2013-04-13 18:13:11 +02:00
|
|
|
import re
|
2013-09-25 10:01:01 +02:00
|
|
|
|
2013-12-23 19:14:11 +01:00
|
|
|
from django.contrib.auth.models import Permission
|
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2013-04-13 18:13:11 +02:00
|
|
|
from django.test.client import Client
|
|
|
|
|
|
|
|
from openslides.config.api import config
|
2014-10-11 14:34:49 +02:00
|
|
|
from openslides.users.api import get_registered_group
|
|
|
|
from openslides.users.models import Group, User
|
2013-04-13 18:13:11 +02:00
|
|
|
from openslides.utils.test import TestCase
|
|
|
|
|
|
|
|
|
2013-10-20 21:42:17 +02:00
|
|
|
class UserViews(TestCase):
|
|
|
|
"""
|
|
|
|
Tests some views for users.
|
|
|
|
"""
|
|
|
|
def setUp(self):
|
|
|
|
self.admin = User.objects.get(pk=1)
|
|
|
|
self.client = Client()
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
|
|
|
|
def test_create(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/new/')
|
|
|
|
|
|
|
|
self.assertTemplateUsed(response, 'users/user_form.html')
|
|
|
|
self.assertContains(response, 'New user')
|
|
|
|
response = self.client.post('/user/new/', {'first_name': 'test_name_ho8hui2niz4nohSupahb'})
|
|
|
|
self.assertRedirects(response, '/user/')
|
2013-10-20 21:42:17 +02:00
|
|
|
|
2014-01-11 21:56:19 +01:00
|
|
|
def test_create_multiple(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/new_multiple/')
|
|
|
|
self.assertTemplateUsed(response, 'users/user_form_multiple.html')
|
|
|
|
self.assertContains(response, 'New multiple users')
|
2014-01-11 21:56:19 +01:00
|
|
|
self.assertEqual(User.objects.count(), 1)
|
|
|
|
block = ('first_name_ksdjfhkjsdhf75utgeitrten last_name_khonizt958zh8fh\n'
|
|
|
|
'first_name_1_bmgnf7z8ru first_name_2_kjc98vivt last_name_dfg76kjkjuibv')
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.post('/user/new_multiple/',
|
|
|
|
{'users_block': block})
|
2014-01-11 21:56:19 +01:00
|
|
|
self.assertEqual(User.objects.count(), 3)
|
|
|
|
|
2013-10-20 21:42:17 +02:00
|
|
|
def test_update(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/1/edit/')
|
|
|
|
|
|
|
|
self.assertTemplateUsed(response, 'users/user_form.html')
|
|
|
|
self.assertContains(response, 'Edit user')
|
|
|
|
|
2013-10-20 21:42:17 +02:00
|
|
|
response = self.client.post(
|
2014-10-11 14:34:49 +02:00
|
|
|
'/user/1/edit/',
|
|
|
|
{'username': 'test_name_unaewae5Ir0saijeac2I',
|
2013-10-20 21:42:17 +02:00
|
|
|
'first_name': 'test_name_aJi5jaizaVingaeF3Ohj',
|
|
|
|
'groups': '4',
|
|
|
|
'is_active': 'yes'})
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
self.assertRedirects(response, '/user/')
|
2013-10-20 21:42:17 +02:00
|
|
|
|
2014-03-30 10:54:09 +02:00
|
|
|
def test_activate(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/1/status/activate/')
|
2014-03-30 10:54:09 +02:00
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
|
2013-10-20 21:42:17 +02:00
|
|
|
|
2013-04-13 18:13:11 +02:00
|
|
|
class GroupViews(TestCase):
|
|
|
|
"""
|
|
|
|
Tests the detail view for groups and later also the other views.
