Merge branch 'test/views_kfet' into test/views

This commit is contained in:
Martin Pépin 2017-10-10 21:15:49 +02:00
commit 116b4da1a5
10 changed files with 2930 additions and 37 deletions

View file

@ -106,6 +106,7 @@ def account_create(request):
return render(request, "kfet/account_create_autocomplete.html", data) return render(request, "kfet/account_create_autocomplete.html", data)
@teamkfet_required
def account_search(request): def account_search(request):
if "q" not in request.GET: if "q" not in request.GET:
raise Http404 raise Http404

View file

@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('kfet', '0056_change_account_meta'),
]
operations = [
migrations.AlterModelOptions(
name='account',
options={'permissions': (('is_team', 'Is part of the team'), ('manage_perms', 'Gérer les permissions K-Fêt'), ('manage_addcosts', 'Gérer les majorations'), ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"), ('special_add_account', 'Créer un compte avec une balance initiale'), ('can_force_close', 'Fermer manuellement la K-Fêt'), ('see_config', 'Voir la configuration K-Fêt'), ('change_config', 'Modifier la configuration K-Fêt'))},
),
]

View file

@ -0,0 +1,39 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('kfet', '0057_add_perms_config'),
]
operations = [
migrations.AlterField(
model_name='supplier',
name='address',
field=models.TextField(verbose_name='adresse', blank=True),
),
migrations.AlterField(
model_name='supplier',
name='articles',
field=models.ManyToManyField(verbose_name='articles vendus', through='kfet.SupplierArticle', related_name='suppliers', to='kfet.Article'),
),
migrations.AlterField(
model_name='supplier',
name='comment',
field=models.TextField(verbose_name='commentaire', blank=True),
),
migrations.AlterField(
model_name='supplier',
name='email',
field=models.EmailField(max_length=254, verbose_name='adresse mail', blank=True),
),
migrations.AlterField(
model_name='supplier',
name='phone',
field=models.CharField(max_length=20, verbose_name='téléphone', blank=True),
),
]

View file

@ -8,6 +8,7 @@ from gestioncof.models import CofProfile
from django.utils.six.moves import reduce from django.utils.six.moves import reduce
from django.utils import timezone from django.utils import timezone
from django.utils.encoding import python_2_unicode_compatible from django.utils.encoding import python_2_unicode_compatible
from django.utils.translation import ugettext_lazy as _
from django.db import transaction from django.db import transaction
from django.db.models import F from django.db.models import F
from datetime import date from datetime import date
@ -75,6 +76,8 @@ class Account(models.Model):
('special_add_account', ('special_add_account',
"Créer un compte avec une balance initiale"), "Créer un compte avec une balance initiale"),
('can_force_close', "Fermer manuellement la K-Fêt"), ('can_force_close', "Fermer manuellement la K-Fêt"),
('see_config', "Voir la configuration K-Fêt"),
('change_config', "Modifier la configuration K-Fêt"),
) )
def __str__(self): def __str__(self):
@ -522,21 +525,24 @@ class InventoryArticle(models.Model):
self.stock_error = self.stock_new - self.stock_old self.stock_error = self.stock_new - self.stock_old
super(InventoryArticle, self).save(*args, **kwargs) super(InventoryArticle, self).save(*args, **kwargs)
@python_2_unicode_compatible
class Supplier(models.Model): class Supplier(models.Model):
articles = models.ManyToManyField( articles = models.ManyToManyField(
Article, Article,
through = 'SupplierArticle', verbose_name=_("articles vendus"),
related_name = "suppliers") through='SupplierArticle',
name = models.CharField("nom", max_length = 45) related_name='suppliers',
address = models.TextField("adresse") )
email = models.EmailField("adresse mail") name = models.CharField(_("nom"), max_length=45)
phone = models.CharField("téléphone", max_length = 10) address = models.TextField(_("adresse"), blank=True)
comment = models.TextField("commentaire") email = models.EmailField(_("adresse mail"), blank=True)
phone = models.CharField(_("téléphone"), max_length=20, blank=True)
comment = models.TextField(_("commentaire"), blank=True)
def __str__(self): def __str__(self):
return self.name return self.name
class SupplierArticle(models.Model): class SupplierArticle(models.Model):
supplier = models.ForeignKey( supplier = models.ForeignKey(
Supplier, on_delete = models.PROTECT) Supplier, on_delete = models.PROTECT)

