diff options
| author | olivierdalang <olivier.dalang@gmail.com> | 2018-05-02 20:39:12 +1200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-05-16 06:44:55 -0400 |
| commit | 825f0beda804e48e9197fcf3b0d909f9f548aa47 (patch) | |
| tree | be5036c256efa1cd06a72b3265ed97884afc39cb /tests | |
| parent | 35b6a348dea6b019679fe35fd443be875bdb028e (diff) | |
Fixed #8936 -- Added a view permission and a read-only admin.
Co-authored-by: Petr Dlouhy <petr.dlouhy@email.cz>
Co-authored-by: Olivier Dalang <olivier.dalang@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/admin_changelist/test_date_hierarchy.py | 6 | ||||
| -rw-r--r-- | tests/admin_changelist/tests.py | 39 | ||||
| -rw-r--r-- | tests/admin_filters/tests.py | 57 | ||||
| -rw-r--r-- | tests/admin_views/admin.py | 4 | ||||
| -rw-r--r-- | tests/admin_views/test_templatetags.py | 4 | ||||
| -rw-r--r-- | tests/admin_views/tests.py | 147 | ||||
| -rw-r--r-- | tests/auth_tests/test_management.py | 4 | ||||
| -rw-r--r-- | tests/modeladmin/tests.py | 44 |
8 files changed, 296 insertions, 9 deletions
diff --git a/tests/admin_changelist/test_date_hierarchy.py b/tests/admin_changelist/test_date_hierarchy.py index 96590ccc82..f19e38f9bf 100644 --- a/tests/admin_changelist/test_date_hierarchy.py +++ b/tests/admin_changelist/test_date_hierarchy.py @@ -1,6 +1,7 @@ from datetime import datetime from django.contrib.admin.options import IncorrectLookupParameters +from django.contrib.auth.models import User from django.test import RequestFactory, TestCase from django.utils.timezone import make_aware @@ -11,9 +12,14 @@ from .models import Event class DateHierarchyTests(TestCase): factory = RequestFactory() + @classmethod + def setUpTestData(cls): + cls.superuser = User.objects.create_superuser(username='super', email='a@b.com', password='xxx') + def assertDateParams(self, query, expected_from_date, expected_to_date): query = {'date__%s' % field: val for field, val in query.items()} request = self.factory.get('/', query) + request.user = self.superuser changelist = EventAdmin(Event, custom_site).get_changelist_instance(request) _, _, lookup_params, _ = changelist.get_filters(request) self.assertEqual(lookup_params['date__gte'], expected_from_date) diff --git a/tests/admin_changelist/tests.py b/tests/admin_changelist/tests.py index 68aaa78996..20587613a7 100644 --- a/tests/admin_changelist/tests.py +++ b/tests/admin_changelist/tests.py @@ -50,6 +50,7 @@ class ChangeListTests(TestCase): def setUp(self): self.factory = RequestFactory() + self.superuser = User.objects.create_superuser(username='super', email='a@b.com', password='xxx') def _create_superuser(self, username): return User.objects.create_superuser(username=username, email='a@b.com', password='xxx') @@ -70,6 +71,7 @@ class ChangeListTests(TestCase): m = OrderedByFBandAdmin(Band, custom_site) request = self.factory.get('/band/') + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertEqual(cl.get_ordering_field_columns(), {3: 'desc', 2: 'asc'}) @@ -80,12 +82,14 @@ class ChangeListTests(TestCase): """ m = ChildAdmin(Child, custom_site) request = self.factory.get('/child/') + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertEqual(cl.queryset.query.select_related, {'parent': {}}) def test_select_related_as_tuple(self): ia = InvitationAdmin(Invitation, custom_site) request = self.factory.get('/invitation/') + request.user = self.superuser cl = ia.get_changelist_instance(request) self.assertEqual(cl.queryset.query.select_related, {'player': {}}) @@ -93,6 +97,7 @@ class ChangeListTests(TestCase): ia = InvitationAdmin(Invitation, custom_site) ia.list_select_related = () request = self.factory.get('/invitation/') + request.user = self.superuser cl = ia.get_changelist_instance(request) self.assertIs(cl.queryset.query.select_related, False) @@ -105,6 +110,7 @@ class ChangeListTests(TestCase): ia = GetListSelectRelatedAdmin(Invitation, custom_site) request = self.factory.get('/invitation/') + request.user = self.superuser cl = ia.get_changelist_instance(request) self.assertEqual(cl.queryset.query.select_related, {'player': {}, 'band': {}}) @@ -115,6 +121,7 @@ class ChangeListTests(TestCase): """ new_child = Child.objects.create(name='name', parent=None) request = self.factory.get('/child/') + request.user = self.superuser m = ChildAdmin(Child, custom_site) cl = m.get_changelist_instance(request) cl.formset = None @@ -131,6 +138,7 @@ class ChangeListTests(TestCase): """ new_child = Child.objects.create(name='name', parent=None) request = self.factory.get('/child/') + request.user = self.superuser # Set a new empty display value on AdminSite. admin.site.empty_value_display = '???' m = ChildAdmin(Child, admin.site) @@ -149,6 +157,7 @@ class ChangeListTests(TestCase): """ new_child = Child.objects.create(name='name', parent=None) request = self.factory.get('/child/') + request.user = self.superuser m = EmptyValueChildAdmin(Child, admin.site) cl = m.get_changelist_instance(request) cl.formset = None @@ -172,6 +181,7 @@ class ChangeListTests(TestCase): new_parent = Parent.objects.create(name='parent') new_child = Child.objects.create(name='name', parent=new_parent) request = self.factory.get('/child/') + request.user = self.superuser m = ChildAdmin(Child, custom_site) cl = m.get_changelist_instance(request) cl.formset = None @@ -194,6 +204,7 @@ class ChangeListTests(TestCase): new_parent = Parent.objects.create(name='parent') new_child = Child.objects.create(name='name', parent=new_parent) request = self.factory.get('/child/') + request.user = self.superuser m = ChildAdmin(Child, custom_site) # Test with list_editable fields @@ -233,6 +244,7 @@ class ChangeListTests(TestCase): for i in range(200): Child.objects.create(name='name %s' % i, parent=new_parent) request = self.factory.get('/child/', data={'p': -1}) # Anything outside range + request.user = self.superuser m = ChildAdmin(Child, custom_site) # Test with list_editable fields @@ -248,6 +260,7 @@ class ChangeListTests(TestCase): Child.objects.create(name='name %s' % i, parent=new_parent) request = self.factory.get('/child/') + request.user = self.superuser m = CustomPaginationAdmin(Child, custom_site) cl = m.get_changelist_instance(request) @@ -267,6 +280,7 @@ class ChangeListTests(TestCase): m = BandAdmin(Band, custom_site) request = self.factory.get('/band/', data={'genres': blues.