sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

working on permissions_2

Browse Source
This commit is contained in:
Sander Roosendaal
2020-01-22 18:45:53 +01:00
parent 9db68af189
commit fa39b05319
3 changed files with 392 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
rowers/tests/test_permissions2.py
View File

@@ -1,5 +1,56 @@
from .statements import *
viewstotest = [
('workout_view',
{
'anonymous': True,
'anonymous_response':200,
'own': 'basic',
'own_response': 200,
'own_nonperm': 302,
'member': 'basic',
'member_response': 200,
'member_nonperm': 404,
'coachee': 'coach',
'coachee_response': 200,
'coachee_nonperm': 404,
'is_staff': False,
'workoutid': True,
'userid': False,
'dotest': True,
}
),
]
import pandas as pd
df = pd.read_csv('./rowers/tests/viewnames.csv')
for id, row in df.iterrows():
view = row['view']
tpl = (view,
{
'anonymous':row.anonymous,
'anonymous_response':row.anonymous_response,
'own': row.own,
'own_response':row.own_response,
'own_nonperm': row.own_nonperm,
'member': row.member,
'member_response':row.member_response,
'member_nonperm': row.member_nonperm,
'coachee': row.coachee,
'coachee_response':row.coachee_response,
'coachee_nonperm': row.coachee_nonperm,
'is_staff':row.is_staff,
'workoutid':row.workoutid,
'userid':row.userid,
'dotest':row.dotest,
})
if row.dotest:
viewstotest.append(tpl)
plans = ['basic','plan','coach','pro']
@override_settings(TESTING=True)
class PermissionsViewTests(TestCase):
def setUp(self):
@@ -161,76 +212,6 @@ class PermissionsViewTests(TestCase):
self.ubasic['user'].rower.coachinggroups.add(coachinggroup)
viewstotest = [
('workout_view',
{
'anonymous': True,
'anonymous_response':200,
'own': 'basic',
'own_response': 200,
'own_nonperm': 302,
'member': 'basic',
'member_response': 200,
'member_nonperm': 404,
'coachee': 'coach',
'coachee_response': 200,
'coachee_nonperm': 404,
'is_staff': False,
'workoutid': True,
'userid': False,
'dotest': True,
}
),
('workouts_view',
{
'anonymous': False,
'anonymous_response':302,
'own': 'basic',
'own_response': 200,
'own_nonperm': 302,
'member': 'basic',
'member_response': 200,
'member_nonperm': 404,
'coachee': 'coach',
'coachee_response': 200,
'coachee_nonperm': 404,
'is_staff': False,
'workoutid': False,
'userid': True,
'dotest': True,
}
)
]
import pandas as pd
df = pd.read_csv('./rowers/tests/viewnames.csv')
for id, row in df.iterrows():
view = row['view']
tpl = (view,
{
'anonymous':row.anonymous,
'anonymous_response':row.anonymous_response,
'own': row.own,
'own_response':row.own_response,
'own_nonperm': row.own_nonperm,
'member': row.member,
'member_response':row.member_response,
'member_nonperm': row.member_nonperm,
'coachee': row.coachee,
'coachee_response':row.coachee_response,
'coachee_nonperm': row.coachee_nonperm,
'is_staff':row.is_staff,
'workoutid':row.workoutid,
'userid':row.userid,
'dotest':row.dotest,
})
if row.dotest:
viewstotest.append(tpl)
plans = ['basic','plan','coach','pro']
# Test access for anonymous users
@parameterized.expand(viewstotest)
@patch('rowers.dataprep.create_engine')
@@ -249,7 +230,11 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
if permissions['anonymous'] in plans and not permissions['is_staff'] and permissions['dotest']:
print()
print(view,'anonymous',permissions['anonymous'],permissions['is_staff'],permissions['dotest'])
print()
if permissions['anonymous'] and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
if permissions['workoutid']:
url = reverse(view,kwargs={'id':encoder.encode_hex(self.ucoach['workouts'][0].id)})
@@ -258,8 +243,9 @@ class PermissionsViewTests(TestCase):
url = reverse(view)
urlstotest.append(url)
print(view,'anonymous',urlstotest)
for url in urlstotest:
print(url)
result = self.c.get(url)
self.assertEqual(result.status_code,permissions['anonymous_response'])
@@ -281,6 +267,10 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
print()
print(view,'own')
print()
if permissions['own'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
@@ -290,6 +280,8 @@ class PermissionsViewTests(TestCase):
memberuser = self.uplan
notuser = None
print(view,'own')
if permissions['own'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
@@ -323,23 +315,22 @@ class PermissionsViewTests(TestCase):
url = reverse(view)
urlstotest.append(url)
print(view,'own',urlstotest,falseurlstotest,otheruserurls)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_response'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['own_nonperm'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
@@ -362,6 +353,10 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
print()
print(view,'member')
print()
if permissions['member'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
@@ -371,6 +366,8 @@ class PermissionsViewTests(TestCase):
memberuser = self.uplan
notuser = None
print(view,'member')
if permissions['member'] == 'basic':
thisuser = self.ubasic
memberuser = self.uplan
@@ -405,23 +402,22 @@ class PermissionsViewTests(TestCase):
url = reverse(view)
urlstotest.append(url)
print('member',urlstotest,falseurlstotest,otheruserurls)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_response'])
# test logged as user with no permissions (e.g. too low plan)
for url in falseurlstotest:
print(url)
login = self.c.login(username = notuser['username'],password = notuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['member_nonperm'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)
@@ -444,6 +440,10 @@ class PermissionsViewTests(TestCase):
mocked_get_video_data,
):
print()
print(view,'coachee')
print()
if permissions['coachee'] in plans and not permissions['is_staff'] and permissions['dotest']:
urlstotest = []
falseurlstotest = []
@@ -470,16 +470,16 @@ class PermissionsViewTests(TestCase):
url = reverse(view)
urlstotest.append(url)
print('coachee',urlstotest,falseurlstotest,otheruserurls)
# test logged in as user who has permissions
for url in urlstotest:
print(url)
login = self.c.login(username = thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code, permissions['coachee_response'])
# test as user with permissions, accessing object of non-related user
for url in otheruserurls:
print(url)
login = self.c.login(username=thisuser['username'],password = thisuser['password'])
result = self.c.get(url)
self.assertEqual(result.status_code,403)