forked from DGNum/gestioCOF
More general forbidden test
This commit is contained in:
parent
6adfaba8e9
commit
c14c2d54a5
2 changed files with 51 additions and 18 deletions
|
@ -79,10 +79,15 @@ class TestCaseMixin:
|
|||
self.assertEqual(response.status_code, 200)
|
||||
try:
|
||||
form = response.context[form_ctx]
|
||||
self.assertIn("Permission refusée", form.non_field_errors())
|
||||
errors = [y for x in form.errors.as_data().values() for y in x]
|
||||
self.assertTrue(any(e.code == "permission-denied" for e in errors))
|
||||
except (AssertionError, AttributeError, KeyError):
|
||||
messages = [str(msg) for msg in response.context["messages"]]
|
||||
self.assertIn("Permission refusée", messages)
|
||||
self.assertTrue(
|
||||
any(
|
||||
"permission-denied" in msg.tags
|
||||
for msg in response.context["messages"]
|
||||
)
|
||||
)
|
||||
except AssertionError:
|
||||
request = response.wsgi_request
|
||||
raise AssertionError(
|
||||
|
|
|
@ -12,7 +12,7 @@ from django.contrib.auth.decorators import login_required, permission_required
|
|||
from django.contrib.auth.mixins import PermissionRequiredMixin
|
||||
from django.contrib.auth.models import Permission, User
|
||||
from django.contrib.messages.views import SuccessMessageMixin
|
||||
from django.core.exceptions import SuspiciousOperation
|
||||
from django.core.exceptions import SuspiciousOperation, ValidationError
|
||||
from django.db import transaction
|
||||
from django.db.models import Count, F, Max, OuterRef, Prefetch, Q, Subquery, Sum
|
||||
from django.forms import formset_factory
|
||||
|
@ -160,7 +160,9 @@ def account_create(request):
|
|||
):
|
||||
# Checking permission
|
||||
if not request.user.has_perm("kfet.add_account"):
|
||||
messages.error(request, "Permission refusée")
|
||||
messages.error(
|
||||
request, "Permission refusée", extra_tags="permission-denied"
|
||||
)
|
||||
else:
|
||||
data = {}
|
||||
# Fill data for Account.save()
|
||||
|
@ -393,7 +395,9 @@ def account_update(request, trigramme):
|
|||
# Updating account info
|
||||
if forms == []:
|
||||
messages.error(
|
||||
request, "Informations non mises à jour : permission refusée"
|
||||
request,
|
||||
"Informations non mises à jour : permission refusée",
|
||||
extra_tags="permission-denied",
|
||||
)
|
||||
else:
|
||||
if all(form.is_valid() for form in forms):
|
||||
|
@ -513,7 +517,9 @@ class CheckoutCreate(SuccessMessageMixin, CreateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.add_checkout"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
|
||||
# Creating
|
||||
|
@ -551,7 +557,9 @@ class CheckoutUpdate(SuccessMessageMixin, UpdateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_checkout"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
# Updating
|
||||
return super().form_valid(form)
|
||||
|
@ -641,7 +649,9 @@ class CheckoutStatementCreate(SuccessMessageMixin, CreateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.add_checkoutstatement"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
# Creating
|
||||
form.instance.amount_taken = getAmountTaken(form.instance)
|
||||
|
@ -673,7 +683,9 @@ class CheckoutStatementUpdate(SuccessMessageMixin, UpdateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_checkoutstatement"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
# Updating
|
||||
form.instance.amount_taken = getAmountTaken(form.instance)
|
||||
|
@ -705,7 +717,9 @@ class CategoryUpdate(SuccessMessageMixin, UpdateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_articlecategory"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
|
||||
# Updating
|
||||
|
@ -754,7 +768,9 @@ class ArticleCreate(SuccessMessageMixin, CreateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.add_article"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
|
||||
# Save ici pour save le manytomany suppliers
|
||||
|
@ -820,7 +836,9 @@ class ArticleUpdate(SuccessMessageMixin, UpdateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_article"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
|
||||
# Save ici pour save le manytomany suppliers
|
||||
|
@ -1599,7 +1617,9 @@ class SettingsUpdate(SuccessMessageMixin, FormView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_config"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
form.save()
|
||||
return super().form_valid(form)
|
||||
|
@ -1836,7 +1856,9 @@ def inventory_create(request):
|
|||
formset = cls_formset(request.POST, initial=initial)
|
||||
|
||||
if not request.user.has_perm("kfet.add_inventory"):
|
||||
messages.error(request, "Permission refusée")
|
||||
messages.error(
|
||||
request, "Permission refusée", extra_tags="permission-denied"
|
||||
)
|
||||
elif formset.is_valid():
|
||||
with transaction.atomic():
|
||||
|
||||
|
@ -2007,7 +2029,9 @@ def order_create(request, pk):
|
|||
formset = cls_formset(request.POST, initial=initial)
|
||||
|
||||
if not request.user.has_perm("kfet.add_order"):
|
||||
messages.error(request, "Permission refusée")
|
||||
messages.error(
|
||||
request, "Permission refusée", extra_tags="permission-denied"
|
||||
)
|
||||
elif formset.is_valid():
|
||||
order = Order()
|
||||
order.supplier = supplier
|
||||
|
@ -2131,7 +2155,9 @@ def order_to_inventory(request, pk):
|
|||
formset = cls_formset(request.POST, initial=initial)
|
||||
|
||||
if not request.user.has_perm("kfet.order_to_inventory"):
|
||||
messages.error(request, "Permission refusée")
|
||||
messages.error(
|
||||
request, "Permission refusée", extra_tags="permission-denied"
|
||||
)
|
||||
elif formset.is_valid():
|
||||
with transaction.atomic():
|
||||
inventory = Inventory.objects.create(
|
||||
|
@ -2206,7 +2232,9 @@ class SupplierUpdate(SuccessMessageMixin, UpdateView):
|
|||
def form_valid(self, form):
|
||||
# Checking permission
|
||||
if not self.request.user.has_perm("kfet.change_supplier"):
|
||||
form.add_error(None, "Permission refusée")
|
||||
form.add_error(
|
||||
None, ValidationError("Permission refusée", code="permission-denied")
|
||||
)
|
||||
return self.form_invalid(form)
|
||||
# Updating
|
||||
return super().form_valid(form)
|
||||
|
|
Loading…
Reference in a new issue