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) cl.get_results(request) @@ -286,6 +300,7 @@ class ChangeListTests(TestCase): m = GroupAdmin(Group, custom_site) request = self.factory.get('/group/', data={'members': lead.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) cl.get_results(request) @@ -307,6 +322,7 @@ class ChangeListTests(TestCase): m = ConcertAdmin(Concert, custom_site) request = self.factory.get('/concert/', data={'group__members': lead.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) cl.get_results(request) @@ -327,6 +343,7 @@ class ChangeListTests(TestCase): m = QuartetAdmin(Quartet, custom_site) request = self.factory.get('/quartet/', data={'members': lead.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) cl.get_results(request) @@ -347,6 +364,7 @@ class ChangeListTests(TestCase): m = ChordsBandAdmin(ChordsBand, custom_site) request = self.factory.get('/chordsband/', data={'members': lead.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) cl.get_results(request) @@ -366,6 +384,7 @@ class ChangeListTests(TestCase): m = ParentAdmin(Parent, custom_site) request = self.factory.get('/parent/', data={'child__name': 'Daniel'}) + request.user = self.superuser cl = m.get_changelist_instance(request) # Make sure distinct() was called @@ -382,6 +401,7 @@ class ChangeListTests(TestCase): m = ParentAdmin(Parent, custom_site) request = self.factory.get('/parent/', data={SEARCH_VAR: 'daniel'}) + request.user = self.superuser cl = m.get_changelist_instance(request) # Make sure distinct() was called @@ -401,6 +421,7 @@ class ChangeListTests(TestCase): m = ConcertAdmin(Concert, custom_site) request = self.factory.get('/concert/', data={SEARCH_VAR: 'vox'}) + request.user = self.superuser cl = m.get_changelist_instance(request) # There's only one Concert instance @@ -414,10 +435,12 @@ class ChangeListTests(TestCase): m.search_fields = ['group__pk'] request = self.factory.get('/concert/', data={SEARCH_VAR: band.pk}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertEqual(cl.queryset.count(), 1) request = self.factory.get('/concert/', data={SEARCH_VAR: band.pk + 5}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertEqual(cl.queryset.count(), 0) @@ -429,10 +452,12 @@ class ChangeListTests(TestCase): m.search_fields = ['name__iexact'] request = self.factory.get('/', data={SEARCH_VAR: 'woodstock'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, [concert]) request = self.factory.get('/', data={SEARCH_VAR: 'wood'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, []) @@ -445,10 +470,12 @@ class ChangeListTests(TestCase): Field.register_lookup(Contains, 'cc') try: request = self.factory.get('/', data={SEARCH_VAR: 'Hype'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, [concert]) request = self.factory.get('/', data={SEARCH_VAR: 'Woodstock'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, []) finally: @@ -467,10 +494,12 @@ class ChangeListTests(TestCase): m.search_fields = ['group__members__age__exactly'] request = self.factory.get('/', data={SEARCH_VAR: '20'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, [concert]) request = self.factory.get('/', data={SEARCH_VAR: '21'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, []) finally: @@ -486,10 +515,12 @@ class ChangeListTests(TestCase): m.search_fields = ['pk__exact'] request = self.factory.get('/', data={SEARCH_VAR: 'abc'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, [abc]) request = self.factory.get('/', data={SEARCH_VAR: 'abcd'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertCountEqual(cl.queryset, [abcd]) @@ -501,11 +532,13 @@ class ChangeListTests(TestCase): m = BandAdmin(Band, custom_site) for lookup_params in ({}, {'name': 'test'}): request = self.factory.get('/band/', lookup_params) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertFalse(cl.queryset.query.distinct) # A ManyToManyField in params does have distinct applied. request = self.factory.get('/band/', {'genres': '0'}) + request.user = self.superuser cl = m.get_changelist_instance(request) self.assertTrue(cl.queryset.query.distinct) @@ -520,6 +553,7 @@ class ChangeListTests(TestCase): Child.objects.create(name='filtered %s' % i, parent=parent) request = self.factory.get('/child/') + request.user = self.superuser # Test default queryset m = ChildAdmin(Child, custom_site) @@ -540,8 +574,7 @@ class ChangeListTests(TestCase): Regression test for #13196: output of functions should be localized in the changelist. """ - superuser = User.objects.create_superuser(username='super', email='super@localhost', password='secret') - self.client.force_login(superuser) + self.client.force_login(self.superuser) event = Event.objects.create(date=datetime.date.today()) response = self.client.get(reverse('admin:admin_changelist_event_changelist')) self.assertContains(response, formats.localize(event.date)) @@ -597,6 +630,7 @@ class ChangeListTests(TestCase): # Add "show all" parameter to request request = self.factory.get('/child/', data={ALL_VAR: ''}) + request.user = self.superuser # Test valid "show all" request (number of total objects is under max) m = ChildAdmin(Child, custom_site) @@ -856,6 +890,7 @@ class ChangeListTests(TestCase): # instantiating and setting up ChangeList object m = GroupAdmin(Group, custom_site) request = self.factory.get('/group/') + request.user = self.superuser cl = m.get_changelist_instance(request) per_page = cl.list_per_page = 10 diff --git a/tests/admin_filters/tests.py b/tests/admin_filters/tests.py index 554b1a4e23..2e16909dc3 100644 --- a/tests/admin_filters/tests.py +++ b/tests/admin_filters/tests.py @@ -263,7 +263,7 @@ class ListFiltersTests(TestCase): self.request_factory = RequestFactory() # Users - self.alfred = User.objects.create_user('alfred', 'alfred@example.com') + self.alfred = User.objects.create_superuser('alfred', 'alfred@example.com', 'password') self.bob = User.objects.create_user('bob', 'bob@example.com') self.lisa = User.objects.create_user('lisa', 'lisa@example.com') @@ -308,6 +308,7 @@ class ListFiltersTests(TestCase): modeladmin = BookmarkChoicesAdmin(Bookmark, site) request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) filterspec = changelist.get_filters(request)[0][0] choices = list(filterspec.choices(changelist)) @@ -318,10 +319,12 @@ class ListFiltersTests(TestCase): modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist(request) request = self.request_factory.get('/', {'date_registered__gte': self.today, 'date_registered__lt': self.tomorrow}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -343,6 +346,7 @@ class ListFiltersTests(TestCase): request = self.request_factory.get('/', {'date_registered__gte': self.today.replace(day=1), 'date_registered__lt': self.next_month}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -368,6 +372,7 @@ class ListFiltersTests(TestCase): request = self.request_factory.get('/', {'date_registered__gte': self.today.replace(month=1, day=1), 'date_registered__lt': self.next_year}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -395,6 +400,7 @@ class ListFiltersTests(TestCase): 'date_registered__gte': str(self.one_week_ago), 'date_registered__lt': str(self.tomorrow), }) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -416,6 +422,7 @@ class ListFiltersTests(TestCase): # Null/not null queries request = self.request_factory.get('/', {'date_registered__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -431,6 +438,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choice['query_string'], '?date_registered__isnull=True') request = self.request_factory.get('/', {'date_registered__isnull': 'False'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -459,6 +467,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/', {'year__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -473,6 +482,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choices[-1]['query_string'], '?year__isnull=True') request = self.request_factory.get('/', {'year': '2002'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct choice is selected @@ -486,6 +496,7 @@ class ListFiltersTests(TestCase): # Make sure that correct filters are returned with custom querysets modeladmin = BookAdminWithCustomQueryset(self.alfred, Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) filterspec = changelist.get_filters(request)[0][0] @@ -502,6 +513,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure that all users are present in the author's list filter @@ -510,6 +522,7 @@ class ListFiltersTests(TestCase): self.assertEqual(sorted(filterspec.lookup_choices), sorted(expected)) request = self.request_factory.get('/', {'author__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -524,6 +537,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choices[-1]['query_string'], '?author__isnull=True') request = self.request_factory.get('/', {'author__id__exact': self.alfred.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct choice is selected @@ -538,6 +552,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure that all users are present in the contrib's list filter @@ -546,6 +561,7 @@ class ListFiltersTests(TestCase): self.assertEqual(sorted(filterspec.lookup_choices), sorted(expected)) request = self.request_factory.get('/', {'contributors__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -560,6 +576,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choices[-1]['query_string'], '?contributors__isnull=True') request = self.request_factory.get('/', {'contributors__id__exact': self.bob.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct choice is selected @@ -574,6 +591,7 @@ class ListFiltersTests(TestCase): # FK relationship ----- request = self.request_factory.get('/', {'books_authored__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -588,6 +606,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choices[-1]['query_string'], '?books_authored__isnull=True') request = self.request_factory.get('/', {'books_authored__id__exact': self.bio_book.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct choice is selected @@ -599,6 +618,7 @@ class ListFiltersTests(TestCase): # M2M relationship ----- request = self.request_factory.get('/', {'books_contributed__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -613,6 +633,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choices[-1]['query_string'], '?books_contributed__isnull=True') request = self.request_factory.get('/', {'books_contributed__id__exact': self.django_book.