Ticket #6810: 6810.patch

File 6810.patch, 15.8 KB (added by rmyers, 7 years ago)

first attempt tests permissions for login/add/change/delete views

  • tests/regressiontests/admin_views/__init__.py

  • tests/regressiontests/admin_views/fixtures/admin-views-users.xml

     
     1<?xml version="1.0" encoding="utf-8"?>
     2<django-objects version="1.0">
     3    <object pk="100" model="auth.user">
     4        <field type="CharField" name="username">super</field>
     5        <field type="CharField" name="first_name">Super</field>
     6        <field type="CharField" name="last_name">User</field>
     7        <field type="CharField" name="email">super@example.com</field>
     8        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     9        <field type="BooleanField" name="is_staff">True</field>
     10        <field type="BooleanField" name="is_active">True</field>
     11        <field type="BooleanField" name="is_superuser">True</field>
     12        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     13        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     14        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     15        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     16    </object>
     17    <object pk="101" model="auth.user">
     18        <field type="CharField" name="username">adduser</field>
     19        <field type="CharField" name="first_name">Add</field>
     20        <field type="CharField" name="last_name">User</field>
     21        <field type="CharField" name="email">auser@example.com</field>
     22        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     23        <field type="BooleanField" name="is_staff">True</field>
     24        <field type="BooleanField" name="is_active">True</field>
     25        <field type="BooleanField" name="is_superuser">False</field>
     26        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     27        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     28        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     29        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     30    </object>
     31    <object pk="102" model="auth.user">
     32        <field type="CharField" name="username">changeuser</field>
     33        <field type="CharField" name="first_name">Change</field>
     34        <field type="CharField" name="last_name">User</field>
     35        <field type="CharField" name="email">cuser@example.com</field>
     36        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     37        <field type="BooleanField" name="is_staff">True</field>
     38        <field type="BooleanField" name="is_active">True</field>
     39        <field type="BooleanField" name="is_superuser">False</field>
     40        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     41        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     42        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     43        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     44    </object>
     45    <object pk="103" model="auth.user">
     46        <field type="CharField" name="username">deleteuser</field>
     47        <field type="CharField" name="first_name">Delete</field>
     48        <field type="CharField" name="last_name">User</field>
     49        <field type="CharField" name="email">duser@example.com</field>
     50        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     51        <field type="BooleanField" name="is_staff">True</field>
     52        <field type="BooleanField" name="is_active">True</field>
     53        <field type="BooleanField" name="is_superuser">False</field>
     54        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     55        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     56        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     57        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     58    </object>
     59    <object pk="104" model="auth.user">
     60        <field type="CharField" name="username">joepublic</field>
     61        <field type="CharField" name="first_name">Joe</field>
     62        <field type="CharField" name="last_name">Public</field>
     63        <field type="CharField" name="email">joepublic@example.com</field>
     64        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     65        <field type="BooleanField" name="is_staff">False</field>
     66        <field type="BooleanField" name="is_active">True</field>
     67        <field type="BooleanField" name="is_superuser">False</field>
     68        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     69        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     70        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     71        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     72    </object>
     73    <object pk="1" model="admin_views.article">
     74        <field type="TextField" name="content">&lt;p&gt;test content&lt;/p&gt;</field>
     75        <field type="DateTimeField" name="date">2008-03-18 11:54:58</field>
     76    </object>
     77</django-objects>
     78 No newline at end of file
  • tests/regressiontests/admin_views/models.py

     
     1from django.db import models
     2from django.contrib import admin
     3
     4class Article(models.Model):
     5    """An simple article to test admin views. Test backwards compabilty."""
     6    content = models.TextField()
     7    date = models.DateTimeField()
     8       
     9class ArticleAdmin(admin.ModelAdmin):
     10        list_display = ('content', 'date')
     11        list_filter = ('date',)
     12       
     13admin.site.register(Article, ArticleAdmin)
     14 No newline at end of file
  • tests/regressiontests/admin_views/tests.py

