From be9d4115d0c10cefed8748a4aff7df2f66b29a58 Mon Sep 17 00:00:00 2001
From: FreneticScribbler <aj@aronajones.com>
Date: Thu, 6 Feb 2020 23:18:08 +0000
Subject: [PATCH] Add access level tests

---
 assets/tests/test_assets.py | 59 +++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/assets/tests/test_assets.py b/assets/tests/test_assets.py
index 121ec714..f0464ce1 100644
--- a/assets/tests/test_assets.py
+++ b/assets/tests/test_assets.py
@@ -129,6 +129,65 @@ class TestAssetForm(AutoLoginTest):
         self.assertEqual(models.Asset.objects.get(asset_id="9000").description, new_description)
 
 
+# @tag('slow') TODO: Django 2
+class TestAccessLevels(TestCase):
+    @override_settings(DEBUG=True)
+    def setUp(self):
+        super().setUp()
+        # Shortcut to create the levels - bonus side effect of testing the command (hopefully) matches production
+        call_command('generateSampleData')
+
+    def test_basic_access(self):
+        self.assertTrue(self.client.login(username="basic", password="basic"))
+
+        url = reverse('asset_list')
+        response = self.client.get(url)
+        # Check edit and duplicate buttons not shown in list
+        self.assertNotContains(response, 'Edit')
+        self.assertNotContains(response, 'Duplicate')
+
+        url = reverse('asset_detail', kwargs={'pk': "9000"})
+        response = self.client.get(url)
+        self.assertNotContains(response, 'Purchase Details')
+        self.assertNotContains(response, 'View Revision History')
+
+        request_url = reverse('asset_update', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('asset_duplicate', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('asset_history', kwargs={'pk': "9000"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('supplier_create')
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+        request_url = reverse('supplier_update', kwargs={'pk': "1"})
+        response = self.client.get(request_url, follow=True)
+        self.assertEqual(response.status_code, 403)
+
+    def test_keyholder_access(self):
+        self.assertTrue(self.client.login(username="keyholder", password="keyholder"))
+
+        url = reverse('asset_list')
+        response = self.client.get(url)
+        # Check edit and duplicate buttons shown in list
+        self.assertContains(response, 'Edit')
+        self.assertContains(response, 'Duplicate')
+
+        url = reverse('asset_detail', kwargs={'pk': "9000"})
+        response = self.client.get(url)
+        self.assertContains(response, 'Purchase Details')
+        self.assertContains(response, 'View Revision History')
+
+    # def test_finance_access(self): Level not used in assets currently
+
+
 class TestFormValidation(TestCase):
     @classmethod
     def setUpTestData(cls):