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct choice is selected @@ -636,6 +657,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdminRelatedOnlyFilter(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure that only actual authors are present in author's list filter @@ -652,6 +674,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdminRelatedOnlyFilter(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Only actual departments should be present in employee__department's @@ -667,6 +690,7 @@ class ListFiltersTests(TestCase): modeladmin = BookAdminRelatedOnlyFilter(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure that only actual contributors are present in contrib's list filter @@ -686,6 +710,7 @@ class ListFiltersTests(TestCase): modeladmin = BookmarkAdminGenericRelation(Bookmark, site) request = self.request_factory.get('/', {'tags__tag': 'python'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) queryset = changelist.get_queryset(request) @@ -702,9 +727,11 @@ class ListFiltersTests(TestCase): def verify_booleanfieldlistfilter(self, modeladmin): request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) request = self.request_factory.get('/', {'is_best_seller__exact': 0}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -719,6 +746,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choice['query_string'], '?is_best_seller__exact=0') request = self.request_factory.get('/', {'is_best_seller__exact': 1}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -733,6 +761,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choice['query_string'], '?is_best_seller__exact=1') request = self.request_factory.get('/', {'is_best_seller__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -750,9 +779,11 @@ class ListFiltersTests(TestCase): modeladmin = BookAdmin2(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) request = self.request_factory.get('/', {'is_best_seller2__exact': 0}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -767,6 +798,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choice['query_string'], '?is_best_seller2__exact=0') request = self.request_factory.get('/', {'is_best_seller2__exact': 1}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -781,6 +813,7 @@ class ListFiltersTests(TestCase): self.assertEqual(choice['query_string'], '?is_best_seller2__exact=1') request = self.request_factory.get('/', {'is_best_seller2__isnull': 'True'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -801,9 +834,11 @@ class ListFiltersTests(TestCase): """ modeladmin = BookAdminWithUnderscoreLookupAndTuple(Book, site) request = self.request_factory.get('/') + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) request = self.request_factory.get('/', {'author__email': 'alfred@example.com'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -814,6 +849,7 @@ class ListFiltersTests(TestCase): """Filtering by an invalid value.""" modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/', {'author__id__exact': 'StringNotInteger!'}) + request.user = self.alfred with self.assertRaises(IncorrectLookupParameters): modeladmin.get_changelist_instance(request) @@ -822,6 +858,7 @@ class ListFiltersTests(TestCase): # Make sure that the first option is 'All' --------------------------- request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -838,6 +875,7 @@ class ListFiltersTests(TestCase): # Look for books in the 1980s ---------------------------------------- request = self.request_factory.get('/', {'publication-decade': 'the 80s'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -854,6 +892,7 @@ class ListFiltersTests(TestCase): # Look for books in the 1990s ---------------------------------------- request = self.request_factory.get('/', {'publication-decade': 'the 90s'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -870,6 +909,7 @@ class ListFiltersTests(TestCase): # Look for books in the 2000s ---------------------------------------- request = self.request_factory.get('/', {'publication-decade': 'the 00s'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -886,6 +926,7 @@ class ListFiltersTests(TestCase): # Combine multiple filters ------------------------------------------- request = self.request_factory.get('/', {'publication-decade': 'the 00s', 'author__id__exact': self.alfred.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -915,6 +956,7 @@ class ListFiltersTests(TestCase): """ modeladmin = DecadeFilterBookAdminWithoutTitle(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred msg = "The list filter 'DecadeListFilterWithoutTitle' does not specify a 'title'." with self.assertRaisesMessage(ImproperlyConfigured, msg): modeladmin.get_changelist_instance(request) @@ -925,6 +967,7 @@ class ListFiltersTests(TestCase): """ modeladmin = DecadeFilterBookAdminWithoutParameter(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred msg = "The list filter 'DecadeListFilterWithoutParameter' does not specify a 'parameter_name'." with self.assertRaisesMessage(ImproperlyConfigured, msg): modeladmin.get_changelist_instance(request) @@ -936,6 +979,7 @@ class ListFiltersTests(TestCase): """ modeladmin = DecadeFilterBookAdminWithNoneReturningLookups(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) filterspec = changelist.get_filters(request)[0] self.assertEqual(len(filterspec), 0) @@ -947,12 +991,14 @@ class