     
     1
     2from django.test import TestCase
     3from django.test.client import Client
     4from django.contrib.auth.models import User, Permission
     5from django.contrib.contenttypes.models import ContentType
     6from django.contrib.admin.sites import LOGIN_FORM_KEY, _encode_post_data
     7
     8# local test models
     9from models import Article
     10
     11def get_perm(Model, perm):
     12    """Return the permission object, for the Model"""
     13    ct = ContentType.objects.get_for_model(Model)
     14    return Permission.objects.get(content_type=ct,codename=perm)
     15   
     16
     17class AdminViewPermissionsTest(TestCase):
     18    """Tests for Admin Views Permissions."""
     19   
     20    fixtures = ['admin-views-users.xml']
     21   
     22    def setUp(self):
     23        """Test setup."""
     24        # Setup permissions, for our users who can add, change, and delete.
     25        # We can't put this into the fixture, because the content type id
     26        # and the permission id could be different on each run of the test.
     27       
     28        opts = Article._meta
     29       
     30        # User who can add Articles
     31        add_user = User.objects.get(username='adduser')
     32        add_user.user_permissions.add(get_perm(Article, opts.get_add_permission()))
     33       
     34        # User who can change Articles
     35        change_user = User.objects.get(username='changeuser')
     36        change_user.user_permissions.add(get_perm(Article, opts.get_change_permission()))
     37       
     38        # User who can delete Articles
     39        delete_user = User.objects.get(username='deleteuser')
     40        delete_user.user_permissions.add(get_perm(Article, opts.get_delete_permission()))
     41           
     42       
     43    def testLogin(self):
     44        """Make sure only staff members can log in.
     45       
     46        Successful posts to the login page will redirect to the orignal url.
     47        Unsuccessfull attempts will continue to render the login page with
     48        a 200 status code.
     49        """
     50        c = self.client
     51       
     52        login_dict = {'post_data': _encode_post_data({}),
     53                     LOGIN_FORM_KEY: 1,
     54                     'username': 'super',
     55                     'password': 'secret'}
     56        # Super User
     57        request = c.get('/test_admin/admin/')
     58        login = c.post('/test_admin/admin/', login_dict)
     59        self.assertRedirects(login, '/test_admin/admin/')
     60        self.assertFalse(login.context)
     61        request = c.get('/test_admin/admin/logout/')
     62       
     63        # Regular User
     64        login_dict.update({'username': 'joepublic'})
     65        request = c.get('/test_admin/admin/')
     66        login = c.post('/test_admin/admin/', login_dict)
     67        self.failUnlessEqual(login.status_code, 200)
     68        # Login.context is a list of context dicts we just need to check the first one.
     69        self.assert_(login.context[0].get('error_message'))
     70   
     71    def testAddView(self):
     72        """Test add view restricts access and actually adds items."""
     73        c = self.client
     74       
     75        login_dict = {'post_data': _encode_post_data({}),
     76                     LOGIN_FORM_KEY: 1,
     77                     'username': 'changeuser',
     78                     'password': 'secret'}
     79       
     80        add_dict = {'content': '<p>great article</p>',
     81                    'date_0': '2008-03-18', 'date_1': '10:54:39'}
     82       
     83        # Change User should not have access to add articles
     84        request = c.get('/test_admin/admin/')
     85        login = c.post('/test_admin/admin/', login_dict)
     86        request = c.get('/test_admin/admin/admin_views/article/add/')
     87        self.failUnlessEqual(request.status_code, 403)
     88        # Try POST just to make sure
     89        post = c.post('/test_admin/admin/admin_views/article/add/', add_dict)
     90        self.failUnlessEqual(post.status_code, 403)
     91        self.failUnlessEqual(Article.objects.all().count(), 1)
     92        c.get('/test_admin/admin/logout/')
     93       
     94        # Add user may login and POST to add view
     95        login_dict.update({'username': 'adduser'})
     96        request = c.get('/test_admin/admin/admin_views/article/add/')
     97        login = c.post('/test_admin/admin/admin_views/article/add/', login_dict)
     98        self.assertRedirects(login, '/test_admin/admin/admin_views/article/add/')
     99        # add the new item, since adduser only has 'add' redirect to root admin view
     100        post = c.post('/test_admin/admin/admin_views/article/add/', add_dict)
     101        self.assertRedirects(post, '/test_admin/admin/')
     102        self.failUnlessEqual(Article.objects.all().count(), 2)
     103        c.get('/test_admin/admin/logout/')
     104       
     105        # Super can add too, but is redirected to the change list view
