From 10f2bd622652df0fab979cb78ad07213737b0e39 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Thu, 22 Oct 2015 04:23:16 -0400 Subject: [PATCH] Improve multi user delete view. Add view tests for the user management app. --- mayan/apps/user_management/apps.py | 1 + mayan/apps/user_management/tests/literals.py | 3 +- .../apps/user_management/tests/test_views.py | 184 ++++++++++++++++++ mayan/apps/user_management/views.py | 38 ++-- 4 files changed, 208 insertions(+), 18 deletions(-) create mode 100644 mayan/apps/user_management/tests/test_views.py diff --git a/mayan/apps/user_management/apps.py b/mayan/apps/user_management/apps.py index 99fd3b27d0..3de140ccd9 100644 --- a/mayan/apps/user_management/apps.py +++ b/mayan/apps/user_management/apps.py @@ -25,6 +25,7 @@ from .links import ( class UserManagementApp(MayanAppConfig): app_url = 'accounts' name = 'user_management' + test = True verbose_name = _('User management') def ready(self): diff --git a/mayan/apps/user_management/tests/literals.py b/mayan/apps/user_management/tests/literals.py index 6d91989398..a67dd43a7a 100644 --- a/mayan/apps/user_management/tests/literals.py +++ b/mayan/apps/user_management/tests/literals.py @@ -3,7 +3,7 @@ from __future__ import unicode_literals __all__ = ( 'TEST_ADMIN_EMAIL', 'TEST_ADMIN_PASSWORD', 'TEST_ADMIN_USERNAME', 'TEST_GROUP', 'TEST_USER_EMAIL', 'TEST_USER_PASSWORD', - 'TEST_USER_USERNAME' + 'TEST_USER_PASSWORD_EDITED', 'TEST_USER_USERNAME' ) TEST_ADMIN_EMAIL = 'admin@example.com' @@ -13,4 +13,5 @@ TEST_ADMIN_USERNAME = 'test_admin' TEST_GROUP = 'test group' TEST_USER_EMAIL = 'user@example.com' TEST_USER_PASSWORD = 'test user password' +TEST_USER_PASSWORD_EDITED = 'test user password edited' TEST_USER_USERNAME = 'test_user' diff --git a/mayan/apps/user_management/tests/test_views.py b/mayan/apps/user_management/tests/test_views.py new file mode 100644 index 0000000000..0c916d2f14 --- /dev/null +++ b/mayan/apps/user_management/tests/test_views.py @@ -0,0 +1,184 @@ +from __future__ import unicode_literals + +from django.contrib.auth import get_user_model + +from common.tests.test_views import GenericViewTestCase +from documents.permissions import permission_document_view + +from ..permissions import ( + permission_user_delete, permission_user_edit, permission_user_view +) + +from .literals import ( + TEST_USER_PASSWORD, TEST_USER_PASSWORD_EDITED, TEST_USER_USERNAME +) + +TEST_USER_TO_DELETE_USERNAME = 'user_to_delete' + + +class UserManagementViewTestCase(GenericViewTestCase): + def test_user_set_password_view_no_permissions(self): + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_set_password', args=(self.user.pk,), data={ + 'new_password_1': TEST_USER_PASSWORD_EDITED, + 'new_password_2': TEST_USER_PASSWORD_EDITED + } + ) + + self.assertEqual(response.status_code, 403) + user = get_user_model().objects.get(username=TEST_USER_USERNAME) + + self.client.logout() + logged_in = self.client.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD_EDITED + ) + + response = self.get('common:current_user_details') + + self.assertEqual(response.status_code, 302) + + def test_user_set_password_view_with_permissions(self): + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_edit.stored_permission) + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_set_password', args=(self.user.pk,), data={ + 'new_password_1': TEST_USER_PASSWORD_EDITED, + 'new_password_2': TEST_USER_PASSWORD_EDITED + }, follow=True + ) + + self.assertContains(response, text='Successfull', status_code=200) + + self.client.logout() + logged_in = self.client.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD_EDITED + ) + response = self.get('common:current_user_details') + + self.assertEqual(response.status_code, 200) + + def test_user_multiple_set_password_view_no_permissions(self): + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_multiple_set_password', data={ + 'id_list': self.user.pk, + 'new_password_1': TEST_USER_PASSWORD_EDITED, + 'new_password_2': TEST_USER_PASSWORD_EDITED + } + ) + + self.assertEqual(response.status_code, 403) + user = get_user_model().objects.get(username=TEST_USER_USERNAME) + + self.client.logout() + logged_in = self.client.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD_EDITED + ) + + response = self.get('common:current_user_details') + + self.assertEqual(response.status_code, 302) + + def test_user_multiple_set_password_view_with_permissions(self): + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_edit.stored_permission) + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_multiple_set_password', data={ + 'id_list': self.user.pk, + 'new_password_1': TEST_USER_PASSWORD_EDITED, + 'new_password_2': TEST_USER_PASSWORD_EDITED + }, follow=True + ) + + self.assertContains(response, text='Successfull', status_code=200) + + self.client.logout() + logged_in = self.client.login( + username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD_EDITED + ) + response = self.get('common:current_user_details') + + self.assertEqual(response.status_code, 