Add access level tests

2026-01-17 05:22:16 +00:00 · 2020-02-06 23:18:08 +00:00
parent c6c8501640
commit be9d4115d0
1 changed files with 59 additions and 0 deletions
--- a/assets/tests/test_assets.py
+++ b/assets/tests/test_assets.py
@@ -129,6 +129,65 @@ class TestAssetForm(AutoLoginTest):
        self.assertEqual(models.Asset.objects.get(asset_id="9000").description, new_description)


+# @tag('slow') TODO: Django 2
+class TestAccessLevels(TestCase):
+    @override_settings(DEBUG=True)
+    def setUp(self):
+        super().setUp()
+        # Shortcut to create the levels - bonus side effect of testing the command (hopefully) matches production
+        call_command('generateSampleData')
+
+    def test_basic_access(self):
+        self.assertTrue(self.client.login(username="basic", password="basic"))
+
+        url = reverse('asset_list')
+        response = self.client.get(url)
+        # Check edit and duplicate buttons not shown in list
+        self.assertNotContains(response, 'Edit')
+        self.assertNotContains(response, 'Duplicate')
+
+        url = reverse('asset_detail', kwargs={'pk': "9000"})
+        response = self.client.get(url)
+        self.assertNotContains(response, 'Purchase Details')
+        self.assertNotContains(response, 'View Revision History')
+
+        request_url = reverse('asset_update', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('asset_duplicate', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('asset_history', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('supplier_create')
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('supplier_update', kwargs={'pk': "1"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+    def test_keyholder_access(self):
+        self.assertTrue(self.client.login(username="keyholder", password="keyholder"))
+
+        url = reverse('asset_list')
+        response = self.client.get(url)
+        # Check edit and duplicate buttons shown in list
+        self.assertContains(response, 'Edit')
+        self.assertContains(response, 'Duplicate')
+
+        url = reverse('asset_detail', kwargs={'pk': "9000"})
+        response = self.client.get(url)
+        self.assertContains(response, 'Purchase Details')
+        self.assertContains(response, 'View Revision History')
+
+    # def test_finance_access(self): Level not used in assets currently
+
+
 class TestFormValidation(TestCase):
    @classmethod
    def setUpTestData(cls):