Index: tests/regressiontests/admin_views/__init__.py
===================================================================
--- tests/regressiontests/admin_views/__init__.py
+++ tests/regressiontests/admin_views/__init__.py
Index: tests/regressiontests/admin_views/fixtures/admin-views-users.xml
===================================================================
--- tests/regressiontests/admin_views/fixtures/admin-views-users.xml
+++ tests/regressiontests/admin_views/fixtures/admin-views-users.xml
@@ -0,0 +1,77 @@
+
+
great article
', + 'date_0': '2008-03-18', 'date_1': '10:54:39'} + + # Change User should not have access to add articles + request = c.get('/test_admin/admin/') + login = c.post('/test_admin/admin/', login_dict) + request = c.get('/test_admin/admin/admin_views/article/add/') + self.failUnlessEqual(request.status_code, 403) + # Try POST just to make sure + post = c.post('/test_admin/admin/admin_views/article/add/', add_dict) + self.failUnlessEqual(post.status_code, 403) + self.failUnlessEqual(Article.objects.all().count(), 1) + c.get('/test_admin/admin/logout/') + + # Add user may login and POST to add view + login_dict.update({'username': 'adduser'}) + request = c.get('/test_admin/admin/admin_views/article/add/') + login = c.post('/test_admin/admin/admin_views/article/add/', login_dict) + self.assertRedirects(login, '/test_admin/admin/admin_views/article/add/') + # add the new item, since adduser only has 'add' redirect to root admin view + post = c.post('/test_admin/admin/admin_views/article/add/', add_dict) + self.assertRedirects(post, '/test_admin/admin/') + self.failUnlessEqual(Article.objects.all().count(), 2) + c.get('/test_admin/admin/logout/') + + # Super can add too, but is redirected to the change list view + login_dict.update({'username': 'super'}) + request = c.get('/test_admin/admin/admin_views/article/add/') + login = c.post('/test_admin/admin/admin_views/article/add/', login_dict) + self.assertRedirects(login, '/test_admin/admin/admin_views/article/add/') + post = c.post('/test_admin/admin/admin_views/article/add/', add_dict) + self.assertRedirects(post, '/test_admin/admin/admin_views/article/') + self.failUnlessEqual(Article.objects.all().count(), 3) + c.get('/test_admin/admin/logout/') + + def testChangeView(self): + """Change view should restrict access and allow users to edit items.""" + c = self.client + + login_dict = {'post_data': _encode_post_data({}), + LOGIN_FORM_KEY: 1, + 'username': 'adduser', + 'password': 'secret'} + + change_dict = {'content': 'edited article
', + 'date_0': '2008-03-18', 'date_1': '10:54:39'} + + # add user shoud not be able to view the list of article or change any of them + request = c.get('/test_admin/admin/') + login = c.post('/test_admin/admin/', login_dict) + request = c.get('/test_admin/admin/admin_views/article/') + self.failUnlessEqual(request.status_code, 403) + request = c.get('/test_admin/admin/admin_views/article/1/') + self.failUnlessEqual(request.status_code, 403) + post = c.post('/test_admin/admin/admin_views/article/1/', change_dict) + self.failUnlessEqual(post.status_code, 403) + c.get('/test_admin/admin/logout/') + + # change user can view all items and edit them + login_dict.update({'username': 'changeuser'}) + request = c.get('/test_admin/admin/') + login = c.post('/test_admin/admin/', login_dict) + request = c.get('/test_admin/admin/admin_views/article/') + self.failUnlessEqual(request.status_code, 200) + request = c.get('/test_admin/admin/admin_views/article/1/') + self.failUnlessEqual(request.status_code, 200) + post = c.post('/test_admin/admin/admin_views/article/1/', change_dict) + self.assertRedirects(post, '/test_admin/admin/admin_views/article/') + self.failUnlessEqual(Article.objects.get(pk=1).content, 'edited article
') + c.get('/test_admin/admin/logout/') + + def testDeleteView(self): + """Delete view should restrict access and actually delete items.""" + c = self.client + + login_dict = {'post_data': _encode_post_data({}), + LOGIN_FORM_KEY: 1, + 'username': 'adduser', + 'password': 'secret'} + + delete_dict = {'post': 'yes'} + + # add user shoud not be able to delete articles + request = c.get('/test_admin/admin/') + login = c.post('/test_admin/admin/', login_dict) + request = c.get('/test_admin/admin/admin_views/article/1/delete/') + self.failUnlessEqual(request.status_code, 403) + post = c.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) + self.failUnlessEqual(post.status_code, 403) + self.failUnlessEqual(Article.objects.all().count(), 1) + c.get('/test_admin/admin/logout/') + + # Delete user can delete + login_dict.update({'username': 'deleteuser'}) + request = c.get('/test_admin/admin/') + login = c.post('/test_admin/admin/', login_dict) + request = c.get('/test_admin/admin/admin_views/article/1/delete/') + self.failUnlessEqual(request.status_code, 200) + post = c.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) + # TODO: http://code.djangoproject.com/ticket/6819 or the next line fails + self.assertRedirects(post, '/test_admin/admin/') + self.failUnlessEqual(Article.objects.all().count(), 0) + c.get('/test_admin/admin/logout/') \ No newline at end of file Index: tests/regressiontests/admin_views/urls.py =================================================================== --- tests/regressiontests/admin_views/urls.py +++ tests/regressiontests/admin_views/urls.py @@ -0,0 +1,7 @@ +from django.conf.urls.defaults import * +from django.contrib import admin + +urlpatterns = patterns('', + (r'^admin/doc/', include('django.contrib.admindocs.urls')), + (r'^admin/(.*)', admin.site.root), +) \ No newline at end of file Index: tests/urls.py =================================================================== --- tests/urls.py (revision 7277) +++ tests/urls.py (working copy) @@ -17,4 +17,7 @@ # test urlconf for middleware tests (r'^middleware/', include('regressiontests.middleware.urls')), + + # test admin views + (r'^test_admin/', include('regressiontests.admin_views.urls')), )