ListFiltersTests(TestCase): """ modeladmin = DecadeFilterBookAdminWithFailingQueryset(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred with self.assertRaises(ZeroDivisionError): modeladmin.get_changelist_instance(request) def test_simplelistfilter_with_queryset_based_lookups(self): modeladmin = DecadeFilterBookAdminWithQuerysetBasedLookups(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) filterspec = changelist.get_filters(request)[0][0] @@ -978,6 +1024,7 @@ class ListFiltersTests(TestCase): """ modeladmin = BookAdmin(Book, site) request = self.request_factory.get('/', {'no': '207'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -998,6 +1045,7 @@ class ListFiltersTests(TestCase): # When it ends with '__in' ----------------------------------------- modeladmin = DecadeFilterBookAdminParameterEndsWith__In(Book, site) request = self.request_factory.get('/', {'decade__in': 'the 90s'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -1015,6 +1063,7 @@ class ListFiltersTests(TestCase): # When it ends with '__isnull' --------------------------------------- modeladmin = DecadeFilterBookAdminParameterEndsWith__Isnull(Book, site) request = self.request_factory.get('/', {'decade__isnull': 'the 90s'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -1036,6 +1085,7 @@ class ListFiltersTests(TestCase): """ modeladmin = DepartmentFilterEmployeeAdmin(Employee, site) request = self.request_factory.get('/', {'department': self.john.department.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) queryset = changelist.get_queryset(request) @@ -1056,6 +1106,7 @@ class ListFiltersTests(TestCase): """ modeladmin = DepartmentFilterUnderscoredEmployeeAdmin(Employee, site) request = self.request_factory.get('/', {'department__whatever': self.john.department.pk}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) queryset = changelist.get_queryset(request) @@ -1076,6 +1127,7 @@ class ListFiltersTests(TestCase): modeladmin = EmployeeAdmin(Employee, site) request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -1101,6 +1153,7 @@ class ListFiltersTests(TestCase): # Filter by Department=='Development' -------------------------------- request = self.request_factory.get('/', {'department__code__exact': 'DEV'}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) # Make sure the correct queryset is returned @@ -1130,6 +1183,7 @@ class ListFiltersTests(TestCase): modeladmin = DepartmentFilterDynamicValueBookAdmin(Book, site) def _test_choices(request, expected_displays): + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) filterspec = changelist.get_filters(request)[0][0] self.assertEqual(filterspec.title, 'publication decade') @@ -1152,6 +1206,7 @@ class ListFiltersTests(TestCase): """ modeladmin = NotNinetiesListFilterAdmin(Book, site) request = self.request_factory.get('/', {}) + request.user = self.alfred changelist = modeladmin.get_changelist_instance(request) changelist.get_results(request) self.assertEqual(changelist.full_result_count, 4) diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py index 9e6ce63077..51791e961e 100644 --- a/tests/admin_views/admin.py +++ b/tests/admin_views/admin.py @@ -156,6 +156,10 @@ class RowLevelChangePermissionModelAdmin(admin.ModelAdmin): """ Only allow changing objects with even id number """ return request.user.is_staff and (obj is not None) and (obj.id % 2 == 0) + def has_view_permission(self, request, obj=None): + """Only allow viewing objects if id is a multiple of 3.""" + return request.user.is_staff and obj is not None and obj.id % 3 == 0 + class CustomArticleAdmin(admin.ModelAdmin): """ diff --git a/tests/admin_views/test_templatetags.py b/tests/admin_views/test_templatetags.py index 41bb8c37eb..929ff7e045 100644 --- a/tests/admin_views/test_templatetags.py +++ b/tests/admin_views/test_templatetags.py @@ -72,6 +72,9 @@ class AdminTemplateTagsTest(AdminViewBasicTestCase): class DateHierarchyTests(TestCase): factory = RequestFactory() + def setUp(self): + self.superuser = User.objects.create_superuser(username='super', password='secret', email='super@example.com') + def test_choice_links(self): modeladmin = ModelAdmin(Question, site) modeladmin.date_hierarchy = 'posted' @@ -97,6 +100,7 @@ class DateHierarchyTests(TestCase): with self.subTest(query=query): query = {'posted__%s' % q: val for q, val in query.items()} request = self.factory.get('/', query) + request.user = self.superuser changelist = modeladmin.get_changelist_instance(request) spec = date_hierarchy(changelist) choices = [choice['link'] for choice in spec['choices']] diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index f8f3b3c269..f7f247fd37 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -1394,6 +1394,7 @@ class AdminViewPermissionsTest(TestCase): @classmethod def setUpTestData(cls): cls.superuser = User.objects.create_superuser(username='super', password='secret', email='super@example.com') + cls.viewuser = User.objects.create_user(username='viewuser', password='secret', is_staff=True) cls.adduser = User.objects.create_user(username='adduser', password='secret', is_staff=True) cls.changeuser = User.objects.create_user(username='changeuser', password='secret', is_staff=True) cls.deleteuser = User.objects.create_user(username='deleteuser', password='secret', is_staff=True) @@ -1415,6 +1416,8 @@ class AdminViewPermissionsTest(TestCase): # Setup permissions, for our users who can add, change, and delete. opts = Article._meta + # User who can view Articles + cls.viewuser.user_permissions.add(get_perm(Article, get_permission_codename('view', opts))) # User