Merge branch 'aureplop/fix_perms_settings' into 'test/views_kfet'

Fix kfet config-related permissions

See merge request !244
This commit is contained in:
Martin Pepin 2017-08-29 20:37:48 +02:00
commit 6e140e540d
5 changed files with 46 additions and 15 deletions

View file

@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('kfet', '0056_change_account_meta'),
]
operations = [
migrations.AlterModelOptions(
name='account',
options={'permissions': (('is_team', 'Is part of the team'), ('manage_perms', 'Gérer les permissions K-Fêt'), ('manage_addcosts', 'Gérer les majorations'), ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"), ('special_add_account', 'Créer un compte avec une balance initiale'), ('can_force_close', 'Fermer manuellement la K-Fêt'), ('see_config', 'Voir la configuration K-Fêt'), ('change_config', 'Modifier la configuration K-Fêt'))},
),
]

View file

@ -75,6 +75,8 @@ class Account(models.Model):
('special_add_account',
"Créer un compte avec une balance initiale"),
('can_force_close', "Fermer manuellement la K-Fêt"),
('see_config', "Voir la configuration K-Fêt"),
('change_config', "Modifier la configuration K-Fêt"),
)
def __str__(self):

View file

@ -1653,7 +1653,7 @@ class SettingsListViewTests(ViewTestCaseMixin, TestCase):
def users_extra(self):
return {
'team1': create_team('team1', '101', perms=[
'kfet.change_settings',
'kfet.see_config',
]),
}
@ -1686,26 +1686,34 @@ class SettingsUpdateViewTests(ViewTestCaseMixin, TestCase):
def users_extra(self):
return {
'team1': create_team('team1', '101', perms=[
'kfet.change_settings',
'kfet.change_config',
]),
}
def test_get_ok(self):
r = self.client.get(self.url)
self.assertequal(r.status_code, 200)
self.assertEqual(r.status_code, 200)
def test_post_ok(self):
r = self.client.post(self.url, self.post_data)
self.assertRedirects(r, reverse('kfet.settings'))
# Redirect is skipped because client may lack permissions.
self.assertRedirects(
r,
reverse('kfet.settings'),
fetch_redirect_response=False,
)
self.assertDictEqual(dict(kfet_config.list()), {
expected_config = {
'reduction_cof': Decimal('25'),
'addcost_amount': Decimal('0.5'),
'addcost_for': self.accounts['user'],
'overdraft_duration': timedelta(day=2),
'overdraft_duration': timedelta(days=2),
'overdraft_amount': Decimal('25'),
'kfet_cancel_duration': timedelta(minutes=20),
})
'cancel_duration': timedelta(minutes=20),
}
for key, expected in expected_config.items():
self.assertEqual(getattr(kfet_config, key), expected)
class TransferListViewTests(ViewTestCaseMixin, TestCase):

View file

@ -188,13 +188,9 @@ urlpatterns = [
# Settings urls
# -----
url(r'^settings/$',
permission_required('kfet.change_settings')
(views.SettingsList.as_view()),
url(r'^settings/$', views.config_list,
name='kfet.settings'),
url(r'^settings/edit$',
permission_required('kfet.change_settings')
(views.SettingsUpdate.as_view()),
url(r'^settings/edit$', views.config_update,
name='kfet.settings.update'),

View file

@ -1452,6 +1452,9 @@ class SettingsList(TemplateView):
template_name = 'kfet/settings.html'
config_list = permission_required('kfet.see_config')(SettingsList.as_view())
class SettingsUpdate(SuccessMessageMixin, FormView):
form_class = KFetConfigForm
template_name = 'kfet/settings_update.html'
@ -1460,13 +1463,17 @@ class SettingsUpdate(SuccessMessageMixin, FormView):
def form_valid(self, form):
# Checking permission
if not self.request.user.has_perm('kfet.change_settings'):
if not self.request.user.has_perm('kfet.change_config'):
form.add_error(None, 'Permission refusée')
return self.form_invalid(form)
form.save()
return super().form_valid(form)
config_update = (
permission_required('kfet.change_config')(SettingsUpdate.as_view())
)
# -----
# Transfer views