| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 |
- from django.conf import settings
- from django.contrib.auth import models
- from django.contrib.auth.decorators import login_required, permission_required
- from django.core.exceptions import PermissionDenied
- from django.http import HttpResponse
- from django.test import TestCase, override_settings
- from django.test.client import RequestFactory
- from .test_views import AuthViewsTestCase
- @override_settings(ROOT_URLCONF='auth_tests.urls')
- class LoginRequiredTestCase(AuthViewsTestCase):
- """
- Tests the login_required decorators
- """
- def testCallable(self):
- """
- Check that login_required is assignable to callable objects.
- """
- class CallableView(object):
- def __call__(self, *args, **kwargs):
- pass
- login_required(CallableView())
- def testView(self):
- """
- Check that login_required is assignable to normal views.
- """
- def normal_view(request):
- pass
- login_required(normal_view)
- def testLoginRequired(self, view_url='/login_required/', login_url=None):
- """
- Check that login_required works on a simple view wrapped in a
- login_required decorator.
- """
- if login_url is None:
- login_url = settings.LOGIN_URL
- response = self.client.get(view_url)
- self.assertEqual(response.status_code, 302)
- self.assertIn(login_url, response.url)
- self.login()
- response = self.client.get(view_url)
- self.assertEqual(response.status_code, 200)
- def testLoginRequiredNextUrl(self):
- """
- Check that login_required works on a simple view wrapped in a
- login_required decorator with a login_url set.
- """
- self.testLoginRequired(view_url='/login_required_login_url/',
- login_url='/somewhere/')
- class PermissionsRequiredDecoratorTest(TestCase):
- """
- Tests for the permission_required decorator
- """
- def setUp(self):
- self.user = models.User.objects.create(username='joe', password='qwerty')
- self.factory = RequestFactory()
- # Add permissions auth.add_customuser and auth.change_customuser
- perms = models.Permission.objects.filter(codename__in=('add_customuser', 'change_customuser'))
- self.user.user_permissions.add(*perms)
- def test_many_permissions_pass(self):
- @permission_required(['auth.add_customuser', 'auth.change_customuser'])
- def a_view(request):
- return HttpResponse()
- request = self.factory.get('/rand')
- request.user = self.user
- resp = a_view(request)
- self.assertEqual(resp.status_code, 200)
- def test_many_permissions_in_set_pass(self):
- @permission_required({'auth.add_customuser', 'auth.change_customuser'})
- def a_view(request):
- return HttpResponse()
- request = self.factory.get('/rand')
- request.user = self.user
- resp = a_view(request)
- self.assertEqual(resp.status_code, 200)
- def test_single_permission_pass(self):
- @permission_required('auth.add_customuser')
- def a_view(request):
- return HttpResponse()
- request = self.factory.get('/rand')
- request.user = self.user
- resp = a_view(request)
- self.assertEqual(resp.status_code, 200)
- def test_permissioned_denied_redirect(self):
- @permission_required(['auth.add_customuser', 'auth.change_customuser', 'non-existent-permission'])
- def a_view(request):
- return HttpResponse()
- request = self.factory.get('/rand')
- request.user = self.user
- resp = a_view(request)
- self.assertEqual(resp.status_code, 302)
- def test_permissioned_denied_exception_raised(self):
- @permission_required([
- 'auth.add_customuser', 'auth.change_customuser', 'non-existent-permission'
- ], raise_exception=True)
- def a_view(request):
- return HttpResponse()
- request = self.factory.get('/rand')
- request.user = self.user
- self.assertRaises(PermissionDenied, a_view, request)
|
