dashboard: remove redirection in templates, rewrite group tests

6bf6e68c · Oláh István Gergely · c4de1e19 · 6bf6e68c · 6bf6e68c · 6bf6e68c
Commit 6bf6e68c authored Apr 08, 2014 by Oláh István Gergely
Hide whitespace changes
Inline Side-by-side

Showing with 131 additions and 68 deletions

circle/dashboard/templates/dashboard/group-detail.html
+3 -3

circle/dashboard/tests/test_views.py
+123 -64

circle/dashboard/views.py
+5 -1

No files found.
--- a/circle/dashboard/templates/dashboard/group-detail.html
+++ b/circle/dashboard/templates/dashboard/group-detail.html
@@ -40,7 +40,7 @@
     <thead><tr><th></th><th>{% trans "Who" %}</th><th></th><th></th></tr></thead>
        {% for i in users %}
 	<tr><td><i class="icon-user"></i></td><td>{{i.username}}</td>
-		<td><a data-group_pk="{{ group.pk }}" data-member_pk="{{i.pk}}" href="{% url "dashboard.views.remove-user" member_pk=i.pk group_pk=group.pk %}?next={{ request.path }}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
+		<td><a data-group_pk="{{ group.pk }}" data-member_pk="{{i.pk}}" href="{% url "dashboard.views.remove-user" member_pk=i.pk group_pk=group.pk %}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
        {% endfor %}
        <tr><td><i class="icon-plus"></i></td>
            <td><input type="text" class="form-control" name="list-new-name"
@@ -67,7 +67,7 @@
                    <option{%if id = i.level%} selected="selected"{%endif%} value="{{id}}">{{name}}</option>
                    {% endfor %}
            </select></td>
-	    <td class="user-remove"><a data-group_pk="{{ group.pk }}" data-member_pk="{{i.user.pk }}" href="{% url "dashboard.views.remove-acluser" member_pk=i.user.pk group_pk=group.pk %}?next={{ request.path }}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
+	    <td class="user-remove"><a data-group_pk="{{ group.pk }}" data-member_pk="{{i.user.pk }}" href="{% url "dashboard.views.remove-acluser" member_pk=i.user.pk group_pk=group.pk %}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
        {% endfor %}
        {% for i in acl.groups %}
        <tr><td><i class="icon-user"></i></td><td>{{ i.group }}</td>
@@ -76,7 +76,7 @@
                    <option{%if id = i.level%} selected="selected"{%endif%} value="{{id}}">{{name}}</option>
                    {% endfor %}
            </select></td>
-	    <td class="user-remove"><a data-group_pk="{{ i.pk }}"data-member_pk="{{i.group.pk }}" href="{% url "dashboard.views.remove-aclgroup" member_pk=i.group.pk group_pk=group.pk %}?next={{ request.path }}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
+	    <td class="user-remove"><a data-group_pk="{{ i.pk }}"data-member_pk="{{i.group.pk }}" href="{% url "dashboard.views.remove-aclgroup" member_pk=i.group.pk group_pk=group.pk %}" class="real-link delete-from-group btn btn-link btn-xs"><i class="icon-remove"><span class="sr-only">{% trans "remove" %}</span></i></a></td></tr>
        {% endfor %}
        <tr><td><i class="icon-plus"></i></td>
            <td><input type="text" class="form-control" name="perm-new-name"

--- a/circle/dashboard/tests/test_views.py
+++ b/circle/dashboard/tests/test_views.py
@@ -527,6 +527,7 @@ class GroupDetailTest(LoginMixin, TestCase):

    def setUp(self):
        Instance.get_remote_queue_name = Mock(return_value='test')
+        # u0 - owner for group1
        self.u0 = User.objects.create(username='user0')
        self.u0.set_password('password')
        self.u0.save()
@@ -539,26 +540,32 @@ class GroupDetailTest(LoginMixin, TestCase):
        self.u3 = User.objects.create(username='user3')
        self.u3.set_password('password')
        self.u3.save()
+        # u4 - removable user for group1
+        self.u4 = User.objects.create(username='user4')
+        self.u4.set_password('password')
+        self.u4.save()
        self.us = User.objects.create(username='superuser', is_superuser=True)
        self.us.set_password('password')
        self.us.save()
-        self.g0 = Group.objects.get(pk=1)
-        self.g0.profile.set_user_level(self.u0, 'owner')
        self.g1 = Group.objects.create(name='group1')
-        self.g1.user_set.add(self.u1)
-        self.g1.user_set.add(self.u2)
+        self.g1.profile.set_user_level(self.u0, 'owner')
+        self.g1.user_set.add(self.u4)
        self.g1.save()
+        self.g2 = Group.objects.create(name='group2')
+        self.g2.save()
        settings["default_vlangroup"] = 'public'
        VlanGroup.objects.create(name='public')

