nk20/apps/permission/tests/test_permission_denied.py

# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later

from datetime import timedelta, date

from django.contrib.auth.models import User
from django.test import TestCase
from django.urls import reverse
from django.utils import timezone
from django.utils.crypto import get_random_string
from activity.models import Activity
from member.models import Club, Membership
from note.models import NoteUser
from wei.models import WEIClub, Bus, WEIRegistration


class TestPermissionDenied(TestCase):
    """
    Load some protected pages and check that we have 403 errors.
    """
    fixtures = ('initial',)

    def setUp(self) -> None:
        # Create sample user with no rights
        self.user = User.objects.create(
            username="toto",
        )
        NoteUser.objects.create(user=self.user)
        self.client.force_login(self.user)

    def test_consos(self):
        response = self.client.get(reverse("note:consos"))
        self.assertEqual(response.status_code, 403)

    def test_create_activity(self):
        response = self.client.get(reverse("activity:activity_create"))
        self.assertEqual(response.status_code, 403)

    def test_activity_entries(self):
        activity = Activity.objects.create(
            name="",
            description="",
            creater=self.user,
            activity_type_id=1,
            organizer_id=1,
            attendees_club_id=1,
            date_start=timezone.now(),
            date_end=timezone.now(),
        )
        response = self.client.get(reverse("activity:activity_entry", kwargs=dict(pk=activity.pk)))
        self.assertEqual(response.status_code, 403)

    def test_invite_activity(self):
        activity = Activity.objects.create(
            name="",
            description="",
            creater=self.user,
            activity_type_id=1,
            organizer_id=1,
            attendees_club_id=1,
            date_start=timezone.now(),
            date_end=timezone.now(),
        )
        response = self.client.get(reverse("activity:activity_invite", kwargs=dict(pk=activity.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_club(self):
        response = self.client.get(reverse("member:club_create"))
        self.assertEqual(response.status_code, 403)

    def test_add_member_club(self):
        club = Club.objects.create(name=get_random_string(127))
        response = self.client.get(reverse("member:club_add_member", kwargs=dict(club_pk=club.pk)))
        self.assertEqual(response.status_code, 403)

    def test_renew_membership(self):
        club = Club.objects.create(name=get_random_string(127))
        membership = Membership.objects.create(user=self.user, club=club)
        response = self.client.get(reverse("member:club_renew_membership", kwargs=dict(pk=membership.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_weiclub(self):
        response = self.client.get(reverse("wei:wei_create"))
        self.assertEqual(response.status_code, 403)

    def test_create_wei_bus(self):
        wei = WEIClub.objects.create(
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
        )
        response = self.client.get(reverse("wei:add_bus", kwargs=dict(pk=wei.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_wei_team(self):
        wei = WEIClub.objects.create(
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
        )
        bus = Bus.objects.create(wei=wei)
        response = self.client.get(reverse("wei:add_team", kwargs=dict(pk=bus.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_1a_weiregistration(self):
        wei = WEIClub.objects.create(
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
        )
        response = self.client.get(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=wei.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_old_weiregistration(self):
        wei = WEIClub.objects.create(
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
        )
        response = self.client.get(reverse("wei:wei_register_2A", kwargs=dict(wei_pk=wei.pk)))
        self.assertEqual(response.status_code, 403)

    def test_validate_weiregistration(self):
        wei = WEIClub.objects.create(
            membership_start=date.today(),
            date_start=date.today() + timedelta(days=1),
            date_end=date.today() + timedelta(days=1),
        )
        registration = WEIRegistration.objects.create(wei=wei, user=self.user, birth_date="2000-01-01")
        response = self.client.get(reverse("wei:validate_registration", kwargs=dict(pk=registration.pk)))
        self.assertEqual(response.status_code, 403)

    def test_create_invoice(self):
        response = self.client.get(reverse("treasury:invoice_create"))
        self.assertEqual(response.status_code, 403)

    def test_list_invoices(self):
        response = self.client.get(reverse("treasury:invoice_list"))
        self.assertEqual(response.status_code, 403)

    def test_create_remittance(self):
        response = self.client.get(reverse("treasury:remittance_create"))
        self.assertEqual(response.status_code, 403)

    def test_list_remittance(self):
        response = self.client.get(reverse("treasury:remittance_list"))
        self.assertEqual(response.status_code, 403)

    def test_list_soge_credits(self):
        response = self.client.get(reverse("treasury:soge_credits"))
        self.assertEqual(response.status_code, 403)


class TestLoginRedirect(TestCase):
    def test_consos_page(self):
        response = self.client.get(reverse("note:consos"))
        self.assertRedirects(response, reverse("login") + "?next=" + reverse("note:consos"), 302, 200)
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`# Copyright (C) 2018-2020 by BDE ENS Paris-Saclay`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`from datetime import timedelta, date`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00
			`from django.contrib.auth.models import User`
			`from django.test import TestCase`
			`from django.urls import reverse`
			`from django.utils import timezone`
:green_heart: Fix CI 2020-08-30 09:59:10 +00:00			`from django.utils.crypto import get_random_string`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`from activity.models import Activity`
			`from member.models import Club, Membership`
			`from note.models import NoteUser`
			`from wei.models import WEIClub, Bus, WEIRegistration`


