Mark Lavin avatar Mark Lavin committed 400c478

Add staff member required mixin. Fix bad test assertions. See #44.

Comments (0)

Files changed (2)

selectable/base.py

     'ModelLookup',
     'AjaxRequiredMixin',
     'LoginRequiredMixin',
+    'StaffRequiredMixin',
 )
 
 
         if user is None or not user.is_authenticated():
             return http.HttpResponse(status=401) # Unauthorized   
         return super(LoginRequiredMixin, self).results(request)
+
+
+class StaffRequiredMixin(object):
+    "Lookup extension to require the user is a staff member."
+
+    def results(self, request):
+        user = getattr(request, 'user', None)
+        if user is None or not user.is_authenticated():
+            return http.HttpResponse(status=401) # Unauthorized
+        elif not user.is_staff:
+            return http.HttpResponseForbidden()
+        return super(StaffRequiredMixin, self).results(request)
+

selectable/tests/base.py

 from django.test import TestCase
 
 from mock import Mock
-from selectable.base import ModelLookup, AjaxRequiredMixin, LoginRequiredMixin
+from selectable.base import ModelLookup, AjaxRequiredMixin
+from selectable.base import LoginRequiredMixin, StaffRequiredMixin
 from selectable.tests import Thing
 
 __all__ = (
     'MultiFieldLookupTestCase',
     'AjaxRequiredLookupTestCase',
     'LoginRequiredLookupTestCase',
+    'StaffRequiredLookupTestCase',
 )
 
 
     
     lookup_cls = SimpleModelLookup
     lookup_mixin = AjaxRequiredMixin
-
+    
     def setUp(self):
         self.lookup = self.create_lookup_class()()
-    
+
     def test_ajax_call(self):
-        "Ajax call should yield a successful response"
+        "Ajax call should yield a successful response."
         request = Mock()
         request.is_ajax = lambda: True
         response = self.lookup.results(request)
         self.assertTrue(response.status_code, 200)
 
     def test_non_ajax_call(self):
-        "Non-Ajax call should yield a bad request response"
+        "Non-Ajax call should yield a bad request response."
         request = Mock()
         request.is_ajax = lambda: False
         response = self.lookup.results(request)
-        self.assertTrue(response.status_code, 400)
+        self.assertEqual(response.status_code, 400)
 
 
 class LoginRequiredLookupTestCase(BaseSelectableTestCase, LookupMixinTest):
         self.lookup = self.create_lookup_class()()
     
     def test_authenicated_call(self):
-        "Authenicated call should yield a successful response"
+        "Authenicated call should yield a successful response."
         request = Mock()
         user = Mock()
         user.is_authenticated = lambda: True
         self.assertTrue(response.status_code, 200)
 
     def test_non_authenicated_call(self):
-        "Non-Authenicated call should yield an unauthorized response"
+        "Non-Authenicated call should yield an unauthorized response."
         request = Mock()
         user = Mock()
         user.is_authenticated = lambda: False
         request.user = user
         response = self.lookup.results(request)
-        self.assertTrue(response.status_code, 400)
+        self.assertEqual(response.status_code, 401)
+
+
+class StaffRequiredLookupTestCase(BaseSelectableTestCase, LookupMixinTest):
+
+    lookup_cls = SimpleModelLookup
+    lookup_mixin = StaffRequiredMixin
+
+    def setUp(self):
+        self.lookup = self.create_lookup_class()()
+
+    def test_staff_member_call(self):
+        "Staff member call should yield a successful response."
+        request = Mock()
+        user = Mock()
+        user.is_authenticated = lambda: True
+        user.is_staff = True
+        request.user = user
+        response = self.lookup.results(request)
+        self.assertTrue(response.status_code, 200)
+
+    def test_authenicated_but_not_staff(self):
+        "Authenicated but non staff call should yield a forbidden response."
+        request = Mock()
+        user = Mock()
+        user.is_authenticated = lambda: True
+        user.is_staff = False
+        request.user = user
+        response = self.lookup.results(request)
+        self.assertTrue(response.status_code, 403)
+
+    def test_non_authenicated_call(self):
+        "Non-Authenicated call should yield an unauthorized response."
+        request = Mock()
+        user = Mock()
+        user.is_authenticated = lambda: False
+        user.is_staff = False
+        request.user = user
+        response = self.lookup.results(request)
+        self.assertEqual(response.status_code, 401)
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.