    def tearDown(self):
        super(GroupDetailTest, self).tearDown()
+        self.g1.delete()
+        self.g2.delete()
        self.u0.delete()
        self.u1.delete()
        self.u2.delete()
        self.us.delete()
        self.u3.delete()
-        self.g1.delete()
+        self.u4.delete()

    def test_404_superuser_group_page(self):
        c = Client()
@@ -574,54 +581,54 @@ class GroupDetailTest(LoginMixin, TestCase):

    def test_anon_group_page(self):
        c = Client()
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 302)

    def test_superuser_group_page(self):
        c = Client()
        self.login(c, 'superuser')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 200)

    def test_acluser_group_page(self):
        c = Client()
        self.login(c, 'user0')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 200)

    def test_acluser2_group_page(self):
-        Group.objects.get(pk=1).profile.set_user_level(self.u1, 'operator')
+        self.g1.profile.set_user_level(self.u1, 'operator')
        c = Client()
        self.login(c, 'user1')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 200)

    def test_unpermitted_user_group_page(self):
        c = Client()
        self.login(c, 'user1')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 403)

    def test_user_in_userlist_group_page(self):
-        self.g0.user_set.add(self.u1)
+        self.g1.user_set.add(self.u1)
        c = Client()
        self.login(c, 'user1')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 403)

    def test_groupmember_group_page(self):
-        # user1 is member of g1 - setUp
-        Group.objects.get(pk=1).profile.set_group_level(self.g1, 'owner')
+        self.g2.user_set.add(self.u1)
+        self.g1.profile.set_group_level(self.g2, 'owner')
        c = Client()
        self.login(c, 'user1')
-        response = c.get('/dashboard/group/1/')
+        response = c.get('/dashboard/group/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 200)

-    def test_permitted_group_delete(self):
+    def test_superuser_group_delete(self):
        num_of_groups = Group.objects.count()
        c = Client()
        self.login(c, 'superuser')
-        response = c.post('/dashboard/group/delete/1/')
+        response = c.post('/dashboard/group/delete/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 302)
        self.assertEqual(Group.objects.count(), num_of_groups - 1)

@@ -629,7 +636,7 @@ class GroupDetailTest(LoginMixin, TestCase):
        num_of_groups = Group.objects.count()
        c = Client()
        self.login(c, 'user3')
-        response = c.post('/dashboard/group/delete/1/')
+        response = c.post('/dashboard/group/delete/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 403)
        self.assertEqual(Group.objects.count(), num_of_groups)

@@ -637,156 +644,208 @@ class GroupDetailTest(LoginMixin, TestCase):
        num_of_groups = Group.objects.count()
        c = Client()
        self.login(c, 'user0')
-        response = c.post('/dashboard/group/delete/1/')
+        response = c.post('/dashboard/group/delete/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 302)
        self.assertEqual(Group.objects.count(), num_of_groups - 1)

    def test_anon_group_delete(self):
        num_of_groups = Group.objects.count()
        c = Client()
-        response = c.post('/dashboard/group/delete/1/')
+        response = c.post('/dashboard/group/delete/' + str(self.g1.pk) + '/')
        self.assertEqual(response.status_code, 302)
        self.assertEqual(Group.objects.count(), num_of_groups)

