summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/admin_views/custom_has_permission_admin.py33
-rw-r--r--tests/admin_views/fixtures/admin-views-users.xml14
-rw-r--r--tests/admin_views/tests.py36
-rw-r--r--tests/admin_views/urls.py3
4 files changed, 85 insertions, 1 deletions
diff --git a/tests/admin_views/custom_has_permission_admin.py b/tests/admin_views/custom_has_permission_admin.py
new file mode 100644
index 0000000000..6c15a9805a
--- /dev/null
+++ b/tests/admin_views/custom_has_permission_admin.py
@@ -0,0 +1,33 @@
+"""
+A custom AdminSite for AdminViewPermissionsTest.test_login_has_permission().
+"""
+from __future__ import unicode_literals
+
+from django.contrib import admin
+from django.contrib.auth import get_permission_codename
+from django.contrib.auth.forms import AuthenticationForm
+
+from . import models, admin as base_admin
+
+PERMISSION_NAME = 'admin_views.%s' % get_permission_codename('change', models.Article._meta)
+
+
+class PermissionAdminAuthenticationForm(AuthenticationForm):
+ def confirm_login_allowed(self, user):
+ from django import forms
+ if not user.is_active or not (user.is_staff or user.has_perm(PERMISSION_NAME)):
+ raise forms.ValidationError('permission denied')
+
+
+class HasPermissionAdmin(admin.AdminSite):
+ login_form = PermissionAdminAuthenticationForm
+
+ def has_permission(self, request):
+ return (
+ request.user.is_active and
+ (request.user.is_staff or request.user.has_perm(PERMISSION_NAME))
+ )
+
+
+site = HasPermissionAdmin(name="has_permission_admin")
+site.register(models.Article, base_admin.ArticleAdmin)
diff --git a/tests/admin_views/fixtures/admin-views-users.xml b/tests/admin_views/fixtures/admin-views-users.xml
index 1c85e1c909..0b951b4e28 100644
--- a/tests/admin_views/fixtures/admin-views-users.xml
+++ b/tests/admin_views/fixtures/admin-views-users.xml
@@ -70,6 +70,20 @@
<field to="auth.group" name="groups" rel="ManyToManyRel"></field>
<field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
</object>
+ <object pk="106" model="auth.user">
+ <field type="CharField" name="username">nostaff</field>
+ <field type="CharField" name="first_name">No</field>
+ <field type="CharField" name="last_name">Staff</field>
+ <field type="CharField" name="email">nostaff@example.com</field>
+ <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
+ <field type="BooleanField" name="is_staff">False</field>
+ <field type="BooleanField" name="is_active">True</field>
+ <field type="BooleanField" name="is_superuser">False</field>
+ <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
+ <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
+ <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
+ <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
+ </object>
<object pk="1" model="admin_views.section">
<field type="CharField" name="name">Test section</field>
</object>
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 9a36c9afe8..fda1531139 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -1091,6 +1091,9 @@ class AdminViewPermissionsTest(TestCase):
change_user = User.objects.get(username='changeuser')
change_user.user_permissions.add(get_perm(Article,
get_permission_codename('change', opts)))
+ change_user2 = User.objects.get(username='nostaff')
+ change_user2.user_permissions.add(get_perm(Article,
+ get_permission_codename('change', opts)))
# User who can delete Articles
delete_user = User.objects.get(username='deleteuser')
@@ -1131,6 +1134,11 @@ class AdminViewPermissionsTest(TestCase):
'username': 'deleteuser',
'password': 'secret',
}
+ self.nostaff_login = {
+ REDIRECT_FIELD_NAME: '/test_admin/has_permission_admin/',
+ 'username': 'nostaff',
+ 'password': 'secret',
+ }
self.joepublic_login = {
REDIRECT_FIELD_NAME: '/test_admin/admin/',
'username': 'joepublic',
@@ -1211,6 +1219,34 @@ class AdminViewPermissionsTest(TestCase):
form = login.context[0].get('form')
self.assertEqual(form.errors['username'][0], 'This field is required.')
+ def test_login_has_permission(self):
+ # Regular User should not be able to login.
+ response = self.client.get('/test_admin/has_permission_admin/')
+ self.assertEqual(response.status_code, 302)
+ login = self.client.post('/test_admin/has_permission_admin/login/', self.joepublic_login)
+ self.assertEqual(login.status_code, 200)
+ self.assertContains(login, 'permission denied')
+
+ # User with permissions should be able to login.
+ response = self.client.get('/test_admin/has_permission_admin/')
+ self.assertEqual(response.status_code, 302)
+ login = self.client.post('/test_admin/has_permission_admin/login/', self.nostaff_login)
+ self.assertRedirects(login, '/test_admin/has_permission_admin/')
+ self.assertFalse(login.context)
+ self.client.get('/test_admin/has_permission_admin/logout/')
+
+ # Staff should be able to login.
+ response = self.client.get('/test_admin/has_permission_admin/')
+ self.assertEqual(response.status_code, 302)
+ login = self.client.post('/test_admin/has_permission_admin/login/', {
+ REDIRECT_FIELD_NAME: '/test_admin/has_permission_admin/',
+ 'username': 'deleteuser',
+ 'password': 'secret',
+ })
+ self.assertRedirects(login, '/test_admin/has_permission_admin/')
+ self.assertFalse(login.context)
+ self.client.get('/test_admin/has_permission_admin/logout/')
+
def test_login_successfully_redirects_to_original_URL(self):
response = self.client.get('/test_admin/admin/')
self.assertEqual(response.status_code, 302)
diff --git a/tests/admin_views/urls.py b/tests/admin_views/urls.py
index a9fa71040c..6c2442d520 100644
--- a/tests/admin_views/urls.py
+++ b/tests/admin_views/urls.py
@@ -1,6 +1,6 @@
from django.conf.urls import include, url
-from . import views, customadmin, admin
+from . import views, customadmin, custom_has_permission_admin, admin
urlpatterns = [
@@ -12,4 +12,5 @@ urlpatterns = [
url(r'^test_admin/admin4/', include(customadmin.simple_site.urls)),
url(r'^test_admin/admin5/', include(admin.site2.urls)),
url(r'^test_admin/admin7/', include(admin.site7.urls)),
+ url(r'^test_admin/has_permission_admin/', include(custom_has_permission_admin.site.urls)),
]