Skip to content

History Entry Permission Test Cases

Test cases for accessing History

For this test to function properly you must add the history items model to app.core.views.history.View.get_object(). specifically an entry to the switch in the middle of the function.

Source code in app/core/tests/abstract/history_permissions.py 
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
class HistoryPermissions:
    """Test cases for accessing History

    For this test to function properly you must add the history items model to
    `app.core.views.history.View.get_object()`. specifically an entry to the switch in the middle
    of the function.
    """


    item: object
    """Created Model

    Create a new item. 
    """

    model = History
    """ The history Model """

    namespace: str = ''
    """ URL namespace for the history view"""

    name_view: str = '_history'
    """ URL view name for history """

    no_permissions_user: User
    """A User with no permissions to access the item

    Create in `setUpTestData`
    """

    different_organization_user: User
    """A User with the correct permissions to access the item

    This user must be in a different organization than the item

    Create in `setUpTestData`
    """

    view_user: User
    """A User with the correct permissions to access the item

    This user must be in the same organization as the item

    Create in `setUpTestData`
    """


    def test_view_history_user_anon_denied(self):
        """ Check correct permission for view

        Attempt to view as anon user
        """

        client = Client()
        url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})

        response = client.get(url)

        assert response.status_code == 302 and response.url.startswith('/account/login')


    def test_view_history_no_permission_denied(self):
        """ Check correct permission for view

        Attempt to view with user missing permission
        """

        client = Client()
        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


        client.force_login(self.no_permissions_user)
        response = client.get(url)

        assert response.status_code == 403


    def test_view_history_different_organizaiton_denied(self):
        """ Check correct permission for view

        Attempt to view with user from different organization
        """

        client = Client()
        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


        client.force_login(self.different_organization_user)
        response = client.get(url)

        assert response.status_code == 403


    def test_view_history_has_permission(self):
        """ Check correct permission for view

        Attempt to view as user with view permission
        """

        client = Client()
        url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


        client.force_login(self.view_user)
        response = client.get(url)

        assert response.status_code == 200

Attributes

item: object

Created Model

Create a new item.

model = History

The history Model

namespace: str = ''

URL namespace for the history view

name_view: str = '_history'

URL view name for history

no_permissions_user: User

A User with no permissions to access the item

Create in setUpTestData

different_organization_user: User

A User with the correct permissions to access the item

This user must be in a different organization than the item

Create in setUpTestData

view_user: User

A User with the correct permissions to access the item

This user must be in the same organization as the item

Create in setUpTestData

Functions

test_view_history_user_anon_denied()

Check correct permission for view

Attempt to view as anon user

Source code in app/core/tests/abstract/history_permissions.py 
61
62
63
64
65
66
67
68
69
70
71
72
def test_view_history_user_anon_denied(self):
    """ Check correct permission for view

    Attempt to view as anon user
    """

    client = Client()
    url = reverse(self.namespace + self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})

    response = client.get(url)

    assert response.status_code == 302 and response.url.startswith('/account/login')

test_view_history_no_permission_denied()

Check correct permission for view

Attempt to view with user missing permission

Source code in app/core/tests/abstract/history_permissions.py 
75
76
77
78
79
80
81
82
83
84
85
86
87
88
def test_view_history_no_permission_denied(self):
    """ Check correct permission for view

    Attempt to view with user missing permission
    """

    client = Client()
    url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


    client.force_login(self.no_permissions_user)
    response = client.get(url)

    assert response.status_code == 403

test_view_history_different_organizaiton_denied()

Check correct permission for view

Attempt to view with user from different organization

Source code in app/core/tests/abstract/history_permissions.py 
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
def test_view_history_different_organizaiton_denied(self):
    """ Check correct permission for view

    Attempt to view with user from different organization
    """

    client = Client()
    url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


    client.force_login(self.different_organization_user)
    response = client.get(url)

    assert response.status_code == 403

test_view_history_has_permission()

Check correct permission for view

Attempt to view as user with view permission

Source code in app/core/tests/abstract/history_permissions.py 
107
108
109
110
111
112
113
114
115
116
117
118
119
120
def test_view_history_has_permission(self):
    """ Check correct permission for view

    Attempt to view as user with view permission
    """

    client = Client()
    url = reverse(self.namespace +  self.name_view, kwargs={'model_name': self.item._meta.model_name, 'model_pk': self.item.id})


    client.force_login(self.view_user)
    response = client.get(url)

    assert response.status_code == 200

About:

This page forms part of our Project Centurion ERP.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2024-06-16
Date Edited: 2024-07-09

Contribution:

Would You like to contribute to our Centurion ERP project? You can assist in the following ways:

 

ToDo: Add the page list of contributors