|
|
|
|
"""
|
|
|
|
def setUp(self):
|
2013-06-16 12:00:57 +02:00
|
|
|
self.user_1 = User.objects.get(pk=1)
|
|
|
|
self.user_1.first_name = 'admins_first_name'
|
|
|
|
self.user_1.save()
|
|
|
|
|
2013-04-13 18:13:11 +02:00
|
|
|
self.user_2 = User.objects.create(last_name='uquahx3Wohtieph9baer',
|
|
|
|
first_name='aWei4ien6Se0vie0xeiv',
|
|
|
|
username='aWei4ien6Se0vie0xeiv uquahx3Wohtieph9baer')
|
|
|
|
self.delegate = Group.objects.get(pk=3)
|
|
|
|
self.user_1.groups.add(self.delegate)
|
|
|
|
self.user_2.groups.add(self.delegate)
|
|
|
|
|
|
|
|
self.client = Client()
|
2014-10-11 14:34:49 +02:00
|
|
|
self.client.login(username='admin', password='admin')
|
2013-04-13 18:13:11 +02:00
|
|
|
|
|
|
|
def test_detail(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/group/3/')
|
2013-06-16 12:00:57 +02:00
|
|
|
pattern = r'admins_first_name Administrator|aWei4ien6Se0vie0xeiv uquahx3Wohtieph9baer'
|
2014-08-16 09:25:18 +02:00
|
|
|
match = re.findall(pattern, response.content.decode('utf8'))
|
2013-06-16 12:00:57 +02:00
|
|
|
self.assertEqual(match[0], 'admins_first_name Administrator')
|
2013-04-13 18:13:11 +02:00
|
|
|
self.assertEqual(match[1], 'aWei4ien6Se0vie0xeiv uquahx3Wohtieph9baer')
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
config['users_sort_users_by_first_name'] = True
|
|
|
|
self.assertTrue(config['users_sort_users_by_first_name'])
|
|
|
|
response = self.client.get('/user/group/3/')
|
2013-06-16 12:00:57 +02:00
|
|
|
pattern = r'admins_first_name Administrator|aWei4ien6Se0vie0xeiv uquahx3Wohtieph9baer'
|
2014-08-16 09:25:18 +02:00
|
|
|
match = re.findall(pattern, response.content.decode('utf8'))
|
2013-06-16 12:00:57 +02:00
|
|
|
self.assertEqual(match[1], 'admins_first_name Administrator')
|
2013-04-13 18:13:11 +02:00
|
|
|
self.assertEqual(match[0], 'aWei4ien6Se0vie0xeiv uquahx3Wohtieph9baer')
|
2013-06-03 20:13:06 +02:00
|
|
|
|
2013-10-20 21:42:17 +02:00
|
|
|
def test_create(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/group/new/')
|
|
|
|
|
|
|
|
self.assertTemplateUsed(response, 'users/group_form.html')
|
2013-10-20 21:42:17 +02:00
|
|
|
self.assertContains(response, 'New group')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
response = self.client.post('/user/group/new/', {'name': 'test_group_name_Oeli1aeXoobohv8eikai'})
|
|
|
|
|
|
|
|
self.assertRedirects(response, '/user/group/')
|
2013-10-20 21:42:17 +02:00
|
|
|
|
|
|
|
def test_update(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/group/1/edit/')
|
|
|
|
|
|
|
|
self.assertTemplateUsed(response, 'users/group_form.html')
|
2013-10-20 21:42:17 +02:00
|
|
|
self.assertContains(response, 'Edit group')
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
response = self.client.post('/user/group/1/edit/', {'name': 'test_group_name_ahFeicoz5jedie4Fop0U'})
|
|
|
|
|
|
|
|
self.assertRedirects(response, '/user/group/')
|
2013-10-20 21:42:17 +02:00
|
|
|
|
2013-06-03 20:13:06 +02:00
|
|
|
|
|
|
|
class LockoutProtection(TestCase):
|
|
|
|
"""
|
|
|
|
Tests that a manager user can not lockout himself by doing
|
2014-10-11 14:34:49 +02:00
|
|
|
something that removes his last permission to manage users. Tests
|
|
|
|
also that he can see the user app (although there is no absolute
|
2013-12-23 19:14:11 +01:00
|
|
|
protection).
|
2013-06-03 20:13:06 +02:00
|
|
|
"""
|
|
|
|
def setUp(self):
|
2013-06-16 12:00:57 +02:00
|
|
|
self.user = User.objects.get(pk=1)
|
2013-06-03 20:13:06 +02:00
|
|
|
self.user.groups.add(Group.objects.get(pk=4))
|
|
|
|
self.client = Client()
|
2013-06-16 12:00:57 +02:00
|
|
|
self.client.login(username='admin', password='admin')
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertEqual(User.objects.count(), 1)
|
|
|
|
self.assertEqual(Group.objects.count(), 4)
|
2013-06-16 12:00:57 +02:00
|
|
|
self.assertFalse(self.user.is_superuser)
|
2013-06-03 20:13:06 +02:00
|
|
|
|
|
|
|
def test_delete_yourself(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/1/del/')
|
|
|
|
self.assertRedirects(response, '/user/1/')
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertTrue('You can not delete yourself.' in response.cookies['messages'].value)
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.post('/user/1/del/',
|
2013-06-03 20:13:06 +02:00
|
|
|
{'yes': 'yes'})
|
|
|
|
self.assertTrue('You can not delete yourself.' in response.cookies['messages'].value)
|
2014-10-11 14:34:49 +02:00
|
|
|
self.assertRedirects(response, '/user/')
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertEqual(User.objects.count(), 1)
|
|
|
|
|
|
|
|
def test_delete_last_manager_group(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.get('/user/group/4/del/')
|
|
|
|
self.assertRedirects(response, '/user/group/4/')
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertTrue('You can not delete the last group containing the permission '
|
2014-10-11 14:34:49 +02:00
|
|
|
'to manage users you are in.' in response.cookies['messages'].value)
|
|
|
|
response = self.client.post('/user/group/4/del/',
|
2013-06-03 20:13:06 +02:00
|
|
|
{'yes': 'yes'})
|
|
|
|
self.assertTrue('You can not delete the last group containing the permission '
|
2014-10-11 14:34:49 +02:00
|
|
|
'to manage users you are in.' in response.cookies['messages'].value)
|
|
|
|
self.assertRedirects(response, '/user/group/')
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertEqual(Group.objects.count(), 4)
|
|
|
|
|
|
|
|
def test_remove_user_from_last_manager_group_via_UserUpdateView(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.post('/user/1/edit/',
|
2013-06-03 20:13:06 +02:00
|
|
|
{'username': 'arae0eQu8eeghoogeik0',
|
|
|
|
'groups': '3'})
|
|
|
|
self.assertFormError(
|
|
|
|
response=response,
|
|
|
|
form='form',
|
|
|
|
field=None,
|
2014-10-11 14:34:49 +02:00
|
|
|
errors='You can not remove the last group containing the permission to manage users.')
