diff --git a/InvenTree/InvenTree/api.py b/InvenTree/InvenTree/api.py index 44e7ec383f..1bdfb79ceb 100644 --- a/InvenTree/InvenTree/api.py +++ b/InvenTree/InvenTree/api.py @@ -30,6 +30,8 @@ class InfoView(AjaxView): Use to confirm that the server is running, etc. """ + permission_classes = [permissions.AllowAny] + def get(self, request, *args, **kwargs): data = { diff --git a/InvenTree/InvenTree/helpers.py b/InvenTree/InvenTree/helpers.py index 9b470902b1..13b770539c 100644 --- a/InvenTree/InvenTree/helpers.py +++ b/InvenTree/InvenTree/helpers.py @@ -15,6 +15,8 @@ from django.http import StreamingHttpResponse from django.core.exceptions import ValidationError from django.utils.translation import ugettext as _ +from django.contrib.auth.models import Permission + import InvenTree.version from .settings import MEDIA_URL, STATIC_URL @@ -441,3 +443,21 @@ def validateFilterString(value): results[k] = v return results + + +def addUserPermission(user, permission): + """ + Shortcut function for adding a certain permission to a user. + """ + + perm = Permission.objects.get(codename=permission) + user.user_permissions.add(perm) + + +def addUserPermissions(user, permissions): + """ + Shortcut function for adding multiple permissions to a user. + """ + + for permission in permissions: + addUserPermission(user, permission) diff --git a/InvenTree/company/test_api.py b/InvenTree/company/test_api.py index bf4cc6643e..643608542d 100644 --- a/InvenTree/company/test_api.py +++ b/InvenTree/company/test_api.py @@ -3,6 +3,8 @@ from rest_framework import status from django.urls import reverse from django.contrib.auth import get_user_model +from InvenTree.helpers import addUserPermissions + from .models import Company @@ -14,7 +16,16 @@ class CompanyTest(APITestCase): def setUp(self): # Create a user for auth User = get_user_model() - User.objects.create_user('testuser', 'test@testing.com', 'password') + self.user = User.objects.create_user('testuser', 'test@testing.com', 'password') + + perms = [ + 'view_company', + 'change_company', + 'add_company', + ] + + addUserPermissions(self.user, perms) + self.client.login(username='testuser', password='password') Company.objects.create(name='ACME', description='Supplier', is_customer=False, is_supplier=True) diff --git a/InvenTree/part/test_api.py b/InvenTree/part/test_api.py index 3b116fa445..9fdc2688cb 100644 --- a/InvenTree/part/test_api.py +++ b/InvenTree/part/test_api.py @@ -9,6 +9,7 @@ from stock.models import StockItem from company.models import Company from InvenTree.status_codes import StockStatus +from InvenTree.helpers import addUserPermissions class PartAPITest(APITestCase): @@ -29,7 +30,33 @@ class PartAPITest(APITestCase): def setUp(self): # Create a user for auth User = get_user_model() - User.objects.create_user('testuser', 'test@testing.com', 'password') + self.user = User.objects.create_user( + username='testuser', + email='test@testing.com', + password='password' + ) + + # Add the permissions required to access the API endpoints + perms = [ + 'view_part', + 'add_part', + 'change_part', + 'delete_part', + 'view_partcategory', + 'add_partcategory', + 'change_partcategory', + 'view_bomitem', + 'add_bomitem', + 'change_bomitem', + 'view_partattachment', + 'change_partattachment', + 'add_partattachment', + 'view_parttesttemplate', + 'add_parttesttemplate', + 'change_parttesttemplate', + ] + + addUserPermissions(self.user, perms) self.client.login(username='testuser', password='password') diff --git a/InvenTree/part/test_views.py b/InvenTree/part/test_views.py index bc09784a47..b1ae991a0c 100644 --- a/InvenTree/part/test_views.py +++ b/InvenTree/part/test_views.py @@ -4,6 +4,8 @@ from django.test import TestCase from django.urls import reverse from django.contrib.auth import get_user_model +from InvenTree.helpers import addUserPermissions + from .models import Part @@ -23,7 +25,32 @@ class PartViewTestCase(TestCase): # Create a user User = get_user_model() - User.objects.create_user('username', 