Update unit tests

- requires the user to actually have the necessary permissions!

InvenTree/InvenTree/api.py

@@ -30,6 +30,8 @@ class InfoView(AjaxView):
     Use to confirm that the server is running, etc.
     """
 
+    permission_classes = [permissions.AllowAny]
+
     def get(self, request, *args, **kwargs):
 
         data = {

InvenTree/InvenTree/helpers.py

@@ -15,6 +15,8 @@ from django.http import StreamingHttpResponse
 from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext as _
 
+from django.contrib.auth.models import Permission
+
 import InvenTree.version
 
 from .settings import MEDIA_URL, STATIC_URL
@@ -441,3 +443,21 @@ def validateFilterString(value):
         results[k] = v
 
     return results
+
+
+def addUserPermission(user, permission):
+    """
+    Shortcut function for adding a certain permission to a user.
+    """
+    
+    perm = Permission.objects.get(codename=permission)
+    user.user_permissions.add(perm)
+
+
+def addUserPermissions(user, permissions):
+    """
+    Shortcut function for adding multiple permissions to a user.
+    """
+
+    for permission in permissions:
+        addUserPermission(user, permission)

InvenTree/company/test_api.py

@@ -3,6 +3,8 @@ from rest_framework import status
 from django.urls import reverse
 from django.contrib.auth import get_user_model
 
+from InvenTree.helpers import addUserPermissions
+
 from .models import Company
 
 
@@ -14,7 +16,16 @@ class CompanyTest(APITestCase):
     def setUp(self):
         # Create a user for auth
         User = get_user_model()
-        User.objects.create_user('testuser', 'test@testing.com', 'password')
+        self.user = User.objects.create_user('testuser', 'test@testing.com', 'password')
+        
+        perms = [
+            'view_company',
+            'change_company',
+            'add_company',
+        ]
+
+        addUserPermissions(self.user, perms)
+        
         self.client.login(username='testuser', password='password')
 
         Company.objects.create(name='ACME', description='Supplier', is_customer=False, is_supplier=True)

InvenTree/part/test_api.py

@@ -9,6 +9,7 @@ from stock.models import StockItem
 from company.models import Company
 
 from InvenTree.status_codes import StockStatus
+from InvenTree.helpers import addUserPermissions
 
 
 class PartAPITest(APITestCase):
@@ -29,7 +30,33 @@ class PartAPITest(APITestCase):
     def setUp(self):
         # Create a user for auth
         User = get_user_model()
-        User.objects.create_user('testuser', 'test@testing.com', 'password')
+        self.user = User.objects.create_user(
+            username='testuser',
+            email='test@testing.com',
+            password='password'
+        )
+
+        # Add the permissions required to access the API endpoints
+        perms = [
+            'view_part',
+            'add_part',
+            'change_part',
+            'delete_part',
+            'view_partcategory',
+            'add_partcategory',
+            'change_partcategory',
+            'view_bomitem',
+            'add_bomitem',
+            'change_bomitem',
+            'view_partattachment',
+            'change_partattachment',
+            'add_partattachment',
+            'view_parttesttemplate',
+            'add_parttesttemplate',
+            'change_parttesttemplate',
+        ]
+
+        addUserPermissions(self.user, perms)
 
         self.client.login(username='testuser', password='password')
 

InvenTree/part/test_views.py

@@ -4,6 +4,8 @@ from django.test import TestCase
 from django.urls import reverse
 from django.contrib.auth import get_user_model
 
+from InvenTree.helpers import addUserPermissions
+
 from .models import Part
 
 
@@ -23,7 +25,32 @@ class PartViewTestCase(TestCase):
 
         # Create a user
         User = get_user_model()
-        User.objects.create_user('username', 'user@email.com', 'password')
+        self.user = User.objects.create_user(
+            username='username',
+            email='user@email.com',
+            password='password'
+        )
+
+        # Add the permissions required to access the pages
+        perms = [
+            'view_part',
+            'add_part',
+            'change_part',
+            'delete_part',
+            'view_partcategory',
+            'add_partcategory',
+            'change_partcategory',
+            'view_bomitem',
+            'add_bomitem',
+            'change_bomitem',
+            'view_partattachment',
+            'change_partattachment',
+            'add_partattachment',
+        ]
+
+        addUserPermissions(self.user, perms)
+
+        self.user.save()
 
         self.client.login(username='username', password='password')
 