-    # add / delete in group
+    # add to group

    def test_anon_add_user_to_group(self):
        c = Client()
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/', {'list-new-name': 'user3'})
        self.assertEqual(user_in_group,
-                         self.g0.user_set.count())
+                         self.g1.user_set.count())
        self.assertEqual(response.status_code, 302)

    def test_unpermitted_add_user_to_group(self):
        c = Client()
        self.login(c, 'user3')
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
-        self.assertEqual(user_in_group, self.g0.user_set.count())
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group, self.g1.user_set.count())
        self.assertEqual(response.status_code, 403)

    def test_superuser_add_user_to_group(self):
        c = Client()
        self.login(c, 'superuser')
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
-        self.assertEqual(user_in_group + 1, self.g0.user_set.count())
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group + 1, self.g1.user_set.count())
        self.assertEqual(response.status_code, 302)

    def test_permitted_add_user_to_group(self):
        c = Client()
        self.login(c, 'user0')
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/', {'list-new-name': 'user3'})
-        self.assertEqual(user_in_group + 1, self.g0.user_set.count())
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/', {'list-new-name': 'user3'})
+        self.assertEqual(user_in_group + 1, self.g1.user_set.count())
        self.assertEqual(response.status_code, 302)

    def test_permitted_add_multipleuser_to_group(self):
        c = Client()
-        self.g0 = Group.objects.get(pk=1)
        self.login(c, 'user0')
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/',
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/',
                          {'list-new-namelist': 'user1\r\nuser2'})
-        self.assertEqual(user_in_group + 2, self.g0.user_set.count())
+        self.assertEqual(user_in_group + 2, self.g1.user_set.count())
        self.assertEqual(response.status_code, 302)

    def test_unpermitted_add_multipleuser_to_group(self):
        c = Client()
        self.login(c, 'user3')
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/',
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/',
                          {'list-new-namelist': 'user1\r\nuser2'})
-        self.assertEqual(user_in_group, self.g0.user_set.count())
+        self.assertEqual(user_in_group, self.g1.user_set.count())
        self.assertEqual(response.status_code, 403)

    def test_anon_add_multipleuser_to_group(self):
        c = Client()
-        user_in_group = self.g0.user_set.count()
-        response = c.post('/dashboard/group/1/',
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/',
                          {'list-new-namelist': 'user1\r\nuser2'})
-        self.assertEqual(user_in_group, self.g0.user_set.count())
+        self.assertEqual(user_in_group, self.g1.user_set.count())
        self.assertEqual(response.status_code, 302)

    def test_anon_add_acluser_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        acl_users = len(gp.get_users_with_level())
-        response = c.post('/dashboard/group/1/acl/',
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
                          {'perm-new-name': 'user3', 'perm-new': 'owner'})
        self.assertEqual(acl_users, len(gp.get_users_with_level()))
        self.assertEqual(response.status_code, 302)

    def test_unpermitted_add_acluser_to_group(self):
        c = Client()
-        gp = self.g0.profile
        self.login(c, 'user3')
+        gp = self.g1.profile
        acl_users = len(gp.get_users_with_level())
-        response = c.post('/dashboard/group/1/acl/',
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
                          {'perm-new-name': 'user3', 'perm-new': 'owner'})
        self.assertEqual(acl_users, len(gp.get_users_with_level()))
        self.assertEqual(response.status_code, 403)

    def test_superuser_add_acluser_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        self.login(c, 'superuser')
        acl_users = len(gp.get_users_with_level())
-        response = c.post('/dashboard/group/1/acl/',
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
                          {'perm-new-name': 'user3', 'perm-new': 'owner'})
        self.assertEqual(acl_users + 1, len(gp.get_users_with_level()))
        self.assertEqual(response.status_code, 302)

    def test_permitted_add_acluser_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        self.login(c, 'user0')
        acl_users = len(gp.get_users_with_level())
-        response = c.post('/dashboard/group/1/acl/',
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
                          {'perm-new-name': 'user3', 'perm-new': 'owner'})
        self.assertEqual(acl_users + 1, len(gp.get_users_with_level()))
        self.assertEqual(response.status_code, 302)

    def test_anon_add_aclgroup_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        acl_groups = len(gp.get_groups_with_level())
-        response = c.post('/dashboard/group/1/acl/',
-                          {'perm-new-name': 'group1', 'perm-new': 'owner'})
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
+                          {'perm-new-name': 'group2', 'perm-new': 'owner'})
        self.assertEqual(acl_groups, len(gp.get_groups_with_level()))
        self.assertEqual(response.status_code, 302)