			`class TestPermissionDenied(TestCase):`
			`"""`
			`Load some protected pages and check that we have 403 errors.`
			`"""`
			`fixtures = ('initial',)`

			`def setUp(self) -> None:`
			`# Create sample user with no rights`
			`self.user = User.objects.create(`
			`username="toto",`
			`)`
			`NoteUser.objects.create(user=self.user)`
			`self.client.force_login(self.user)`

			`def test_consos(self):`
			`response = self.client.get(reverse("note:consos"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_activity(self):`
			`response = self.client.get(reverse("activity:activity_create"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_activity_entries(self):`
			`activity = Activity.objects.create(`
			`name="",`
			`description="",`
			`creater=self.user,`
			`activity_type_id=1,`
			`organizer_id=1,`
			`attendees_club_id=1,`
			`date_start=timezone.now(),`
			`date_end=timezone.now(),`
			`)`
			`response = self.client.get(reverse("activity:activity_entry", kwargs=dict(pk=activity.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_invite_activity(self):`
			`activity = Activity.objects.create(`
			`name="",`
			`description="",`
			`creater=self.user,`
			`activity_type_id=1,`
			`organizer_id=1,`
			`attendees_club_id=1,`
			`date_start=timezone.now(),`
			`date_end=timezone.now(),`
			`)`
			`response = self.client.get(reverse("activity:activity_invite", kwargs=dict(pk=activity.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_club(self):`
			`response = self.client.get(reverse("member:club_create"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_add_member_club(self):`
:green_heart: Fix CI 2020-08-30 09:59:10 +00:00			`club = Club.objects.create(name=get_random_string(127))`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`response = self.client.get(reverse("member:club_add_member", kwargs=dict(club_pk=club.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_renew_membership(self):`
:green_heart: Fix CI 2020-08-30 09:59:10 +00:00			`club = Club.objects.create(name=get_random_string(127))`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`membership = Membership.objects.create(user=self.user, club=club)`
			`response = self.client.get(reverse("member:club_renew_membership", kwargs=dict(pk=membership.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_weiclub(self):`
			`response = self.client.get(reverse("wei:wei_create"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_wei_bus(self):`
			`wei = WEIClub.objects.create(`
Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`membership_start=date.today(),`
			`date_start=date.today() + timedelta(days=1),`
			`date_end=date.today() + timedelta(days=1),`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`)`
			`response = self.client.get(reverse("wei:add_bus", kwargs=dict(pk=wei.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_wei_team(self):`
			`wei = WEIClub.objects.create(`
Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`membership_start=date.today(),`
			`date_start=date.today() + timedelta(days=1),`
			`date_end=date.today() + timedelta(days=1),`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`)`
			`bus = Bus.objects.create(wei=wei)`
			`response = self.client.get(reverse("wei:add_team", kwargs=dict(pk=bus.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_1a_weiregistration(self):`
			`wei = WEIClub.objects.create(`
Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`membership_start=date.today(),`
			`date_start=date.today() + timedelta(days=1),`
			`date_end=date.today() + timedelta(days=1),`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`)`
			`response = self.client.get(reverse("wei:wei_register_1A", kwargs=dict(wei_pk=wei.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_old_weiregistration(self):`
			`wei = WEIClub.objects.create(`
Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`membership_start=date.today(),`
			`date_start=date.today() + timedelta(days=1),`
			`date_end=date.today() + timedelta(days=1),`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`)`
			`response = self.client.get(reverse("wei:wei_register_2A", kwargs=dict(wei_pk=wei.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_validate_weiregistration(self):`
			`wei = WEIClub.objects.create(`
Replace timezone.now().date() by date.today() 2020-08-15 22:35:13 +00:00			`membership_start=date.today(),`
			`date_start=date.today() + timedelta(days=1),`
			`date_end=date.today() + timedelta(days=1),`
Raise permission denied on CreateView if you don't have the permission to create a sample instance, see #53 2020-08-13 13:20:15 +00:00			`)`
			`registration = WEIRegistration.objects.create(wei=wei, user=self.user, birth_date="2000-01-01")`
			`response = self.client.get(reverse("wei:validate_registration", kwargs=dict(pk=registration.pk)))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_invoice(self):`
			`response = self.client.get(reverse("treasury:invoice_create"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_list_invoices(self):`
			`response = self.client.get(reverse("treasury:invoice_list"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_create_remittance(self):`
			`response = self.client.get(reverse("treasury:remittance_create"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_list_remittance(self):`
			`response = self.client.get(reverse("treasury:remittance_list"))`
			`self.assertEqual(response.status_code, 403)`

			`def test_list_soge_credits(self):`
			`response = self.client.get(reverse("treasury:soge_credits"))`
			`self.assertEqual(response.status_code, 403)`
Test and cover note app 2020-09-01 13:54:56 +00:00

			`class TestLoginRedirect(TestCase):`
			`def test_consos_page(self):`
			`response = self.client.get(reverse("note:consos"))`
			`self.assertRedirects(response, reverse("login") + "?next=" + reverse("note:consos"), 302, 200)`