Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update unit tests

Browse Source 
- requires the user to actually have the necessary permissions!
This commit is contained in:
Oliver Walters 2020-10-06 01:30:36 +11:00
parent 16d720b62c
commit 3f59ce3f93
7 changed files with 117 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
InvenTree/InvenTree/api.py
View File

@ -30,6 +30,8 @@ class InfoView(AjaxView):
Use to confirm that the server is running, etc. Use to confirm that the server is running, etc.
""" """
permission_classes = [permissions.AllowAny]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
data = { data = {

20
InvenTree/InvenTree/helpers.py
View File

@ -15,6 +15,8 @@ from django.http import StreamingHttpResponse
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.contrib.auth.models import Permission
import InvenTree.version import InvenTree.version
from .settings import MEDIA_URL, STATIC_URL from .settings import MEDIA_URL, STATIC_URL
@ -441,3 +443,21 @@ def validateFilterString(value):
results[k] = v results[k] = v
return results return results
def addUserPermission(user, permission):
"""
Shortcut function for adding a certain permission to a user.
"""
perm = Permission.objects.get(codename=permission)
user.user_permissions.add(perm)
def addUserPermissions(user, permissions):
"""
Shortcut function for adding multiple permissions to a user.
"""
for permission in permissions:
addUserPermission(user, permission)

13
InvenTree/company/test_api.py
View File

@ -3,6 +3,8 @@ from rest_framework import status
from django.urls import reverse from django.urls import reverse
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from InvenTree.helpers import addUserPermissions
from .models import Company from .models import Company
@ -14,7 +16,16 @@ class CompanyTest(APITestCase):
def setUp(self): def setUp(self):
# Create a user for auth # Create a user for auth
User = get_user_model() User = get_user_model()
User.objects.create_user('testuser', 'test@testing.com', 'password') self.user = User.objects.create_user('testuser', 'test@testing.com', 'password')
perms = [
'view_company',
'change_company',
'add_company',
]
addUserPermissions(self.user, perms)
self.client.login(username='testuser', password='password') self.client.login(username='testuser', password='password')
Company.objects.create(name='ACME', description='Supplier', is_customer=False, is_supplier=True) Company.objects.create(name='ACME', description='Supplier', is_customer=False, is_supplier=True)

29
InvenTree/part/test_api.py
View File

@ -9,6 +9,7 @@ from stock.models import StockItem
from company.models import Company from company.models import Company
from InvenTree.status_codes import StockStatus from InvenTree.status_codes import StockStatus
from InvenTree.helpers import addUserPermissions
class PartAPITest(APITestCase): class PartAPITest(APITestCase):
@ -29,7 +30,33 @@ class PartAPITest(APITestCase):
def setUp(self): def setUp(self):
# Create a user for auth # Create a user for auth
User = get_user_model() User = get_user_model()
User.objects.create_user('testuser', 'test@testing.com', 'password') self.user = User.objects.create_user(
username='testuser',
email='test@testing.com',
password='password'
)
# Add the permissions required to access the API endpoints
perms = [
'view_part',
'add_part',
'change_part',
'delete_part',
'view_partcategory',
'add_partcategory',
'change_partcategory',
'view_bomitem',
'add_bomitem',
'change_bomitem',
'view_partattachment',
'change_partattachment',
'add_partattachment',
'view_parttesttemplate',
'add_parttesttemplate',
'change_parttesttemplate',
]
addUserPermissions(self.user, perms)
self.client.login(username='testuser', password='password') self.client.login(username='testuser', password='password')