200) + + def test_user_delete_view_no_permissions(self): + user = get_user_model().objects.create( + username=TEST_USER_TO_DELETE_USERNAME + ) + + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_delete', args=(user.pk,) + ) + + self.assertEqual(response.status_code, 403) + self.assertEqual(get_user_model().objects.count(), 3) + + def test_user_delete_view_with_permissions(self): + user = get_user_model().objects.create( + username=TEST_USER_TO_DELETE_USERNAME + ) + + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_delete.stored_permission) + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_delete', args=(user.pk,), follow=True + ) + + self.assertContains(response, text='deleted', status_code=200) + self.assertEqual(get_user_model().objects.count(), 2) + + def test_user_multiple_delete_view_no_permissions(self): + user = get_user_model().objects.create( + username=TEST_USER_TO_DELETE_USERNAME + ) + + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_multiple_delete', data={ + 'id_list': user.pk + } + ) + + self.assertEqual(response.status_code, 403) + self.assertEqual(get_user_model().objects.count(), 3) + + def test_user_multiple_delete_view_with_permissions(self): + user = get_user_model().objects.create( + username=TEST_USER_TO_DELETE_USERNAME + ) + + self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD) + + self.role.permissions.add(permission_user_delete.stored_permission) + self.role.permissions.add(permission_user_view.stored_permission) + + response = self.post( + 'user_management:user_multiple_delete', data={ + 'id_list': user.pk, + }, follow=True + ) + + self.assertContains(response, text='deleted', status_code=200) + self.assertEqual(get_user_model().objects.count(), 2) diff --git a/mayan/apps/user_management/views.py b/mayan/apps/user_management/views.py index 526cab0ae7..5ac4cf73cf 100644 --- a/mayan/apps/user_management/views.py +++ b/mayan/apps/user_management/views.py @@ -191,15 +191,12 @@ def user_delete(request, user_id=None, user_id_list=None): post_action_redirect = None if user_id: - users = [get_object_or_404(User, pk=user_id)] + users = get_user_model().objects.filter(pk=user_id) post_action_redirect = reverse('user_management:user_list') elif user_id_list: - users = [ - get_object_or_404( - User, pk=user_id - ) for user_id in user_id_list.split(',') - ] - else: + users = get_user_model().objects.filter(pk__in=user_id_list) + + if not users: messages.error(request, _('Must provide at least one user.')) return HttpResponseRedirect( request.META.get( @@ -240,8 +237,8 @@ def user_delete(request, user_id=None, user_id_list=None): 'previous': previous, 'next': next, } - if len(users) == 1: - context['object'] = users[0] + if users.count() == 1: + context['object'] = users.first() context['title'] = _('Delete the user: %s?') % ', '.join([unicode(d) for d in users]) elif len(users) > 1: context['title'] = _('Delete the users: %s?') % ', '.join([unicode(d) for d in users]) @@ -254,7 +251,9 @@ def user_delete(request, user_id=None, user_id_list=None): def user_multiple_delete(request): return user_delete( - request, user_id_list=request.GET.get('id_list', []) + request, user_id_list=request.GET.get( + 'id_list', request.POST.get('id_list', '') + ).split(',') ) @@ -263,11 +262,12 @@ def user_set_password(request, user_id=None, user_id_list=None): post_action_redirect = None if user_id: - users = [get_object_or_404(User, pk=user_id)] + users = get_user_model().objects.filter(pk=user_id) post_action_redirect = reverse('user_management:user_list') elif user_id_list: - users = [get_object_or_404(User, pk=user_id) for user_id in user_id_list.split(',')] - else: + users = get_user_model().objects.filter(pk__in=user_id_list) + + if not users: messages.error(request, _('Must provide at least one user.')) return HttpResponseRedirect( request.META.get( @@ -283,7 +283,9 @@ def user_set_password(request, user_id=None, user_id_list=None): password_1 = form.cleaned_data['new_password_1'] password_2 = form.cleaned_data['new_password_2'] if password_1 != password_2: - messages.error(request, _('Passwords do not match, try again.')) + messages.error( + request, _('Passwords do not match, try again.') + ) else: for user in users: try: @@ -322,8 +324,8 @@ def user_set_password(request, user_id=None, user_id_list=None): 'form': form, } - if len(users) == 1: - context['object'] = users[0] + if users.count() == 1: + context['object'] = users.first() context['title'] = _('Reseting password for user: %s') % ', '.join([unicode(d) for d in users]) elif len(users) > 1: context['title'] = _('Reseting password for users: %s') % ', '.join([unicode(d) for d in users]) @@ -336,5 +338,7 @@ def user_set_password(request, user_id=None, user_id_list=None): def user_multiple_set_password(request): return user_set_password( - request, user_id_list=request.GET.get('id_list', []) + request, user_id_list=request.GET.get( + 'id_list', request.POST.get('id_list', '') + ).split(',') )