', include('regressiontests.middleware.urls')),
     20   
     21    # test admin views
     22    (r'^test_admin/', include('regressiontests.admin_views.urls')),
    2023)
Back to Top