@@ -140,12 +167,14 @@ class PartTests(PartViewTestCase):
     """ Tests for Part forms """
 
     def test_part_edit(self):
+
         response = self.client.get(reverse('part-edit', args=(1,)), HTTP_X_REQUESTED_WITH='XMLHttpRequest')
-        self.assertEqual(response.status_code, 200)
 
         keys = response.context.keys()
         data = str(response.content)
 
+        self.assertEqual(response.status_code, 200)
+
         self.assertIn('part', keys)
         self.assertIn('csrf_token', keys)
 
@@ -189,6 +218,8 @@ class PartAttachmentTests(PartViewTestCase):
         response = self.client.get(reverse('part-attachment-create'), {'part': 1}, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
         self.assertEqual(response.status_code, 200)
 
+        # TODO - Create a new attachment using this view
+
     def test_invalid_create(self):
         """ test creation of an attachment for an invalid part """
 

InvenTree/part/views.py

@@ -635,7 +635,7 @@ class PartNotes(UpdateView):
     template_name = 'part/notes.html'
     model = Part
 
-    permission_required = 'part.update_part'
+    permission_required = 'part.change_part'
 
     fields = ['notes']
 
@@ -753,7 +753,7 @@ class PartImageUpload(AjaxUpdateView):
 
     form_class = part_forms.PartImageForm
 
-    permission_required = 'part.update_part'
+    permission_required = 'part.change_part'
 
     def get_data(self):
         return {
@@ -768,7 +768,7 @@ class PartImageSelect(AjaxUpdateView):
     ajax_template_name = 'part/select_image.html'
     ajax_form_title = _('Select Part Image')
 
-    permission_required = 'part.update_part'
+    permission_required = 'part.change_part'
 
     fields = [
         'image',
@@ -811,7 +811,7 @@ class PartEdit(AjaxUpdateView):
     ajax_form_title = _('Edit Part Properties')
     context_object_name = 'part'
 
-    permission_required = 'part.update_part'
+    permission_required = 'part.change_part'
 
     def get_form(self):
         """ Create form for Part editing.
@@ -837,7 +837,7 @@ class BomValidate(AjaxUpdateView):
     context_object_name = 'part'
     form_class = part_forms.BomValidateForm
 
-    permission_required = ('part.update_part')
+    permission_required = ('part.change_part')
 
     def get_context(self):
         return {
@@ -905,7 +905,7 @@ class BomUpload(PermissionRequiredMixin, FormView):
     missing_columns = []
     allowed_parts = []
 
-    permission_required = ('part.update_part', 'part.add_bomitem')
+    permission_required = ('part.change_part', 'part.add_bomitem')
 
     def get_success_url(self):
         part = self.get_object()

InvenTree/stock/test_api.py

@@ -3,6 +3,8 @@ from rest_framework import status
 from django.urls import reverse
 from django.contrib.auth import get_user_model
 
+from InvenTree.helpers import addUserPermissions
+
 from .models import StockLocation
 
 
@@ -22,6 +24,20 @@ class StockAPITestCase(APITestCase):
         # Create a user for auth
         User = get_user_model()
         self.user = User.objects.create_user('testuser', 'test@testing.com', 'password')
+
+        # Add the necessary permissions to the user
+        perms = [
+            'view_stockitemtestresult',
+            'change_stockitemtestresult',
+            'add_stockitemtestresult',
+            'add_stocklocation',
+            'change_stocklocation',
+            'add_stockitem',
+            'change_stockitem',
+        ]
+
+        addUserPermissions(self.user, perms)
+
         self.client.login(username='testuser', password='password')
 
     def doPost(self, url, data={}):