View file

@ -0,0 +1,95 @@
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
from django.test import TestCase
from gestioncof.models import CofProfile
from ..models import Account
from .testcases import TestCaseMixin
from .utils import (
create_user, create_team, create_root, get_perms, user_add_perms,
)
User = get_user_model()
class UserHelpersTests(TestCaseMixin, TestCase):
def test_create_user(self):
"""create_user creates a basic user and its account."""
u = create_user()
a = u.profile.account_kfet
self.assertInstanceExpected(u, {
'get_full_name': 'first last',
'username': 'user',
})
self.assertFalse(u.user_permissions.exists())
self.assertEqual('000', a.trigramme)
def test_create_team(self):
u = create_team()
a = u.profile.account_kfet
self.assertInstanceExpected(u, {
'get_full_name': 'team member',
'username': 'team',
})
self.assertTrue(u.has_perm('kfet.is_team'))
self.assertEqual('100', a.trigramme)
def test_create_root(self):
u = create_root()
a = u.profile.account_kfet
self.assertInstanceExpected(u, {
'get_full_name': 'super user',
'username': 'root',
'is_superuser': True,
'is_staff': True,
})
self.assertEqual('200', a.trigramme)
class PermHelpersTest(TestCaseMixin, TestCase):
def setUp(self):
cts = ContentType.objects.get_for_models(Account, CofProfile)
self.perm1 = Permission.objects.create(
content_type=cts[Account],
codename='test_perm',
name='Perm for test',
)
self.perm2 = Permission.objects.create(
content_type=cts[CofProfile],
codename='another_test_perm',
name='Another one',
)
self.perm_team = Permission.objects.get(
content_type__app_label='kfet',
codename='is_team',
)
def test_get_perms(self):
perms = get_perms('kfet.test_perm', 'gestioncof.another_test_perm')
self.assertDictEqual(perms, {
'kfet.test_perm': self.perm1,
'gestioncof.another_test_perm': self.perm2,
})
def test_user_add_perms(self):
user = User.objects.create_user(username='user', password='user')
user.user_permissions.add(self.perm1)
user_add_perms(user, ['kfet.is_team', 'gestioncof.another_test_perm'])
self.assertQuerysetEqual(
user.user_permissions.all(),
map(repr, [self.perm1, self.perm2, self.perm_team]),
ordered=False,
)

