diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/admin_views/custom_has_permission_admin.py | 33 | ||||
| -rw-r--r-- | tests/admin_views/fixtures/admin-views-users.xml | 14 | ||||
| -rw-r--r-- | tests/admin_views/tests.py | 36 | ||||
| -rw-r--r-- | tests/admin_views/urls.py | 3 |
4 files changed, 85 insertions, 1 deletions
diff --git a/tests/admin_views/custom_has_permission_admin.py b/tests/admin_views/custom_has_permission_admin.py new file mode 100644 index 0000000000..6c15a9805a --- /dev/null +++ b/tests/admin_views/custom_has_permission_admin.py @@ -0,0 +1,33 @@ +""" +A custom AdminSite for AdminViewPermissionsTest.test_login_has_permission(). +""" +from __future__ import unicode_literals + +from django.contrib import admin +from django.contrib.auth import get_permission_codename +from django.contrib.auth.forms import AuthenticationForm + +from . import models, admin as base_admin + +PERMISSION_NAME = 'admin_views.%s' % get_permission_codename('change', models.Article._meta) + + +class PermissionAdminAuthenticationForm(AuthenticationForm): + def confirm_login_allowed(self, user): + from django import forms + if not user.is_active or not (user.is_staff or user.has_perm(PERMISSION_NAME)): + raise forms.ValidationError('permission denied') + + +class HasPermissionAdmin(admin.AdminSite): + login_form = PermissionAdminAuthenticationForm + + def has_permission(self, request): + return ( + request.user.is_active and + (request.user.is_staff or request.user.has_perm(PERMISSION_NAME)) + ) + + +site = HasPermissionAdmin(name="has_permission_admin") +site.register(models.Article, base_admin.ArticleAdmin) diff --git a/tests/admin_views/fixtures/admin-views-users.xml b/tests/admin_views/fixtures/admin-views-users.xml index 1c85e1c909..0b951b4e28 100644 --- a/tests/admin_views/fixtures/admin-views-users.xml +++ b/tests/admin_views/fixtures/admin-views-users.xml @@ -70,6 +70,20 @@ <field to="auth.group" name="groups" rel="ManyToManyRel"></field> <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> </object> + <object pk="106" model="auth.user"> + <field type="CharField" name="username">nostaff</field> + <field type="CharField" name="first_name">No</field> + <field type="CharField" name="last_name">Staff</field> + <field type="CharField" name="email">nostaff@example.com</field> + <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field> + <field type="BooleanField" name="is_staff">False</field> + <field type="BooleanField" name="is_active">True</field> + <field type="BooleanField" name="is_superuser">False</field> + <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field> + <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field> + <field to="auth.group" name="groups" rel="ManyToManyRel"></field> + <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field> + </object> <object pk="1" model="admin_views.section"> <field type="CharField" name="name">Test section</field> </object> diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 9a36c9afe8..fda1531139 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -1091,6 +1091,9 @@ class AdminViewPermissionsTest(TestCase): change_user = User.objects.get(username='changeuser') change_user.user_permissions.add(get_perm(Article, get_permission_codename('change', opts))) + change_user2 = User.objects.get(username='nostaff') + change_user2.user_permissions.add(get_perm(Article, + get_permission_codename('change', opts))) # User who can delete Articles delete_user = User.objects.get(username='deleteuser') @@ -1131,6 +1134,11 @@ class AdminViewPermissionsTest(TestCase): 'username': 'deleteuser', 'password': 'secret', } + self.nostaff_login = { + REDIRECT_FIELD_NAME: '/test_admin/has_permission_admin/', + 'username': 'nostaff', + 'password': 'secret', + } self.joepublic_login = { REDIRECT_FIELD_NAME: '/test_admin/admin/', 'username': 'joepublic', @@ -1211,6 +1219,34 @@ class AdminViewPermissionsTest(TestCase): form = login.context[0].get('form') self.assertEqual(form.errors['username'][0], 'This field is required.') + def test_login_has_permission(self): + # Regular User should not be able to login. + response = self.client.get('/test_admin/has_permission_admin/') + self.assertEqual(response.status_code, 302) + login = self.client.post('/test_admin/has_permission_admin/login/', self.joepublic_login) + self.assertEqual(login.status_code, 200) + self.assertContains(login, 'permission denied') + + # User with permissions should be able to login. + response = self.client.get('/test_admin/has_permission_admin/') + self.assertEqual(response.status_code, 302) + login = self.client.post('/test_admin/has_permission_admin/login/', self.nostaff_login) + self.assertRedirects(login, '/test_admin/has_permission_admin/') + self.assertFalse(login.context) + self.client.get('/test_admin/has_permission_admin/logout/') + + # Staff should be able to login. + response = self.client.get('/test_admin/has_permission_admin/') + self.assertEqual(response.status_code, 302) + login = self.client.post('/test_admin/has_permission_admin/login/', { + REDIRECT_FIELD_NAME: '/test_admin/has_permission_admin/', + 'username': 'deleteuser', + 'password': 'secret', + }) + self.assertRedirects(login, '/test_admin/has_permission_admin/') + self.assertFalse(login.context) + self.client.get('/test_admin/has_permission_admin/logout/') + def test_login_successfully_redirects_to_original_URL(self): response = self.client.get('/test_admin/admin/') self.assertEqual(response.status_code, 302) diff --git a/tests/admin_views/urls.py b/tests/admin_views/urls.py index a9fa71040c..6c2442d520 100644 --- a/tests/admin_views/urls.py +++ b/tests/admin_views/urls.py @@ -1,6 +1,6 @@ from django.conf.urls import include, url -from . import views, customadmin, admin +from . import views, customadmin, custom_has_permission_admin, admin urlpatterns = [ @@ -12,4 +12,5 @@ urlpatterns = [ url(r'^test_admin/admin4/', include(customadmin.simple_site.urls)), url(r'^test_admin/admin5/', include(admin.site2.urls)), url(r'^test_admin/admin7/', include(admin.site7.urls)), + url(r'^test_admin/has_permission_admin/', include(custom_has_permission_admin.site.urls)), ] |
