Add ACLs to document indexes. Convert all document indexing views to CBV. Remove the document index setup permission. Add view tests to the document indexing app. Use MPTT methods and stop relying on undocumented API.

2016-03-19 02:51:45 -04:00
parent 286a6ba9b8
commit 7cde1fe78f
8 changed files with 287 additions and 166 deletions
--- a/mayan/apps/document_indexing/tests/test_views.py
+++ b/mayan/apps/document_indexing/tests/test_views.py
@@ -0,0 +1,114 @@
+from __future__ import absolute_import, unicode_literals
+
+from documents.permissions import permission_document_view
+from documents.tests.test_views import GenericDocumentViewTestCase
+from user_management.tests import (
+    TEST_USER_USERNAME, TEST_USER_PASSWORD
+)
+
+from ..models import Index
+from ..permissions import (
+    permission_document_indexing_create, permission_document_indexing_delete,
+    permission_document_indexing_edit, permission_document_indexing_view
+)
+
+TEST_INDEX_LABEL = 'test label'
+TEST_INDEX_EDITED_LABEL = 'test edited label'
+TEST_INDEX_SLUG = 'test_slug'
+
+
+class IndexViewTestCase(GenericDocumentViewTestCase):
+    def test_index_create_view_no_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        response = self.post(
+            'indexing:index_setup_create', data={
+                'label': TEST_INDEX_LABEL, 'slug': TEST_INDEX_SLUG
+            }
+        )
+
+        self.assertEquals(response.status_code, 403)
+        self.assertEqual(Index.objects.count(), 0)
+
+    def test_index_create_view_with_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        self.role.permissions.add(
+            permission_document_indexing_create.stored_permission
+        )
+
+        response = self.post(
+            'indexing:index_setup_create', data={
+                'label': TEST_INDEX_LABEL, 'slug': TEST_INDEX_SLUG
+            }, follow=True
+        )
+
+        self.assertContains(response, text='created', status_code=200)
+        self.assertEqual(Index.objects.count(), 1)
+        self.assertEqual(Index.objects.first().label, TEST_INDEX_LABEL)
+
+    def test_index_delete_view_no_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        index = Index.objects.create(
+            label=TEST_INDEX_LABEL, slug=TEST_INDEX_SLUG
+        )
+
+        response = self.post('indexing:index_setup_delete', args=(index.pk,))
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(Index.objects.count(), 1)
+
+    def test_index_delete_view_with_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        self.role.permissions.add(
+            permission_document_indexing_delete.stored_permission
+        )
+
+        index = Index.objects.create(
+            label=TEST_INDEX_LABEL, slug=TEST_INDEX_SLUG
+        )
+
+        response = self.post(
+            'indexing:index_setup_delete', args=(index.pk,), follow=True
+        )
+
+        self.assertContains(response, text='deleted', status_code=200)
+        self.assertEqual(Index.objects.count(), 0)
+
+    def test_index_edit_view_no_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        index = Index.objects.create(
+            label=TEST_INDEX_LABEL, slug=TEST_INDEX_SLUG
+        )
+
+        response = self.post(
+            'indexing:index_setup_edit', args=(index.pk,), data={
+                'label': TEST_INDEX_EDITED_LABEL, 'slug': TEST_INDEX_SLUG
+            }
+        )
+        self.assertEqual(response.status_code, 403)
+        index = Index.objects.get(pk=index.pk)
+        self.assertEqual(index.label, TEST_INDEX_LABEL)
+
+    def test_index_edit_view_with_permission(self):
+        self.login(username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD)
+
+        self.role.permissions.add(
+            permission_document_indexing_edit.stored_permission
+        )
+
+        index = Index.objects.create(
+            label=TEST_INDEX_LABEL, slug=TEST_INDEX_SLUG
+        )
+
+        response = self.post(
+            'indexing:index_setup_edit', args=(index.pk,), data={
+                'label': TEST_INDEX_EDITED_LABEL, 'slug': TEST_INDEX_SLUG
+            }, follow=True
+        )
+
+        index = Index.objects.get(pk=index.pk)
+        self.assertContains(response, text='update', status_code=200)
+        self.assertEqual(index.label, TEST_INDEX_EDITED_LABEL)