     106        login_dict.update({'username': 'super'})
     107        request = c.get('/test_admin/admin/admin_views/article/add/')
     108        login = c.post('/test_admin/admin/admin_views/article/add/', login_dict)
     109        self.assertRedirects(login, '/test_admin/admin/admin_views/article/add/')
     110        post = c.post('/test_admin/admin/admin_views/article/add/', add_dict)
     111        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
     112        self.failUnlessEqual(Article.objects.all().count(), 3)
     113        c.get('/test_admin/admin/logout/')
     114       
     115    def testChangeView(self):
     116        """Change view should restrict access and allow users to edit items."""
     117        c = self.client
     118       
     119        login_dict = {'post_data': _encode_post_data({}),
     120                     LOGIN_FORM_KEY: 1,
     121                     'username': 'adduser',
     122                     'password': 'secret'}
     123       
     124        change_dict = {'content': '<p>edited article</p>',
     125                    'date_0': '2008-03-18', 'date_1': '10:54:39'}
     126       
     127        # add user shoud not be able to view the list of article or change any of them
     128        request = c.get('/test_admin/admin/')
     129        login = c.post('/test_admin/admin/', login_dict)
     130        request = c.get('/test_admin/admin/admin_views/article/')
     131        self.failUnlessEqual(request.status_code, 403)
     132        request = c.get('/test_admin/admin/admin_views/article/1/')
     133        self.failUnlessEqual(request.status_code, 403)
     134        post = c.post('/test_admin/admin/admin_views/article/1/', change_dict)
     135        self.failUnlessEqual(post.status_code, 403)
     136        c.get('/test_admin/admin/logout/')
     137       
     138        # change user can view all items and edit them
     139        login_dict.update({'username': 'changeuser'})
     140        request = c.get('/test_admin/admin/')
     141        login = c.post('/test_admin/admin/', login_dict)
     142        request = c.get('/test_admin/admin/admin_views/article/')
     143        self.failUnlessEqual(request.status_code, 200)
     144        request = c.get('/test_admin/admin/admin_views/article/1/')
     145        self.failUnlessEqual(request.status_code, 200)
     146        post = c.post('/test_admin/admin/admin_views/article/1/', change_dict)
     147        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
     148        self.failUnlessEqual(Article.objects.get(pk=1).content, '<p>edited article</p>')
     149        c.get('/test_admin/admin/logout/')
     150
     151    def testDeleteView(self):
     152        """Delete view should restrict access and actually delete items."""
     153        c = self.client
     154       
     155        login_dict = {'post_data': _encode_post_data({}),
     156                     LOGIN_FORM_KEY: 1,
     157                     'username': 'adduser',
     158                     'password': 'secret'}
     159       
     160        delete_dict = {'post': 'yes'}
     161       
     162        # add user shoud not be able to delete articles
     163        request = c.get('/test_admin/admin/')
     164        login = c.post('/test_admin/admin/', login_dict)
     165        request = c.get('/test_admin/admin/admin_views/article/1/delete/')
     166        self.failUnlessEqual(request.status_code, 403)
     167        post = c.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict)
     168        self.failUnlessEqual(post.status_code, 403)
     169        self.failUnlessEqual(Article.objects.all().count(), 1)
     170        c.get('/test_admin/admin/logout/')
     171       
     172        # Delete user can delete
     173        login_dict.update({'username': 'deleteuser'})
     174        request = c.get('/test_admin/admin/')
     175        login = c.post('/test_admin/admin/', login_dict)
     176        request = c.get('/test_admin/admin/admin_views/article/1/delete/')
     177        self.failUnlessEqual(request.status_code, 200)
     178        post = c.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict)
     179        # TODO: http://code.djangoproject.com/ticket/6819 or the next line fails
     180        self.assertRedirects(post, '/test_admin/admin/')
     181        self.failUnlessEqual(Article.objects.all().count(), 0)
     182        c.get('/test_admin/admin/logout/')
     183 No newline at end of file
  • tests/regressiontests/admin_views/urls.py

     
     1from django.conf.urls.defaults import *
     2from django.contrib import admin
     3
     4urlpatterns = patterns('',
     5    (r'^admin/doc/', include('django.contrib.admindocs.urls')),
     6    (r'^admin/(.*)', admin.site.root),
     7)
     8 No newline at end of file
  • tests/urls.py

     
    1717
    1818    # test urlconf for middleware tests
    1919    (r'^middleware/', include('regressiontests.middleware.urls')),
     20   
     21    # test admin views
     22    (r'^test_admin/', include('regressiontests.admin_views.urls')),
    2023)
Back to Top