File diff suppressed because it is too large Load diff

353
kfet/tests/testcases.py Normal file
View file

@ -0,0 +1,353 @@
from unittest import mock
from urllib.parse import parse_qs, urlparse
from django.core.urlresolvers import reverse
from django.http import QueryDict
from django.test import Client
from django.utils import timezone
from django.utils.functional import cached_property
from .utils import create_root, create_team, create_user
class TestCaseMixin:
"""Extends TestCase for kfet application tests."""
def assertForbidden(self, response):
"""
Test that the response (retrieved with a Client) is a denial of access.
The response should verify one of the following:
- its HTTP response code is 403,
- it redirects to the login page with a GET parameter named 'next'
whose value is the url of the requested page.
"""
request = response.wsgi_request
try:
try:
# Is this an HTTP Forbidden response ?
self.assertEqual(response.status_code, 403)
except AssertionError:
# A redirection to the login view is fine too.
# Let's build the login url with the 'next' param on current
# page.
full_path = request.get_full_path()
querystring = QueryDict(mutable=True)
querystring['next'] = full_path
login_url = '/login?' + querystring.urlencode(safe='/')
# We don't focus on what the login view does.
# So don't fetch the redirect.
self.assertRedirects(
response, login_url,
fetch_redirect_response=False,
)
except AssertionError:
raise AssertionError(
"%(http_method)s request at %(path)s should be forbidden for "
"%(username)s user.\n"
"Response isn't 403, nor a redirect to login view. Instead, "
"response code is %(code)d." % {
'http_method': request.method,
'path': request.get_full_path(),
'username': (
"'{}'".format(request.user)
if request.user.is_authenticated()
else 'anonymous'
),
'code': response.status_code,
}
)
def assertForbiddenKfet(self, response, form_ctx='form'):
"""
Test that a response (retrieved with a Client) contains error due to
lack of kfet permissions.
It checks that 'Permission refusée' is present in the non-field errors
of the form of response context at key 'form_ctx', or present in
messages.
This should be used for pages which can be accessed by the kfet team
members, but require additionnal permission(s) to make an operation.
"""
try:
self.assertEqual(response.status_code, 200)
try:
form = response.context[form_ctx]
self.assertIn("Permission refusée", form.non_field_errors())
except (AssertionError, AttributeError, KeyError):
messages = [str(msg) for msg in response.context['messages']]
self.assertIn("Permission refusée", messages)
except AssertionError:
request = response.wsgi_request
raise AssertionError(
"%(http_method)s request at %(path)s should raise an error "
"for %(username)s user.\n"
"Cannot find any errors in non-field errors of form "
"'%(form_ctx)s', nor in messages." % {
'http_method': request.method,
'path': request.get_full_path(),
'username': (
"'%s'" % request.user
if request.user.is_authenticated()
else 'anonymous'
),
'form_ctx': form_ctx,
}
)
def assertInstanceExpected(self, instance, expected):
"""
Test that the values of the attributes and without-argument methods of
'instance' are equal to 'expected' pairs.
"""
for attr, expected_value in expected.items():
value = getattr(instance, attr)
if callable(value):
value = value()
self.assertEqual(value, expected_value)
def assertUrlsEqual(self, actual, expected):
"""
Test that the url 'actual' is as 'expected'.
Arguments:
actual (str): Url to verify.
expected: Two forms are accepted.
* (str): Expected url. Strings equality is checked.
* (dict): Its keys must be attributes of 'urlparse(actual)'.
Equality is checked for each present key, except for
'query' which must be a dict of the expected query string
parameters.
"""
if type(expected) == dict:
parsed = urlparse(actual)
for part, expected_part in expected.items():
if part == 'query':
self.assertDictEqual(
parse_qs(parsed.query),
expected.get('query', {}),
)
else:
self.assertEqual(getattr(parsed, part), expected_part)
else:
self.assertEqual(actual, expected)
class ViewTestCaseMixin(TestCaseMixin):
"""
TestCase extension to ease tests of kfet views.
Urls concerns
-------------
# Basic usage
Attributes:
url_name (str): Name of view under test, as given to 'reverse'
function.
url_args (list, optional): Will be given to 'reverse' call.
url_kwargs (dict, optional): Same.
url_expcted (str): What 'reverse' should return given previous
attributes.
View url can then be accessed at the 'url' attribute.
# Advanced usage
If multiple combinations of url name, args, kwargs can be used for a view,
it is possible to define 'urls_conf' attribute. It must be a list whose
each item is a dict defining arguments for 'reverse' call ('name', 'args',
