Tim Savage avatar Tim Savage committed 4014e3b

Added test coverage to contrib.auth.decorators. Corrected staff_required and superuser_required decorators.

Comments (0)

Files changed (5)

.idea/django-extras.iml

 <module type="PYTHON_MODULE" version="4">
   <component name="NewModuleRootManager">
     <content url="file://$MODULE_DIR$" />
-    <orderEntry type="jdk" jdkName="Python 2.7.1 virtualenv at ~/Projects/ve" jdkType="Python SDK" />
+    <orderEntry type="jdk" jdkName="Python 2.7.2 virtualenv at ~\.virtualenvs\dev-django1.4" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
   <component name="TemplatesService">
   <component name="ProjectResources">
     <default-html-doctype>http://www.w3.org/1999/xhtml</default-html-doctype>
   </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.1 virtualenv at ~/Projects/ve" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.2 virtualenv at ~\.virtualenvs\dev-django1.4" project-jdk-type="Python SDK" />
 </project>
 

django_extras/__init__.py

-VERSION = (0, 2, 2, 'beta', 0)
+VERSION = (0, 2, 3, 'beta', 0)
 
 def get_version():
     # Don't litter django_extras/__init__.py with all the get_version stuff.

django_extras/contrib/auth/decorators.py

 from django.core.exceptions import PermissionDenied
 
 
-def superuser_required(login_url=None, raise_exception=False):
+def superuser_required(function=None, login_url=None, raise_exception=False):
     """
     Decorator for views that checks that the user is a superuser, redirecting to
     the log-in page if necessary.
         if raise_exception:
             raise PermissionDenied
         return False
-    return user_passes_test(check_permission, login_url=login_url)
+    actual_decorator = user_passes_test(check_permission, login_url=login_url)
+    if function:
+        return actual_decorator(function)
+    return actual_decorator
 
-def staff_required(include_superusers=True, login_url=None, raise_exception=False):
+def staff_required(function=None, include_superusers=True, login_url=None, raise_exception=False):
     """
     Decorator for views that checks that the user is a staff member, redirecting
     to the log-in page if necessary.
         if raise_exception:
             raise PermissionDenied
         return False
-    return user_passes_test(check_permission, login_url=login_url)
+    actual_decorator = user_passes_test(check_permission, login_url=login_url)
+    if function:
+        return actual_decorator(function)
+    return actual_decorator

django_extras/tests/contrib/auth.py

 from django import test
 from django.db import models
+from django.core.exceptions import PermissionDenied
+from django.http import HttpResponse, HttpRequest
 from django.contrib.auth.models import User
+from django_extras.contrib.auth.decorators import staff_required, superuser_required
 from django_extras.contrib.auth.models import SingleOwnerMixin, MultipleOwnerMixin
 
 
+@staff_required
+def staff_view(request, foo, bar='eek'):
+    return HttpResponse('ok')
+
+@staff_required(include_superusers=False)
+def staff_only_view(request, foo, bar='eek'):
+    return HttpResponse('ok')
+
+@staff_required(raise_exception=True)
+def staff_view_throw(request, foo, bar='eek'):
+    return HttpResponse('ok')
+
+
+class StaffRequiredTestCase(test.TestCase):
+    def __init__(self, *args, **kwargs):
+        super(StaffRequiredTestCase, self).__init__(*args, **kwargs)
+        self.user = User()
+        self.user_staff = User(is_staff=True)
+        self.user_super = User(is_superuser=True)
+
+    def create_request(self, user):
+        request = HttpRequest()
+        request.user = user
+        request.META['SERVER_NAME'] = 'test'
+        request.META['SERVER_PORT'] = 80
+        return request
+
+    def test_normal_user(self):
+        request = self.create_request(self.user)
+        response = staff_view(request, 123)
+        self.assertEqual(response.status_code, 302)
+
+    def test_staff_user(self):
+        request = self.create_request(self.user_staff)
+        response = staff_view(request, 123)
+        self.assertEqual(response.status_code, 200)
+
+    def test_super_user(self):
+        request = self.create_request(self.user_super)
+        response = staff_view(request, 123)
+        self.assertEqual(response.status_code, 200)
+
+    def test_staff_only(self):
+        request = self.create_request(self.user_super)
+        response = staff_only_view(request, 123)
+        self.assertEqual(response.status_code, 302)
+
+    def test_raise_exception(self):
+        request = self.create_request(self.user)
+        self.assertRaises(PermissionDenied, lambda: staff_view_throw(request, 123))
+
+
+@superuser_required
+def superuser_view(request, foo, bar='eek'):
+    return HttpResponse()
+
+@superuser_required(raise_exception=True)
+def superuser_view_throw(request, foo, bar='eek'):
+    return HttpResponse()
+
+
+class SuperuserRequiredTestCase(test.TestCase):
+    def __init__(self, *args, **kwargs):
+        super(SuperuserRequiredTestCase, self).__init__(*args, **kwargs)
+        self.user = User()
+        self.user_staff = User(is_staff=True)
+        self.user_super = User(is_superuser=True)
+
+    def create_request(self, user):
+        request = HttpRequest()
+        request.user = user
+        request.META['SERVER_NAME'] = 'test'
+        request.META['SERVER_PORT'] = 80
+        return request
+
+    def test_normal_user(self):
+        request = self.create_request(self.user)
+        response = superuser_view(request, 123)
+        self.assertEqual(response.status_code, 302)
+
+    def test_staff_user(self):
+        request = self.create_request(self.user_staff)
+        response = superuser_view(request, 123)
+        self.assertEqual(response.status_code, 302)
+
+    def test_super_user(self):
+        request = self.create_request(self.user_super)
+        response = superuser_view(request, 123)
+        self.assertEqual(response.status_code, 200)
+
+    def test_raise_exception(self):
+        request = self.create_request(self.user)
+        self.assertRaises(PermissionDenied, lambda: superuser_view_throw(request, 123))
+
+
+## Models required for the follow tests
+
 class SingleOwner(SingleOwnerMixin, models.Model):
     name = models.CharField(max_length=50)
     description = models.TextField()
     def test_owned_by_include_either_multiple(self):
         self.assertRaises(TypeError, lambda: MultiOwner.objects.owned_by([self.user_super, self.user1], include_staff=True))
 
+    def test_owned_by_include_either_user_id(self):
+        actual = MultiOwner.objects.owned_by(1, include_staff=True).values_list('id', flat=True)
+        self.assertSequenceEqual([1, 2], actual)
+
 
 class OwnerMixinBaseTestCase(test.TransactionTestCase):
     fixtures = ['owners.json']
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.