who can add Articles cls.adduser.user_permissions.add(get_perm(Article, get_permission_codename('add', opts))) # User who can change Articles @@ -1467,6 +1470,11 @@ class AdminViewPermissionsTest(TestCase): 'username': 'joepublic', 'password': 'secret', } + cls.viewuser_login = { + REDIRECT_FIELD_NAME: cls.index_url, + 'username': 'viewuser', + 'password': 'secret', + } cls.no_username_login = { REDIRECT_FIELD_NAME: cls.index_url, 'password': 'secret', @@ -1503,6 +1511,14 @@ class AdminViewPermissionsTest(TestCase): login = self.client.post(login_url, self.super_email_login) self.assertContains(login, ERROR_MESSAGE) + # View User + response = self.client.get(self.index_url) + self.assertEqual(response.status_code, 302) + login = self.client.post(login_url, self.viewuser_login) + self.assertRedirects(login, self.index_url) + self.assertFalse(login.context) + self.client.get(reverse('admin:logout')) + # Add User response = self.client.get(self.index_url) self.assertEqual(response.status_code, 302) @@ -1657,6 +1673,27 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(Article.objects.count(), 3) self.client.get(reverse('admin:logout')) + # View User should not have access to add articles + self.client.force_login(self.viewuser) + response = self.client.get(reverse('admin:admin_views_article_add')) + self.assertEqual(response.status_code, 403) + # Try POST just to make sure + post = self.client.post(reverse('admin:admin_views_article_add'), add_dict) + self.assertEqual(post.status_code, 403) + self.assertEqual(Article.objects.count(), 3) + # Now give the user permission to add but not change. + self.viewuser.user_permissions.add(get_perm(Article, get_permission_codename('add', Article._meta))) + response = self.client.get(reverse('admin:admin_views_article_add')) + self.assertContains(response, '<input type="submit" value="Save and view" name="_continue">') + post = self.client.post(reverse('admin:admin_views_article_add'), add_dict, follow=False) + self.assertEqual(post.status_code, 302) + self.assertEqual(Article.objects.count(), 4) + article = Article.objects.latest('pk') + response = self.client.get(reverse('admin:admin_views_article_change', args=(article.pk,))) + self.assertContains(response, '<li class="success">The article "Døm ikke" was added successfully.</li>') + article.delete() + self.client.get(reverse('admin:logout')) + # Add user may login and POST to add view, then redirect to admin root self.client.force_login(self.adduser) addpage = self.client.get(reverse('admin:admin_views_article_add')) @@ -1668,7 +1705,7 @@ class AdminViewPermissionsTest(TestCase): post = self.client.post(reverse('admin:admin_views_article_add'), add_dict) self.assertRedirects(post, self.index_url) self.assertEqual(Article.objects.count(), 4) - self.assertEqual(len(mail.outbox), 1) + self.assertEqual(len(mail.outbox), 2) self.assertEqual(mail.outbox[0].subject, 'Greetings from a created object') self.client.get(reverse('admin:logout')) @@ -1722,6 +1759,19 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(post.status_code, 403) self.client.get(reverse('admin:logout')) + # view user should be able to view the article but not change any of them + # (the POST can be sent, but no modification occures) + self.client.force_login(self.viewuser) + response = self.client.get(article_changelist_url) + self.assertEqual(response.status_code, 200) + response = self.client.get(article_change_url) + self.assertEqual(response.status_code, 200) + self.assertContains(response, '<a href="/test_admin/admin/admin_views/article/" class="closelink">Close</a>') + post = self.client.post(article_change_url, change_dict) + self.assertEqual(post.status_code, 302) + self.assertEqual(Article.objects.get(pk=self.a1.pk).content, '<p>Middle content</p>') + self.client.get(reverse('admin:logout')) + # change user can view all items and edit them self.client.force_login(self.changeuser) response = self.client.get(article_changelist_url) @@ -1751,9 +1801,14 @@ class AdminViewPermissionsTest(TestCase): # Test redirection when using row-level change permissions. Refs #11513. r1 = RowLevelChangePermissionModel.objects.create(id=1, name="odd id") r2 = RowLevelChangePermissionModel.objects.create(id=2, name="even id") + r3 = RowLevelChangePermissionModel.objects.create(id=3, name='odd id mult 3') + r6 = RowLevelChangePermissionModel.objects.create(id=6, name='even id mult 3') change_url_1 = reverse('admin:admin_views_rowlevelchangepermissionmodel_change', args=(r1.pk,)) change_url_2 = reverse('admin:admin_views_rowlevelchangepermissionmodel_change', args=(r2.pk,)) - for login_user in [self.superuser, self.adduser, self.changeuser, self.deleteuser]: + change_url_3 = reverse('admin:admin_views_rowlevelchangepermissionmodel_change', args=(r3.pk,)) + change_url_6 = reverse('admin:admin_views_rowlevelchangepermissionmodel_change', args=(r6.pk,)) + logins = [self.superuser, self.viewuser, self.adduser, self.changeuser, self.deleteuser] + for login_user in logins: self.client.force_login(login_user) response = self.client.get(change_url_1) self.assertEqual(response.status_code, 403) @@ -1765,6 +1820,18 @@ class AdminViewPermissionsTest(TestCase): response = self.client.post(change_url_2, {'name': 'changed'}) self.assertEqual(RowLevelChangePermissionModel.objects.get(id=2).name, 'changed') self.assertRedirects(response, self.index_url) + response = self.client.get(change_url_3) + self.assertEqual(response.status_code, 200) + response = self.client.post(change_url_3, {'name': 'changed'}) + self.assertEqual(response.status_code, 302) + self.assertRedirects(response, self.index_url) + self.assertEqual(RowLevelChangePermissionModel.objects.get(id=3).name, 'odd id mult 3') + response = self.client.get(change_url_6) + self.assertEqual(response.status_code, 200) + response = self.client.post(change_url_6, {'name': 'changed'}) + self.assertEqual(RowLevelChangePermissionModel.objects.get(id=6).name, 'changed') + self.assertRedirects(response, self.index_url) + self.client.get(reverse('admin:logout')) for login_user in [self.joepublicuser, self.nostaffuser]: @@ -1833,6 +1900,15 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(Article.objects.count(), 3) self.client.logout() + # view user should not be able to delete articles + self.client.force_login(self.viewuser) + response = self.client.get(delete_url) + self.assertEqual(response.status_code, 403) + post = self.client.post(delete_url, delete_dict) + self.assertEqual(post.status_code, 403) + self.assertEqual(Article.objects.count(), 3) + self.client.logout() + # Delete user can delete self.client.force_login(self.deleteuser) response = self.client.get(reverse('admin:admin_views_section_delete', args=(self.s1.pk,))) @@ -1890,6 +1966,12 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(response.status_code, 403) self.client.get(reverse('admin:logout')) + # view user can view all items + self.client.force_login(self.viewuser) + response = self.client.get(reverse('admin:admin_views_article_history', args=(self.a1.pk,))) + self.assertEqual(response.status_code, 200) + self.client.get(reverse('admin:logout')) + # change user can view all items and edit them self.client.force_login(self.changeuser) response = self.client.get(reverse('admin:admin_views_article_history', args=(self.a1.pk,))) @@ -1898,7 +1980,8 @@ class AdminViewPermissionsTest(TestCase): # Test redirection when using row-level change permissions. Refs #11513. rl1 = RowLevelChangePermissionModel.objects.create(name="odd id") rl2 = RowLevelChangePermissionModel.objects.create(name="even id") - for login_user in [self.superuser, self.adduser, self.changeuser, self.deleteuser]: + logins = [self.superuser, self.viewuser, self.adduser, self.changeuser, self.deleteuser] + for login_user in logins: self.client.force_login(login_user) url = reverse('admin:admin_views_rowlevelchangepermissionmodel_history', args=(rl1.pk,)) response = self.client.get(url) @@ -2072,6 +2155,12 @@ class AdminViewPermissionsTest(TestCase): self.assertContains(response, 'Articles') self.client.logout() + self.client.force_login(self.viewuser) + response = self.client.get(self.index_url) + self.assertContains(response, 'admin_views') + self.assertContains(response, 'Articles') + self.client.logout() + self.client.force_login(self.adduser) response = self.client.get(self.index_url) self.assertContains(response, 'admin_views') @@ -2104,6 +2193,12 @@ class AdminViewPermissionsTest(TestCase): self.assertNotContains(response, articles) self.client.logout() + self.client.force_login(self.viewuser) + response = self.client.get(index_url) + self.assertNotContains(response, 'admin_views') + self.assertNotContains(response, articles) + self.client.logout() + self.client.force_login(self.adduser) response = self.client.get(index_url) self.assertNotContains(response, 'admin_views') @@ -3745,6 +3840,52 @@ class AdminInlineTests(TestCase): self.assertEqual(Widget.objects.count(), 1) self.assertEqual(Widget.objects.all()[0].name, "Widget 1 Updated") + def test_simple_inline_permissions(self): + """ + Changes aren't allowed without change permissions for the inline object. + """ + # User who can view Articles + permissionuser = User.objects.create_user( + username='permissionuser', password='secret', + email='vuser@example.com', is_staff=True, + ) + permissionuser.user_permissions.add(get_perm(Collector, get_permission_codename('view', Collector._meta))) + permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('view', Widget._meta))) + self.client.force_login(permissionuser) + # Without add permission, a new inline can't be added. + self.post_data['widget_set-0-name'] = 'Widget 1' + collector_url = reverse('admin:admin_views_collector_change', args=(self.collector.pk,)) + response = self.client.post(collector_url, self.post_data) + self.assertEqual(response.status_code, 302) + self.assertEqual(Widget.objects.count(), 0) + # But after adding the permisson it can. + permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('add', Widget._meta))) + self.post_data['widget_set-0-name'] = "Widget 1" + collector_url = reverse('admin:admin_views_collector_change', args=(self.collector.pk,)) + response = self.client.post(collector_url, self.post_data) + self.assertEqual(response.status_code, 302) + self.assertEqual(Widget.objects.count(), 1) + self.assertEqual(Widget.objects.first().name, 'Widget 1') + widget_id = Widget.objects.first().id + # Without the change permission, a POST doesn't change the object. + self.post_data['widget_set-INITIAL_FORMS'] = '1' + self.post_data['widget_set-0-id'] = str(widget_id) + self.post_data['widget_set-0-name'] = 'Widget 1 Updated' + response = self.client.post(collector_url, self.post_data) + self.assertEqual(response.status_code, 302) + self.assertEqual(Widget.objects.count(), 1) + self.assertEqual(Widget.objects.first().name, 'Widget 1') + # Now adding the change permission and editing