jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix existing permissions related tests

Browse source
This commit is contained in:
Yohan Boniface 2023-09-09 10:32:15 +02:00
parent e52b40807a
commit d6d55e619a
3 changed files with 19 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
umap/tests/test_map.py
View file

@ -9,55 +9,33 @@ from .base import MapFactory
pytestmark = pytest.mark.django_db pytestmark = pytest.mark.django_db
def test_anonymous_can_edit_if_status_anonymous(map): def test_anonymous_cannot_edit(map):
anonymous = AnonymousUser() anonymous = AnonymousUser()
map.edit_status = map.ANONYMOUS
map.save()
assert map.can_edit(anonymous)
def test_anonymous_cannot_edit_if_not_status_anonymous(map):
anonymous = AnonymousUser()
map.edit_status = map.OWNER
map.save()
assert not map.can_edit(anonymous) assert not map.can_edit(anonymous)
def test_non_editors_can_edit_if_status_anonymous(map, user): def test_non_editors_cannot_edit(map, user):
assert map.owner != user assert map.owner != user
map.edit_status = map.ANONYMOUS
map.save()
assert map.can_edit(user)
def test_non_editors_cannot_edit_if_not_status_anonymous(map, user):
map.edit_status = map.OWNER
map.save()
assert not map.can_edit(user) assert not map.can_edit(user)
def test_editors_cannot_edit_if_status_owner(map, user): def test_editors_can_edit(map, user):
map.edit_status = map.OWNER
map.editors.add(user)
map.save()
assert not map.can_edit(user)
def test_editors_can_edit_if_status_editors(map, user):
map.edit_status = map.EDITORS
map.editors.add(user) map.editors.add(user)
map.save() map.save()
assert map.can_edit(user) assert map.can_edit(user)
def test_logged_in_user_should_be_allowed_for_anonymous_map_with_anonymous_edit_status(map, user, rf): # noqa def test_owner_can_edit(map):
assert map.can_edit(map.owner)
def test_logged_in_user_should_not_be_allowed_for_anonymous_map(map, user, rf):
map.owner = None map.owner = None
map.edit_status = map.ANONYMOUS
map.save() map.save()
url = reverse('map_update', kwargs={'map_id': map.pk}) url = reverse('map_update', kwargs={'map_id': map.pk})
request = rf.get(url) request = rf.get(url)
request.user = user request.user = user
assert map.can_edit(user, request) assert not map.can_edit(user, request)
def test_clone_should_return_new_instance(map, user): def test_clone_should_return_new_instance(map, user):