|
2013-06-03 20:13:06 +02:00
|
|
|
|
|
|
|
def test_remove_user_from_last_manager_group_via_GroupUpdateView(self):
|
|
|
|
User.objects.get_or_create(username='foo', pk=2)
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.post('/user/group/4/edit/',
|
2013-06-03 20:13:06 +02:00
|
|
|
{'name': 'ChaeFaev4leephaiChae',
|
|
|
|
'users': '2'})
|
|
|
|
self.assertFormError(
|
|
|
|
response=response,
|
|
|
|
form='form',
|
|
|
|
field=None,
|
2014-10-11 14:34:49 +02:00
|
|
|
errors='You can not remove yourself from the last group containing the permission to manage users.')
|
2013-06-03 20:13:06 +02:00
|
|
|
|
|
|
|
def test_remove_perm_from_last_manager_group(self):
|
2014-10-11 14:34:49 +02:00
|
|
|
response = self.client.post('/user/group/4/edit/',
|
2013-06-03 20:13:06 +02:00
|
|
|
{'name': 'ChaeFaev4leephaiChae',
|
|
|
|
'users': '1',
|
2014-10-11 14:34:49 +02:00
|
|
|
'permissions': []})
|
2013-06-03 20:13:06 +02:00
|
|
|
self.assertFormError(
|
|
|
|
response=response,
|
|
|
|
form='form',
|
|
|
|
field=None,
|
2014-10-11 14:34:49 +02:00
|
|
|
errors='You can not remove the permission to manage users from the last group you are in.')
|
2013-09-24 23:27:30 +02:00
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def test_remove_permission_can_see_user_from_registered(self):
|
|
|
|
self.assertTrue(self.user.has_perm('users.can_see'))
|
2013-12-23 19:14:11 +01:00
|
|
|
# Remove perm from registered group
|
|
|
|
can_see_perm = Permission.objects.get(
|
2014-10-11 14:34:49 +02:00
|
|
|
content_type=ContentType.objects.get(app_label='users', model='user'),
|
|
|
|
codename='can_see')
|
2013-12-23 19:14:11 +01:00
|
|
|
get_registered_group().permissions.remove(can_see_perm)
|
|
|
|
# Reload user
|
|
|
|
self.user = User.objects.get(pk=1)
|
2014-10-11 14:34:49 +02:00
|
|
|
self.assertTrue(self.user.has_perm('users.can_see'))
|
2013-12-23 19:14:11 +01:00
|
|
|
|
2013-09-24 23:27:30 +02:00
|
|
|
|
|
|
|
class TestUserSettings(TestCase):
|
|
|
|
def setUp(self):
|
|
|
|
self.admin = User.objects.get(pk=1)
|
|
|
|
self.admin_client = Client()
|
|
|
|
self.admin_client.login(username='admin', password='admin')
|
|
|
|
|
|
|
|
def test_get(self):
|
|
|
|
response = self.admin_client.get('/usersettings/')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
2014-10-11 14:34:49 +02:00
|
|
|
def test_post(self):
|
2013-09-24 23:27:30 +02:00
|
|
|
response = self.admin_client.post('/usersettings/', {
|
2014-10-11 14:34:49 +02:00
|
|
|
'username': 'new_name',
|
2013-09-24 23:27:30 +02:00
|
|
|
'language': 'de'})
|
2014-10-11 14:34:49 +02:00
|
|
|
|
|
|
|
self.assertRedirects(response, '/usersettings/')
|
2013-09-24 23:27:30 +02:00
|
|
|
|
|
|
|
admin = User.objects.get(pk=1)
|
2014-10-11 14:34:49 +02:00
|
|
|
|
2013-09-24 23:27:30 +02:00
|
|
|
self.assertEqual(admin.username, 'new_name')
|