35
InvenTree/part/test_views.py
View File

@ -4,6 +4,8 @@ from django.test import TestCase
from django.urls import reverse from django.urls import reverse
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from InvenTree.helpers import addUserPermissions
from .models import Part from .models import Part
@ -23,7 +25,32 @@ class PartViewTestCase(TestCase):
# Create a user # Create a user
User = get_user_model() User = get_user_model()
User.objects.create_user('username', 'user@email.com', 'password') self.user = User.objects.create_user(
username='username',
email='user@email.com',
password='password'
)
# Add the permissions required to access the pages
perms = [
'view_part',
'add_part',
'change_part',
'delete_part',
'view_partcategory',
'add_partcategory',
'change_partcategory',
'view_bomitem',
'add_bomitem',
'change_bomitem',
'view_partattachment',
'change_partattachment',
'add_partattachment',
]
addUserPermissions(self.user, perms)
self.user.save()
self.client.login(username='username', password='password') self.client.login(username='username', password='password')
@ -140,12 +167,14 @@ class PartTests(PartViewTestCase):
""" Tests for Part forms """ """ Tests for Part forms """
def test_part_edit(self): def test_part_edit(self):
response = self.client.get(reverse('part-edit', args=(1,)), HTTP_X_REQUESTED_WITH='XMLHttpRequest') response = self.client.get(reverse('part-edit', args=(1,)), HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(response.status_code, 200)
keys = response.context.keys() keys = response.context.keys()
data = str(response.content) data = str(response.content)
self.assertEqual(response.status_code, 200)
self.assertIn('part', keys) self.assertIn('part', keys)
self.assertIn('csrf_token', keys) self.assertIn('csrf_token', keys)
@ -189,6 +218,8 @@ class PartAttachmentTests(PartViewTestCase):
response = self.client.get(reverse('part-attachment-create'), {'part': 1}, HTTP_X_REQUESTED_WITH='XMLHttpRequest') response = self.client.get(reverse('part-attachment-create'), {'part': 1}, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
# TODO - Create a new attachment using this view
def test_invalid_create(self): def test_invalid_create(self):
""" test creation of an attachment for an invalid part """ """ test creation of an attachment for an invalid part """

12
InvenTree/part/views.py
View File

@ -635,7 +635,7 @@ class PartNotes(UpdateView):
template_name = 'part/notes.html' template_name = 'part/notes.html'
model = Part model = Part
permission_required = 'part.update_part' permission_required = 'part.change_part'
fields = ['notes'] fields = ['notes']
@ -753,7 +753,7 @@ class PartImageUpload(AjaxUpdateView):
form_class = part_forms.PartImageForm form_class = part_forms.PartImageForm
permission_required = 'part.update_part' permission_required = 'part.change_part'
def get_data(self): def get_data(self):
return { return {
@ -768,7 +768,7 @@ class PartImageSelect(AjaxUpdateView):
ajax_template_name = 'part/select_image.html' ajax_template_name = 'part/select_image.html'
ajax_form_title = _('Select Part Image') ajax_form_title = _('Select Part Image')
permission_required = 'part.update_part' permission_required = 'part.change_part'
fields = [ fields = [
'image', 'image',
@ -811,7 +811,7 @@ class PartEdit(AjaxUpdateView):
ajax_form_title = _('Edit Part Properties') ajax_form_title = _('Edit Part Properties')
context_object_name = 'part' context_object_name = 'part'
permission_required = 'part.update_part' permission_required = 'part.change_part'
def get_form(self): def get_form(self):
""" Create form for Part editing. """ Create form for Part editing.
@ -837,7 +837,7 @@ class BomValidate(AjaxUpdateView):
context_object_name = 'part' context_object_name = 'part'
form_class = part_forms.BomValidateForm form_class = part_forms.BomValidateForm
permission_required = ('part.update_part') permission_required = ('part.change_part')
def get_context(self): def get_context(self):
return { return {
@ -905,7 +905,7 @@ class BomUpload(PermissionRequiredMixin, FormView):
missing_columns = [] missing_columns = []
allowed_parts = [] allowed_parts = []
permission_required = ('part.update_part', 'part.add_bomitem') permission_required = ('part.change_part', 'part.add_bomitem')
def get_success_url(self): def get_success_url(self):
part = self.get_object() part = self.get_object()

16
InvenTree/stock/test_api.py
View File

@ -3,6 +3,8 @@ from rest_framework import status
from django.urls import reverse from django.urls import reverse
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from InvenTree.helpers import addUserPermissions
from .models import StockLocation from .models import StockLocation
@ -22,6 +24,20 @@ class StockAPITestCase(APITestCase):
# Create a user for auth # Create a user for auth
User = get_user_model() User = get_user_model()
self.user = User.objects.create_user('testuser', 'test@testing.com', 'password') self.user = User.objects.create_user('testuser', 'test@testing.com', 'password')
# Add the necessary permissions to the user
perms = [
'view_stockitemtestresult',
'change_stockitemtestresult',
'add_stockitemtestresult',
'add_stocklocation',
'change_stocklocation',
'add_stockitem',
'change_stockitem',
]
addUserPermissions(self.user, perms)
self.client.login(username='testuser', password='password') self.client.login(username='testuser', password='password')
def doPost(self, url, data={}): def doPost(self, url, data={}):