'user@email.com', 'password') + self.user = User.objects.create_user( + username='username', + email='user@email.com', + password='password' + ) + + # Add the permissions required to access the pages + perms = [ + 'view_part', + 'add_part', + 'change_part', + 'delete_part', + 'view_partcategory', + 'add_partcategory', + 'change_partcategory', + 'view_bomitem', + 'add_bomitem', + 'change_bomitem', + 'view_partattachment', + 'change_partattachment', + 'add_partattachment', + ] + + addUserPermissions(self.user, perms) + + self.user.save() self.client.login(username='username', password='password') @@ -140,12 +167,14 @@ class PartTests(PartViewTestCase): """ Tests for Part forms """ def test_part_edit(self): + response = self.client.get(reverse('part-edit', args=(1,)), HTTP_X_REQUESTED_WITH='XMLHttpRequest') - self.assertEqual(response.status_code, 200) keys = response.context.keys() data = str(response.content) + self.assertEqual(response.status_code, 200) + self.assertIn('part', keys) self.assertIn('csrf_token', keys) @@ -189,6 +218,8 @@ class PartAttachmentTests(PartViewTestCase): response = self.client.get(reverse('part-attachment-create'), {'part': 1}, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertEqual(response.status_code, 200) + # TODO - Create a new attachment using this view + def test_invalid_create(self): """ test creation of an attachment for an invalid part """ diff --git a/InvenTree/part/views.py b/InvenTree/part/views.py index 47a77078be..8e0980c35e 100644 --- a/InvenTree/part/views.py +++ b/InvenTree/part/views.py @@ -635,7 +635,7 @@ class PartNotes(UpdateView): template_name = 'part/notes.html' model = Part - permission_required = 'part.update_part' + permission_required = 'part.change_part' fields = ['notes'] @@ -753,7 +753,7 @@ class PartImageUpload(AjaxUpdateView): form_class = part_forms.PartImageForm - permission_required = 'part.update_part' + permission_required = 'part.change_part' def get_data(self): return { @@ -768,7 +768,7 @@ class PartImageSelect(AjaxUpdateView): ajax_template_name = 'part/select_image.html' ajax_form_title = _('Select Part Image') - permission_required = 'part.update_part' + permission_required = 'part.change_part' fields = [ 'image', @@ -811,7 +811,7 @@ class PartEdit(AjaxUpdateView): ajax_form_title = _('Edit Part Properties') context_object_name = 'part' - permission_required = 'part.update_part' + permission_required = 'part.change_part' def get_form(self): """ Create form for Part editing. @@ -837,7 +837,7 @@ class BomValidate(AjaxUpdateView): context_object_name = 'part' form_class = part_forms.BomValidateForm - permission_required = ('part.update_part') + permission_required = ('part.change_part') def get_context(self): return { @@ -905,7 +905,7 @@ class BomUpload(PermissionRequiredMixin, FormView): missing_columns = [] allowed_parts = [] - permission_required = ('part.update_part', 'part.add_bomitem') + permission_required = ('part.change_part', 'part.add_bomitem') def get_success_url(self): part = self.get_object() diff --git a/InvenTree/stock/test_api.py b/InvenTree/stock/test_api.py index a522bc5415..8348a3e331 100644 --- a/InvenTree/stock/test_api.py +++ b/InvenTree/stock/test_api.py @@ -3,6 +3,8 @@ from rest_framework import status from django.urls import reverse from django.contrib.auth import get_user_model +from InvenTree.helpers import addUserPermissions + from .models import StockLocation @@ -22,6 +24,20 @@ class StockAPITestCase(APITestCase): # Create a user for auth User = get_user_model() self.user = User.objects.create_user('testuser', 'test@testing.com', 'password') + + # Add the necessary permissions to the user + perms = [ + 'view_stockitemtestresult', + 'change_stockitemtestresult', + 'add_stockitemtestresult', + 'add_stocklocation', + 'change_stocklocation', + 'add_stockitem', + 'change_stockitem', + ] + + addUserPermissions(self.user, perms) + self.client.login(username='testuser', password='password') def doPost(self, url, data={}):