'kwargs' keys) and its expected result ('expected' key).
The reversed urls can be accessed at the 't_urls' attribute.
Users concerns
--------------
During setup, three users are created with their kfet account:
- 'user': a basic user without any permission, account trigramme: 000,
- 'team': a user with kfet.is_team permission, account trigramme: 100,
- 'root': a superuser, account trigramme: 200.
Their password is their username.
One can create additionnal users with 'get_users_extra' method, or prevent
these 3 users to be created with 'get_users_base' method. See these two
methods for further informations.
By using 'register_user' method, these users can then be accessed at
'users' attribute by their label. Similarly, their kfet account is
registered on 'accounts' attribute.
A user label can be given to 'auth_user' attribute. The related user is
then authenticated on self.client during test setup. Its value defaults to
'None', meaning no user is authenticated.
Automated tests
---------------
# Url reverse
Based on url-related attributes/properties, the test 'test_urls' checks
that expected url is returned by 'reverse' (once with basic url usage and
each for advanced usage).
# Forbidden responses
The 'test_forbidden' test verifies that each user, from labels of
'auth_forbidden' attribute, can't access the url(s), i.e. response should
be a 403, or a redirect to login view.
Tested HTTP requests are given by 'http_methods' attribute. Additional data
can be given by defining an attribute '<method(lowercase)>_data'.
"""
url_name = None
url_expected = None
http_methods = ['GET']
auth_user = None
auth_forbidden = []
def setUp(self):
"""
Warning: Do not forget to call super().setUp() in subclasses.
"""
# Signals handlers on login/logout send messages.
# Due to the way the Django' test Client performs login, this raise an
# error. As workaround, we mock the Django' messages module.
patcher_messages = mock.patch('gestioncof.signals.messages')
patcher_messages.start()
self.addCleanup(patcher_messages.stop)
# A test can mock 'django.utils.timezone.now' and give this as return
# value. E.g. it is useful if the test checks values of 'auto_now' or
# 'auto_now_add' fields.
self.now = timezone.now()
# These attributes register users and accounts instances.
self.users = {}
self.accounts = {}
for label, user in dict(self.users_base, **self.users_extra).items():
self.register_user(label, user)
if self.auth_user:
# The wrapper is a sanity check.
self.assertTrue(
self.client.login(
username=self.auth_user,
password=self.auth_user,
)
)
def tearDown(self):
del self.users_base
del self.users_extra
def get_users_base(self):
"""
Dict of <label: user instance>.
Note: Don't access yourself this property. Use 'users_base' attribute
which cache the returned value from here.
It allows to give functions calls, which creates users instances, as
values here.
"""
# Format desc: username, password, trigramme
return {
# user, user, 000
'user': create_user(),
# team, team, 100
'team': create_team(),
# root, root, 200
'root': create_root(),
}
@cached_property
def users_base(self):
return self.get_users_base()
def get_users_extra(self):
"""
Dict of <label: user instance>.
Note: Don't access yourself this property. Use 'users_base' attribute
which cache the returned value from here.
It allows to give functions calls, which create users instances, as
values here.
"""
return {}
@cached_property
def users_extra(self):
return self.get_users_extra()
def register_user(self, label, user):
self.users[label] = user
if hasattr(user.profile, 'account_kfet'):
self.accounts[label] = user.profile.account_kfet
def get_user(self, label):
if self.auth_user is not None:
return self.auth_user
return self.auth_user_mapping.get(label)
@property
def urls_conf(self):
return [{
'name': self.url_name,
'args': getattr(self, 'url_args', []),
'kwargs': getattr(self, 'url_kwargs', {}),
'expected': self.url_expected,
}]
@property
def t_urls(self):
return [
reverse(
url_conf['name'],
args=url_conf.get('args', []),
kwargs=url_conf.get('kwargs', {}),
)
for url_conf in self.urls_conf]
@property
def url(self):
return self.t_urls[0]
def test_urls(self):
for url, conf in zip(self.t_urls, self.urls_conf):
self.assertEqual(url, conf['expected'])
def test_forbidden(self):
for method in self.http_methods:
for user in self.auth_forbidden:
for url in self.t_urls:
self.check_forbidden(method, url, user)
def check_forbidden(self, method, url, user=None):
method = method.lower()
client = Client()
if user is not None:
client.login(username=user, password=user)
send_request = getattr(client, method)
data = getattr(self, '{}_data'.format(method), {})
r = send_request(url, data)
self.assertForbidden(r)

