From 92f9a08856018fbb6fb90cc2cbf774627124ee4d Mon Sep 17 00:00:00 2001 From: Christophe Siraut Date: Wed, 18 Oct 2023 15:43:17 +0200 Subject: [PATCH] aircox/conf: user cannot edit all programs/episode --- aircox/conf.py | 4 ++-- aircox/tests/conftest.py | 5 +++++ aircox/tests/test_permissions.py | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 aircox/tests/test_permissions.py diff --git a/aircox/conf.py b/aircox/conf.py index c54f8be..c66bd8d 100755 --- a/aircox/conf.py +++ b/aircox/conf.py @@ -86,8 +86,8 @@ class Settings(BaseSettings): # TODO include content_type in order to avoid clash with potential # extra applications # aircox - "change_program", - "change_episode", + "view_program", + "view_episode", "change_diffusion", "add_comment", "change_comment", diff --git a/aircox/tests/conftest.py b/aircox/tests/conftest.py index caf5564..a02a67f 100644 --- a/aircox/tests/conftest.py +++ b/aircox/tests/conftest.py @@ -157,3 +157,8 @@ def tracks(episode, sound): items += [baker.prepare(models.Track, sound=sound, position=i, timestamp=i * 60) for i in range(0, 3)] models.Track.objects.bulk_create(items) return items + + +@pytest.fixture +def user(): + return User.objects.create_user(username="user1", password="bar") diff --git a/aircox/tests/test_permissions.py b/aircox/tests/test_permissions.py new file mode 100644 index 0000000..54bf67a --- /dev/null +++ b/aircox/tests/test_permissions.py @@ -0,0 +1,14 @@ +import pytest + + +@pytest.mark.django_db() +def test_no_admin(user, client): + client.force_login(user) + response = client.get("/admin/") + assert response.status_code != 200 + + +@pytest.mark.django_db() +def test_user_cannot_change_program_or_episode(user, client, program): + assert not user.has_perm("aircox.change_program") + assert not user.has_perm("aircox.change_episode")