|
| 1 | +from __future__ import annotations |
| 2 | + |
| 3 | +import pytest |
| 4 | + |
| 5 | +from dandiapi.api.tests.factories import UserFactory |
| 6 | + |
| 7 | + |
| 8 | +@pytest.mark.parametrize( |
| 9 | + ('is_staff', 'is_superuser'), |
| 10 | + [ |
| 11 | + (False, False), |
| 12 | + (False, True), |
| 13 | + (True, False), |
| 14 | + (True, True), |
| 15 | + ], |
| 16 | +) |
| 17 | +@pytest.mark.django_db |
| 18 | +def test_dashboard_access(api_client, is_staff, is_superuser): |
| 19 | + user = UserFactory.create(is_staff=is_staff, is_superuser=is_superuser) |
| 20 | + api_client.force_login(user) |
| 21 | + resp = api_client.get('/dashboard/') |
| 22 | + |
| 23 | + should_pass = is_staff or is_superuser |
| 24 | + assert resp.status_code == (200 if should_pass else 403) |
| 25 | + |
| 26 | + |
| 27 | +@pytest.mark.django_db |
| 28 | +def test_dashboard_access_unauthenticated(api_client): |
| 29 | + resp = api_client.get('/dashboard/') |
| 30 | + assert resp.status_code == 302 |
| 31 | + |
| 32 | + |
| 33 | +@pytest.mark.parametrize( |
| 34 | + ('is_staff', 'is_superuser'), |
| 35 | + [ |
| 36 | + (False, False), |
| 37 | + (False, True), |
| 38 | + (True, False), |
| 39 | + (True, True), |
| 40 | + ], |
| 41 | +) |
| 42 | +@pytest.mark.django_db |
| 43 | +def test_user_approval_access(api_client, is_staff, is_superuser): |
| 44 | + user = UserFactory.create(is_staff=is_staff, is_superuser=is_superuser) |
| 45 | + api_client.force_login(user) |
| 46 | + |
| 47 | + other_user = UserFactory.create() |
| 48 | + resp = api_client.get(f'/dashboard/user/{other_user.username}/') |
| 49 | + |
| 50 | + should_pass = is_staff or is_superuser |
| 51 | + assert resp.status_code == (200 if should_pass else 403) |
| 52 | + |
| 53 | + |
| 54 | +@pytest.mark.django_db |
| 55 | +def test_user_approval_access_unauthenticated(api_client): |
| 56 | + other_user = UserFactory.create() |
| 57 | + resp = api_client.get(f'/dashboard/user/{other_user.username}/') |
| 58 | + assert resp.status_code == 302 |
| 59 | + |
| 60 | + |
| 61 | +@pytest.mark.parametrize( |
| 62 | + ('is_staff', 'is_superuser'), |
| 63 | + [ |
| 64 | + (False, False), |
| 65 | + (False, True), |
| 66 | + (True, False), |
| 67 | + (True, True), |
| 68 | + ], |
| 69 | +) |
| 70 | +@pytest.mark.django_db |
| 71 | +def test_mailchimp_view_access(api_client, is_staff, is_superuser): |
| 72 | + user = UserFactory.create(is_staff=is_staff, is_superuser=is_superuser) |
| 73 | + api_client.force_login(user) |
| 74 | + |
| 75 | + resp = api_client.get('/dashboard/mailchimp/') |
| 76 | + |
| 77 | + should_pass = is_staff or is_superuser |
| 78 | + assert resp.status_code == (200 if should_pass else 403) |
| 79 | + |
| 80 | + |
| 81 | +@pytest.mark.django_db |
| 82 | +def test_mailchimp_view_access_unauthenticated(api_client): |
| 83 | + resp = api_client.get('/dashboard/mailchimp/') |
| 84 | + assert resp.status_code == 403 |
0 commit comments