188
kfet/tests/utils.py Normal file
View file

@ -0,0 +1,188 @@
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Permission
from ..models import Account
User = get_user_model()
def _create_user_and_account(user_attrs, account_attrs, perms=None):
"""
Create a user and its account, and assign permissions to this user.
Arguments
user_attrs (dict): User data (first name, last name, password...).
account_attrs (dict): Account data (department, kfet password...).
perms (list of str: 'app.perm'): These permissions will be assigned to
the created user. No permission are assigned by default.
If 'password' is not given in 'user_attrs', username is used as password.
If 'kfet.is_team' is in 'perms' and 'password' is not in 'account_attrs',
the account password is 'kfetpwd_<user pwd>'.
"""
user_pwd = user_attrs.pop('password', user_attrs['username'])
user = User.objects.create(**user_attrs)
user.set_password(user_pwd)
user.save()
account_attrs['cofprofile'] = user.profile
kfet_pwd = account_attrs.pop('password', 'kfetpwd_{}'.format(user_pwd))
account = Account.objects.create(**account_attrs)
if perms is not None:
user = user_add_perms(user, perms)
if 'kfet.is_team' in perms:
account.change_pwd(kfet_pwd)
account.save()
return user
def create_user(username='user', trigramme='000', **kwargs):
"""
Create a user without any permission and its kfet account.
username and trigramme are accepted as arguments (defaults to 'user' and
'000').
user_attrs, account_attrs and perms can be given as keyword arguments to
customize the user and its kfet account.
# Default values
User
* username: user
* password: user
* first_name: first
* last_name: last
* email: mail@user.net
Account
* trigramme: 000
"""
user_attrs = kwargs.setdefault('user_attrs', {})
user_attrs.setdefault('username', username)
user_attrs.setdefault('first_name', 'first')
user_attrs.setdefault('last_name', 'last')
user_attrs.setdefault('email', 'mail@user.net')
account_attrs = kwargs.setdefault('account_attrs', {})
account_attrs.setdefault('trigramme', trigramme)
return _create_user_and_account(**kwargs)
def create_team(username='team', trigramme='100', **kwargs):
"""
Create a user, member of the kfet team, and its kfet account.
username and trigramme are accepted as arguments (defaults to 'team' and
'100').
user_attrs, account_attrs and perms can be given as keyword arguments to
customize the user and its kfet account.
# Default values
User
* username: team
* password: team
* first_name: team
* last_name: member
* email: mail@team.net
Account
* trigramme: 100
* kfet password: kfetpwd_team
"""
user_attrs = kwargs.setdefault('user_attrs', {})
user_attrs.setdefault('username', username)
user_attrs.setdefault('first_name', 'team')
user_attrs.setdefault('last_name', 'member')
user_attrs.setdefault('email', 'mail@team.net')
account_attrs = kwargs.setdefault('account_attrs', {})
account_attrs.setdefault('trigramme', trigramme)
perms = kwargs.setdefault('perms', [])
perms.append('kfet.is_team')
return _create_user_and_account(**kwargs)
def create_root(username='root', trigramme='200', **kwargs):
"""
Create a superuser and its kfet account.
username and trigramme are accepted as arguments (defaults to 'root' and
'200').
user_attrs, account_attrs and perms can be given as keyword arguments to
customize the user and its kfet account.
# Default values
User
* username: root
* password: root
* first_name: super
* last_name: user
* email: mail@root.net
* is_staff, is_superuser: True
Account
* trigramme: 200
* kfet password: kfetpwd_root
"""
user_attrs = kwargs.setdefault('user_attrs', {})
user_attrs.setdefault('username', username)
user_attrs.setdefault('first_name', 'super')
user_attrs.setdefault('last_name', 'user')
user_attrs.setdefault('email', 'mail@root.net')
user_attrs['is_superuser'] = user_attrs['is_staff'] = True
account_attrs = kwargs.setdefault('account_attrs', {})
account_attrs.setdefault('trigramme', trigramme)
return _create_user_and_account(**kwargs)
def get_perms(*labels):
"""Return Permission instances from a list of '<app>.<perm_codename>'."""
perms = {}
for label in set(labels):
app_label, codename = label.split('.', 1)
perms[label] = Permission.objects.get(
content_type__app_label=app_label,
codename=codename,
)
return perms
def user_add_perms(user, perms_labels):
"""
Add perms to a user.
Args:
user (User instance)
perms (list of str 'app.perm_name')
Returns:
The same user (refetched from DB to avoid missing perms)
"""
perms = get_perms(*perms_labels)
user.user_permissions.add(*perms.values())
# If permissions have already been fetched for this user, we need to reload
# it to avoid using of the previous permissions cache.
# https://docs.djangoproject.com/en/1.11/topics/auth/default/#permission-caching
return User.objects.get(pk=user.pk)

View file

@ -188,13 +188,9 @@ urlpatterns = [
# Settings urls # Settings urls
# ----- # -----
url(r'^settings/$', url(r'^settings/$', views.config_list,
permission_required('kfet.change_settings')
(views.SettingsList.as_view()),
name='kfet.settings'), name='kfet.settings'),
url(r'^settings/edit$', url(r'^settings/edit$', views.config_update,
permission_required('kfet.change_settings')
(views.SettingsUpdate.as_view()),
name='kfet.settings.update'), name='kfet.settings.update'),

View file

@ -1452,6 +1452,9 @@ class SettingsList(TemplateView):
template_name = 'kfet/settings.html' template_name = 'kfet/settings.html'
config_list = permission_required('kfet.see_config')(SettingsList.as_view())
class SettingsUpdate(SuccessMessageMixin, FormView): class SettingsUpdate(SuccessMessageMixin, FormView):
form_class = KFetConfigForm form_class = KFetConfigForm
template_name = 'kfet/settings_update.html' template_name = 'kfet/settings_update.html'
@ -1460,13 +1463,17 @@ class SettingsUpdate(SuccessMessageMixin, FormView):
def form_valid(self, form): def form_valid(self, form):
# Checking permission # Checking permission
if not self.request.user.has_perm('kfet.change_settings'): if not self.request.user.has_perm('kfet.change_config'):
form.add_error(None, 'Permission refusée') form.add_error(None, 'Permission refusée')
return self.form_invalid(form) return self.form_invalid(form)
form.save() form.save()
return super().form_valid(form) return super().form_valid(form)
config_update = (
permission_required('kfet.change_config')(SettingsUpdate.as_view())
)
# ----- # -----
# Transfer views # Transfer views