Fix existing permissions related tests

umap/tests/test_map.py

@@ -9,55 +9,33 @@ from .base import MapFactory
 pytestmark = pytest.mark.django_db
 
 
-def test_anonymous_can_edit_if_status_anonymous(map):
+def test_anonymous_cannot_edit(map):
     anonymous = AnonymousUser()
-    map.edit_status = map.ANONYMOUS
-    map.save()
-    assert map.can_edit(anonymous)
-
-
-def test_anonymous_cannot_edit_if_not_status_anonymous(map):
-    anonymous = AnonymousUser()
-    map.edit_status = map.OWNER
-    map.save()
     assert not map.can_edit(anonymous)
 
 
-def test_non_editors_can_edit_if_status_anonymous(map, user):
+def test_non_editors_cannot_edit(map, user):
     assert map.owner != user
-    map.edit_status = map.ANONYMOUS
-    map.save()
-    assert map.can_edit(user)
-
-
-def test_non_editors_cannot_edit_if_not_status_anonymous(map, user):
-    map.edit_status = map.OWNER
-    map.save()
     assert not map.can_edit(user)
 
 
-def test_editors_cannot_edit_if_status_owner(map, user):
-    map.edit_status = map.OWNER
-    map.editors.add(user)
-    map.save()
-    assert not map.can_edit(user)
-
-
-def test_editors_can_edit_if_status_editors(map, user):
-    map.edit_status = map.EDITORS
+def test_editors_can_edit(map, user):
     map.editors.add(user)
     map.save()
     assert map.can_edit(user)
 
 
-def test_logged_in_user_should_be_allowed_for_anonymous_map_with_anonymous_edit_status(map, user, rf):  # noqa
+def test_owner_can_edit(map):
+    assert map.can_edit(map.owner)
+
+
+def test_logged_in_user_should_not_be_allowed_for_anonymous_map(map, user, rf):
     map.owner = None
-    map.edit_status = map.ANONYMOUS
     map.save()
     url = reverse('map_update', kwargs={'map_id': map.pk})
     request = rf.get(url)
     request.user = user
-    assert map.can_edit(user, request)
+    assert not map.can_edit(user, request)
 
 
 def test_clone_should_return_new_instance(map, user):

umap/tests/test_map_views.py

@@ -38,7 +38,6 @@ def test_create(client, user, post_data):
     assert created_map.center.x == 13.447265624999998
     assert created_map.center.y == 48.94415123418794
     assert j["permissions"] == {
-        "edit_status": 3,
         "share_status": 1,
         "owner": {"id": user.pk, "name": "Joe", "url": "/en/user/Joe/"},
         "editors": [],
@@ -167,24 +166,20 @@ def test_user_not_allowed_should_not_clone_map(client, map, user, settings):
     settings.UMAP_ALLOW_ANONYMOUS = False
     assert Map.objects.count() == 1
     url = reverse("map_clone", kwargs={"map_id": map.pk})
-    map.edit_status = map.OWNER
-    map.save()
     response = client.post(url)
     assert login_required(response)
     client.login(username=user.username, password="123123")
     response = client.post(url)
     assert response.status_code == 403
-    map.edit_status = map.ANONYMOUS
-    map.save()
     client.logout()
     response = client.post(url)
-    assert response.status_code == 403
+    assert response.status_code == 200
+    assert "login_required" in json.loads(response.content)
     assert Map.objects.count() == 1
 
 
 def test_clone_should_set_cloner_as_owner(client, map, user):
     url = reverse("map_clone", kwargs={"map_id": map.pk})
-    map.edit_status = map.EDITORS
     map.editors.add(user)
     map.save()
     client.login(username=user.username, password="123123")
@@ -302,19 +297,19 @@ def test_only_owner_can_delete(client, map, user):
     assert response.status_code == 403
 
 
-def test_map_editors_do_not_see_owner_change_input(client, map, user):
+def test_map_editors_cannot_change_owner(client, map, user):
+    owner = map.owner
     map.editors.add(user)
-    map.edit_status = map.EDITORS
     map.save()
     url = reverse("map_update_permissions", kwargs={"map_id": map.pk})
     client.login(username=user.username, password="123123")
-    response = client.get(url)
-    assert "id_owner" not in response
+    response = client.post(url, data={"owner": user.pk})
+    assert response.status_code == 200
+    assert map.owner == owner
 
 
-def test_logged_in_user_can_edit_map_editable_by_anonymous(client, map, user):
+def test_logged_in_user_cannot_edit_map(client, map, user):
     map.owner = None
-    map.edit_status = map.ANONYMOUS
     map.save()
     client.login(username=user.username, password="123123")
     url = reverse("map_update", kwargs={"map_id": map.pk})
@@ -324,8 +319,7 @@ def test_logged_in_user_can_edit_map_editable_by_anonymous(client, map, user):
         "name": new_name,
     }
     response = client.post(url, data)
-    assert response.status_code == 200
-    assert Map.objects.get(pk=map.pk).name == new_name
+    assert response.status_code == 403
 
 
 @pytest.mark.usefixtures("allow_anonymous")
@@ -422,13 +416,9 @@ def test_bad_anonymous_edit_url_should_return_403(cookieclient, anonymap):
 
 
 @pytest.mark.usefixtures("allow_anonymous")
-def test_clone_anonymous_map_should_not_be_possible_if_user_is_not_allowed(
-    client, anonymap, user
-):  # noqa
+def test_clone_anonymous_map_should_not_be_possible(client, anonymap, user):  # noqa
     assert Map.objects.count() == 1
     url = reverse("map_clone", kwargs={"map_id": anonymap.pk})
-    anonymap.edit_status = anonymap.OWNER
-    anonymap.save()
     response = client.post(url)
     assert response.status_code == 403
     client.login(username=user.username, password="123123")
@@ -437,23 +427,6 @@ def test_clone_anonymous_map_should_not_be_possible_if_user_is_not_allowed(
     assert Map.objects.count() == 1
 
 
-@pytest.mark.usefixtures("allow_anonymous")
-def test_clone_map_should_be_possible_if_edit_status_is_anonymous(
-    client, anonymap
-):  # noqa
-    assert Map.objects.count() == 1
-    url = reverse("map_clone", kwargs={"map_id": anonymap.pk})
-    anonymap.edit_status = anonymap.ANONYMOUS
-    anonymap.save()
-    response = client.post(url)
-    assert response.status_code == 200
-    assert Map.objects.count() == 2
-    clone = Map.objects.latest("pk")
-    assert clone.pk != anonymap.pk
-    assert clone.name == "Clone of " + anonymap.name
-    assert clone.owner is None
-
-
 @pytest.mark.usefixtures("allow_anonymous")
 def test_anyone_can_access_anonymous_map(cookieclient, anonymap):
     url = reverse("map", args=(anonymap.slug, anonymap.pk))

umap/tests/test_views.py

@@ -282,7 +282,6 @@ def test_user_dashboard_display_user_maps(client, map):
     assert f"{map.get_absolute_url()}?share" in body
     assert f"{map.get_absolute_url()}?download" in body
     assert "Everyone (public)" in body
-    assert "Owner only" in body
 
 
 @pytest.mark.django_db