    def test_unpermitted_add_aclgroup_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        self.login(c, 'user3')
        acl_groups = len(gp.get_groups_with_level())
-        response = c.post('/dashboard/group/1/acl/',
-                          {'perm-new-name': 'group1', 'perm-new': 'owner'})
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
+                          {'perm-new-name': 'group2', 'perm-new': 'owner'})
        self.assertEqual(acl_groups, len(gp.get_groups_with_level()))
        self.assertEqual(response.status_code, 403)

    def test_superuser_add_aclgroup_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        self.login(c, 'superuser')
        acl_groups = len(gp.get_groups_with_level())
-        response = c.post('/dashboard/group/1/acl/',
-                          {'perm-new-name': 'group1', 'perm-new': 'owner'})
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
+                          {'perm-new-name': 'group2', 'perm-new': 'owner'})
        self.assertEqual(acl_groups + 1, len(gp.get_groups_with_level()))
        self.assertEqual(response.status_code, 302)

    def test_permitted_add_aclgroup_to_group(self):
        c = Client()
-        gp = self.g0.profile
+        gp = self.g1.profile
        self.login(c, 'user0')
        acl_groups = len(gp.get_groups_with_level())
-        response = c.post('/dashboard/group/1/acl/',
-                          {'perm-new-name': 'group1', 'perm-new': 'owner'})
+        response = c.post('/dashboard/group/' +
+                          str(self.g1.pk) + '/acl/',
+                          {'perm-new-name': 'group2', 'perm-new': 'owner'})
        self.assertEqual(acl_groups + 1, len(gp.get_groups_with_level()))
        self.assertEqual(response.status_code, 302)

+    # remove from group
+
+    def test_anon_remove_user_from_group(self):
+        c = Client()
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' + str(self.g1.pk) +
+                          '/remove/user/' + str(self.u4.pk) + '/')
+        self.assertEqual(user_in_group,
+                         self.g1.user_set.count())
+        self.assertEqual(response.status_code, 302)
+
+    def test_unpermitted_remove_user_from_group(self):
+        c = Client()
+        self.login(c, 'user3')
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' + str(self.g1.pk) +
+                          '/remove/user/' + str(self.u4.pk) + '/')
+        self.assertEqual(user_in_group, self.g1.user_set.count())
+        self.assertEqual(response.status_code, 403)
+
+    def test_superuser_remove_user_from_group(self):
+        c = Client()
+        self.login(c, 'superuser')
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' + str(self.g1.pk) +
+                          '/remove/user/' + str(self.u4.pk) + '/')
+        self.assertEqual(user_in_group - 1, self.g1.user_set.count())
+        self.assertEqual(response.status_code, 302)
+
+    def test_permitted_remove_user_from_group(self):
+        c = Client()
+        self.login(c, 'user0')
+        user_in_group = self.g1.user_set.count()
+        response = c.post('/dashboard/group/' + str(self.g1.pk) +
+                          '/remove/user/' + str(self.u4.pk) + '/')
+        self.assertEqual(user_in_group - 1, self.g1.user_set.count())
+        self.assertEqual(response.status_code, 302)
+

 class VmDetailVncTest(LoginMixin, TestCase):
    fixtures = ['test-vm-fixture.json', 'node.json']

--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -962,10 +962,11 @@ class GroupList(LoginRequiredMixin, SuperuserRequiredMixin, SingleTableView):
    table_pagination = False


-class GroupRemoveUserView(LoginRequiredMixin, DeleteView):
+class GroupRemoveUserView(CheckedDetailView, DeleteView):
    model = Group
    slug_field = 'pk'
    slug_url_kwarg = 'group_pk'
+    read_level = 'operator'

    def get_context_data(self, **kwargs):
        context = super(GroupRemoveUserView, self).get_context_data(**kwargs)
@@ -1001,6 +1002,9 @@ class GroupRemoveUserView(LoginRequiredMixin, DeleteView):
        return _("Member successfully removed from group!")

    def delete(self, request, *args, **kwargs):
+        object = self.get_object()
+        if not object.profile.has_level(request.user, 'operator'):
+            raise PermissionDenied()
        self.remove_member(kwargs["member_pk"])
        success_url = self.get_success_url()
        success_message = self.get_success_message()