From dd7344d65d13881aa0d923f9fa0cacbaf3db1cfe Mon Sep 17 00:00:00 2001 From: Nick Smith Date: Mon, 23 Jun 2014 10:51:35 +0100 Subject: [PATCH] Add tests for notification preferences views' being filtered for less privileged users --- .../tests/test_account_management.py | 58 ++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/wagtail/wagtailadmin/tests/test_account_management.py b/wagtail/wagtailadmin/tests/test_account_management.py index 56aa63560..e8f46a25b 100644 --- a/wagtail/wagtailadmin/tests/test_account_management.py +++ b/wagtail/wagtailadmin/tests/test_account_management.py @@ -1,7 +1,7 @@ from django.test import TestCase from wagtail.tests.utils import unittest, WagtailTestUtils from django.core.urlresolvers import reverse -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Group, Permission from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.core import mail @@ -213,6 +213,62 @@ class TestAccountSection(TestCase, WagtailTestUtils): self.assertTrue(profile.rejected_notifications) +class TestAccountManagementForNonModerator(TestCase, WagtailTestUtils): + """ + Tests of reduced-functionality for editors + """ + def setUp(self): + # Create a non-moderator user + self.submitter = User.objects.create_user('submitter', 'submitter@example.com', 'password') + self.submitter.groups.add(Group.objects.get(name='Editors')) + + self.client.login(username=self.submitter.username, password='password') + + def test_notification_preferences_form_is_reduced_for_non_moderators(self): + """ + This tests that a user without publish permissions is not shown the + notification preference for 'submitted' items + """ + response = self.client.get(reverse('wagtailadmin_account_notification_preferences')) + self.assertIn('approved_notifications', response.context['form'].fields.keys()) + self.assertIn('rejected_notifications', response.context['form'].fields.keys()) + self.assertNotIn('submitted_notifications', response.context['form'].fields.keys()) + + +class TestAccountManagementForAdminOnlyUser(TestCase, WagtailTestUtils): + """ + Tests for users with no edit/publish permissions at all + """ + def setUp(self): + # Create a non-moderator user + admin_only_group = Group.objects.create(name='Admin Only') + admin_only_group.permissions.add(Permission.objects.get(codename='access_admin')) + + self.admin_only_user = User.objects.create_user('admin_only_user', 'admin_only_user@example.com', 'password') + self.admin_only_user.groups.add(admin_only_group) + + self.client.login(username=self.admin_only_user.username, password='password') + + def test_notification_preferences_view_redirects_for_admin_only_users(self): + """ + Test that the user is not shown the notification preferences view but instead + redirected to the account page + """ + response = self.client.get(reverse('wagtailadmin_account_notification_preferences')) + self.assertRedirects(response, reverse('wagtailadmin_account')) + + def test_notification_preferences_link_not_shown_for_admin_only_users(self): + """ + Test that the user is not even shown the link to the notification + preferences view + """ + response = self.client.get(reverse('wagtailadmin_account')) + self.assertEqual(response.context['show_notification_preferences'], False) + self.assertNotContains(response, reverse('wagtailadmin_account_notification_preferences')) + # safety check that checking for absence/presence of urls works + self.assertContains(response, reverse('wagtailadmin_home')) + + class TestPasswordReset(TestCase, WagtailTestUtils): """ This tests that the password reset is working