works. + permissionuser.user_permissions.remove(get_perm(Widget, get_permission_codename('add', Widget._meta))) + permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('change', Widget._meta))) + self.post_data['widget_set-INITIAL_FORMS'] = '1' + self.post_data['widget_set-0-id'] = str(widget_id) + self.post_data['widget_set-0-name'] = 'Widget 1 Updated' + response = self.client.post(collector_url, self.post_data) + self.assertEqual(response.status_code, 302) + self.assertEqual(Widget.objects.count(), 1) + self.assertEqual(Widget.objects.first().name, 'Widget 1 Updated') + def test_explicit_autofield_inline(self): "A model with an explicit autofield primary key can be saved as inlines. Regression for #8093" # First add a new inline diff --git a/tests/auth_tests/test_management.py b/tests/auth_tests/test_management.py index 4e60333c9d..b0c5c6204b 100644 --- a/tests/auth_tests/test_management.py +++ b/tests/auth_tests/test_management.py @@ -767,10 +767,10 @@ class CreatePermissionsTests(TestCase): ] create_permissions(self.app_config, verbosity=0) - # add/change/delete permission by default + custom permission + # view/add/change/delete permission by default + custom permission self.assertEqual(Permission.objects.filter( content_type=permission_content_type, - ).count(), 4) + ).count(), 5) Permission.objects.filter(content_type=permission_content_type).delete() Permission._meta.default_permissions = [] diff --git a/tests/modeladmin/tests.py b/tests/modeladmin/tests.py index d0123de722..db6e9e8864 100644 --- a/tests/modeladmin/tests.py +++ b/tests/modeladmin/tests.py @@ -11,7 +11,7 @@ from django.contrib.admin.widgets import ( AdminDateWidget, AdminRadioSelect, AutocompleteSelect, AutocompleteSelectMultiple, ) -from django.contrib.auth.models import User +from django.contrib.auth.models import Permission, User from django.db import models from django.forms.widgets import Select from django.test import SimpleTestCase, TestCase @@ -676,6 +676,18 @@ class ModelAdminTests(TestCase): self.assertEqual(perms_needed, set()) self.assertEqual(protected, []) + def test_get_actions_requires_change_perm(self): + user = User.objects.create_user(username='bob', email='bob@test.com', password='test') + mock_request = MockRequest() + mock_request.user = user + mock_request.GET = {} + ma = ModelAdmin(Band, self.site) + self.assertEqual(list(ma.get_actions(mock_request).keys()), []) + p = Permission.objects.get(codename='change_band', content_type=get_content_type_for_model(Band())) + user.user_permissions.add(p) + mock_request.user = User.objects.get(pk=user.pk) + self.assertEqual(list(ma.get_actions(mock_request).keys()), ['delete_selected']) + class ModelAdminPermissionTests(SimpleTestCase): @@ -683,6 +695,10 @@ class ModelAdminPermissionTests(SimpleTestCase): def has_module_perms(self, app_label): return app_label == 'modeladmin' + class MockViewUser(MockUser): + def has_perm(self, perm): + return perm == 'modeladmin.view_band' + class MockAddUser(MockUser): def has_perm(self, perm): return perm == 'modeladmin.add_band' @@ -695,6 +711,22 @@ class ModelAdminPermissionTests(SimpleTestCase): def has_perm(self, perm): return perm == 'modeladmin.delete_band' + def test_has_view_permission(self): + """ + has_view_permission() returns True for users who can view objects and + False for users who can't. + """ + ma = ModelAdmin(Band, AdminSite()) + request = MockRequest() + request.user = self.MockViewUser() + self.assertIs(ma.has_view_permission(request), True) + request.user = self.MockAddUser() + self.assertIs(ma.has_view_permission(request), False) + request.user = self.MockChangeUser() + self.assertIs(ma.has_view_permission(request), True) + request.user = self.MockDeleteUser() + self.assertIs(ma.has_view_permission(request), False) + def test_has_add_permission(self): """ has_add_permission returns True for users who can add objects and @@ -702,6 +734,8 @@ class ModelAdminPermissionTests(SimpleTestCase): """ ma = ModelAdmin(Band, AdminSite()) request = MockRequest() + request.user = self.MockViewUser() + self.assertFalse(ma.has_add_permission(request)) request.user = self.MockAddUser() self.assertTrue(ma.has_add_permission(request)) request.user = self.MockChangeUser() @@ -735,6 +769,8 @@ class ModelAdminPermissionTests(SimpleTestCase): """ ma = ModelAdmin(Band, AdminSite()) request = MockRequest() + request.user = self.MockViewUser() + self.assertIs(ma.has_change_permission(request), False) request.user = self.MockAddUser() self.assertFalse(ma.has_change_permission(request)) request.user = self.MockChangeUser() @@ -749,6 +785,8 @@ class ModelAdminPermissionTests(SimpleTestCase): """ ma = ModelAdmin(Band, AdminSite()) request = MockRequest() + request.user = self.MockViewUser() + self.assertIs(ma.has_delete_permission(request), False) request.user = self.MockAddUser() self.assertFalse(ma.has_delete_permission(request)) request.user = self.MockChangeUser() @@ -763,6 +801,8 @@ class ModelAdminPermissionTests(SimpleTestCase): """ ma = ModelAdmin(Band, AdminSite()) request = MockRequest() + request.user = self.MockViewUser() + self.assertIs(ma.has_module_permission(request), True) request.user = self.MockAddUser() self.assertTrue(ma.has_module_permission(request)) request.user = self.MockChangeUser() @@ -773,6 +813,8 @@ class ModelAdminPermissionTests(SimpleTestCase): original_app_label = ma.opts.app_label ma.opts.app_label = 'anotherapp' try: + request.user = self.MockViewUser() + self.assertIs(ma.has_module_permission(request), False) request.user = self.MockAddUser() self.assertFalse(ma.has_module_permission(request)) request.user = self.MockChangeUser() |