dashboard: add group detail view - add user tests

f7ef90b1 · Oláh István Gergely · b69641e0 · f7ef90b1 · f7ef90b1 · f7ef90b1
Commit f7ef90b1 authored Apr 07, 2014 by Oláh István Gergely
Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 49 deletions

circle/dashboard/tests/test_views.py
+68 -0

circle/dashboard/urls.py
+1 -3

circle/dashboard/views.py
+6 -46

No files found.
--- a/circle/dashboard/tests/test_views.py
+++ b/circle/dashboard/tests/test_views.py
@@ -644,6 +644,74 @@ class GroupDetailTest(LoginMixin, TestCase):
        self.assertEqual(response.status_code, 302)
        self.assertEqual(Group.objects.count(), num_of_groups)
+    # add / delete in group
+    def test_anon_add_user_to_group(self):
+        c = Client()
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 302)
+    def test_unpermitted_add_user_to_group(self):
+        c = Client()
+        self.login(c, 'user3')
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 403)
+    def test_superuser_add_user_to_group(self):
+        c = Client()
+        self.login(c, 'superuser')
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group + 1,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 302)
+    def test_permitted_add_user_to_group(self):
+        c = Client()
+        self.login(c, 'user3')
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        Group.objects.get(pk=1).profile.set_user_level(self.u3, 'owner')
+        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group + 1,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 302)
+    def test_permitted_add_multipleuser_to_group(self):
+        c = Client()
+        self.login(c, 'user3')
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        Group.objects.get(pk=1).profile.set_user_level(self.u3, 'operator')
+        response = c.post('/dashboard/group/1/',
+                          {'list-new-namelist': 'user1\r\nuser2'})
+        self.assertEqual(user_in_group + 2,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 302)
+    def test_unpermitted_add_multipleuser_to_group(self):
+        c = Client()
+        self.login(c, 'user3')
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        response = c.post('/dashboard/group/1/',
+                          {'list-new-namelist': 'user1\r\nuser2'})
+        self.assertEqual(user_in_group,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 403)
+    def test_anon_add_multipleuser_to_group(self):
+        c = Client()
+        user_in_group = Group.objects.get(pk=1).user_set.count()
+        response = c.post('/dashboard/group/1/',
+                          {'list-new-namelist': 'user1\r\nuser2'})
+        self.assertEqual(user_in_group,
+                         Group.objects.get(pk=1).user_set.count())
+        self.assertEqual(response.status_code, 403)
 class VmDetailVncTest(LoginMixin, TestCase):
    fixtures = ['test-vm-fixture.json', 'node.json']

--- a/circle/dashboard/urls.py
+++ b/circle/dashboard/urls.py
@@ -2,7 +2,7 @@ from django.conf.urls import patterns, url
 from .views import (
    AclUpdateView, DiskAddView, FavouriteView, GroupAclUpdateView, GroupDelete,
-    GroupDetailView, GroupList, GroupUserDelete, IndexView, LeaseCreate,
+    GroupDetailView, GroupList, IndexView, LeaseCreate,
    LeaseDelete, LeaseDetail, MyPreferencesView, NodeAddTraitView, NodeCreate,
    NodeDelete, NodeDetailView, NodeFlushView, NodeGraphView, NodeList,
    NodeStatus, NotificationView, PortDelete, TemplateAclUpdateView,
@@ -94,8 +94,6 @@ urlpatterns = patterns(
        name='dashboard.views.group-detail'),
    url(r'^group/(?P<pk>\d+)/acl/$', GroupAclUpdateView.as_view(),
        name='dashboard.views.group-acl'),
-    url(r'^groupuser/delete/(?P<pk>\d+)/$', GroupUserDelete.as_view(),
-        name="dashboard.views.delete-groupuser"),
    url(r'^notifications/$', NotificationView.as_view(),
        name="dashboard.views.notifications"),

--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -609,6 +609,9 @@ class GroupDetailView(CheckedDetailView):
                                         kwargs={'pk': self.get_object().pk}))
    def __add_user(self, request):
+        self.object = self.get_object()
+        if not self.get_has_level()(request.user, 'operator'):
+            raise PermissionDenied()
        name = request.POST['list-new-name']
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
@@ -625,6 +628,9 @@ class GroupDetailView(CheckedDetailView):
            warning(request, _('User "%s" not found.') % name)
    def __add_list(self, request):
+        self.object = self.get_object()
+        if not self.get_has_level()(request.user, 'operator'):
+            raise PermissionDenied()
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
@@ -956,52 +962,6 @@ class GroupList(LoginRequiredMixin, SuperuserRequiredMixin, SingleTableView):
    table_pagination = False
-class GroupUserDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
-    """This stuff deletes the group.
-    """
-    model = User
-    template_name = "dashboard/confirm/base-delete.html"
-    def get_template_names(self):
-        if self.request.is_ajax():
-            return ['dashboard/confirm/ajax-delete.html']
-        else:
-            return ['dashboard/confirm/base-delete.html']
-    def get_context_data(self, **kwargs):
-        # this is redundant now, but if we wanna add more to print
-        # we'll need this
-        context = super(GroupUserDelete, self).get_context_data(**kwargs)
-        return context
-    # github.com/django/django/blob/master/django/views/generic/edit.py#L245
-    def delete(self, request, *args, **kwargs):
-        object = self.get_object()
-        object.delete()
-        success_url = self.get_success_url()
-        success_message = _("Group successfully deleted!")
-        if request.is_ajax():
-            if request.POST.get('redirect').lower() == "true":
-                messages.success(request, success_message)
-            return HttpResponse(
-                json.dumps({'message': success_message}),
-                content_type="application/json",
-            )
-        else:
-            messages.success(request, success_message)
-            return HttpResponseRedirect(success_url)
-    def get_success_url(self):
-        next = self.request.POST.get('next')
-        if next:
-            return next
-        else:
-            return reverse_lazy('dashboard.index')
 class GroupRemoveUserView(LoginRequiredMixin, DeleteView):
    model = Group
    slug_field = 'pk'