47
umap/tests/test_map_views.py
View file

@ -38,7 +38,6 @@ def test_create(client, user, post_data):
assert created_map.center.x == 13.447265624999998 assert created_map.center.x == 13.447265624999998
assert created_map.center.y == 48.94415123418794 assert created_map.center.y == 48.94415123418794
assert j["permissions"] == { assert j["permissions"] == {
"edit_status": 3,
"share_status": 1, "share_status": 1,
"owner": {"id": user.pk, "name": "Joe", "url": "/en/user/Joe/"}, "owner": {"id": user.pk, "name": "Joe", "url": "/en/user/Joe/"},
"editors": [], "editors": [],
@ -167,24 +166,20 @@ def test_user_not_allowed_should_not_clone_map(client, map, user, settings):
settings.UMAP_ALLOW_ANONYMOUS = False settings.UMAP_ALLOW_ANONYMOUS = False
assert Map.objects.count() == 1 assert Map.objects.count() == 1
url = reverse("map_clone", kwargs={"map_id": map.pk}) url = reverse("map_clone", kwargs={"map_id": map.pk})
map.edit_status = map.OWNER
map.save()
response = client.post(url) response = client.post(url)
assert login_required(response) assert login_required(response)
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
response = client.post(url) response = client.post(url)
assert response.status_code == 403 assert response.status_code == 403
map.edit_status = map.ANONYMOUS
map.save()
client.logout() client.logout()
response = client.post(url) response = client.post(url)
assert response.status_code == 403 assert response.status_code == 200
assert "login_required" in json.loads(response.content)
assert Map.objects.count() == 1 assert Map.objects.count() == 1
def test_clone_should_set_cloner_as_owner(client, map, user): def test_clone_should_set_cloner_as_owner(client, map, user):
url = reverse("map_clone", kwargs={"map_id": map.pk}) url = reverse("map_clone", kwargs={"map_id": map.pk})
map.edit_status = map.EDITORS
map.editors.add(user) map.editors.add(user)
map.save() map.save()
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
@ -302,19 +297,19 @@ def test_only_owner_can_delete(client, map, user):
assert response.status_code == 403 assert response.status_code == 403
def test_map_editors_do_not_see_owner_change_input(client, map, user): def test_map_editors_cannot_change_owner(client, map, user):
owner = map.owner
map.editors.add(user) map.editors.add(user)
map.edit_status = map.EDITORS
map.save() map.save()
url = reverse("map_update_permissions", kwargs={"map_id": map.pk}) url = reverse("map_update_permissions", kwargs={"map_id": map.pk})
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
response = client.get(url) response = client.post(url, data={"owner": user.pk})
assert "id_owner" not in response assert response.status_code == 200
assert map.owner == owner
def test_logged_in_user_can_edit_map_editable_by_anonymous(client, map, user): def test_logged_in_user_cannot_edit_map(client, map, user):
map.owner = None map.owner = None
map.edit_status = map.ANONYMOUS
map.save() map.save()
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
url = reverse("map_update", kwargs={"map_id": map.pk}) url = reverse("map_update", kwargs={"map_id": map.pk})
@ -324,8 +319,7 @@ def test_logged_in_user_can_edit_map_editable_by_anonymous(client, map, user):
"name": new_name, "name": new_name,
} }
response = client.post(url, data) response = client.post(url, data)
assert response.status_code == 200 assert response.status_code == 403
assert Map.objects.get(pk=map.pk).name == new_name
@pytest.mark.usefixtures("allow_anonymous") @pytest.mark.usefixtures("allow_anonymous")
@ -422,13 +416,9 @@ def test_bad_anonymous_edit_url_should_return_403(cookieclient, anonymap):
@pytest.mark.usefixtures("allow_anonymous") @pytest.mark.usefixtures("allow_anonymous")
def test_clone_anonymous_map_should_not_be_possible_if_user_is_not_allowed( def test_clone_anonymous_map_should_not_be_possible(client, anonymap, user): # noqa
client, anonymap, user
): # noqa
assert Map.objects.count() == 1 assert Map.objects.count() == 1
url = reverse("map_clone", kwargs={"map_id": anonymap.pk}) url = reverse("map_clone", kwargs={"map_id": anonymap.pk})
anonymap.edit_status = anonymap.OWNER
anonymap.save()
response = client.post(url) response = client.post(url)
assert response.status_code == 403 assert response.status_code == 403
client.login(username=user.username, password="123123") client.login(username=user.username, password="123123")
@ -437,23 +427,6 @@ def test_clone_anonymous_map_should_not_be_possible_if_user_is_not_allowed(
assert Map.objects.count() == 1 assert Map.objects.count() == 1
@pytest.mark.usefixtures("allow_anonymous")
def test_clone_map_should_be_possible_if_edit_status_is_anonymous(
client, anonymap
): # noqa
assert Map.objects.count() == 1
url = reverse("map_clone", kwargs={"map_id": anonymap.pk})
anonymap.edit_status = anonymap.ANONYMOUS
anonymap.save()
response = client.post(url)
assert response.status_code == 200
assert Map.objects.count() == 2
clone = Map.objects.latest("pk")
assert clone.pk != anonymap.pk
assert clone.name == "Clone of " + anonymap.name
assert clone.owner is None
@pytest.mark.usefixtures("allow_anonymous") @pytest.mark.usefixtures("allow_anonymous")
def test_anyone_can_access_anonymous_map(cookieclient, anonymap): def test_anyone_can_access_anonymous_map(cookieclient, anonymap):
url = reverse("map", args=(anonymap.slug, anonymap.pk)) url = reverse("map", args=(anonymap.slug, anonymap.pk))

1
umap/tests/test_views.py
View file

@ -282,7 +282,6 @@ def test_user_dashboard_display_user_maps(client, map):
assert f"{map.get_absolute_url()}?share" in body assert f"{map.get_absolute_url()}?share" in body
assert f"{map.get_absolute_url()}?download" in body assert f"{map.get_absolute_url()}?download" in body
assert "Everyone (public)" in body assert "Everyone (public)" in body
assert "Owner only" in body
@pytest.mark.django_db @pytest.mark.django_db