forked from extern/django-helpdesk
Merge pull request #636 from auto-mat/rss-permissions
Only staff users should be given access to the RSS feeds
This commit is contained in:
commit
e373d5b9d8
@ -5,7 +5,8 @@ from django.urls import reverse
|
||||
from django.test import TestCase
|
||||
|
||||
from helpdesk import settings as helpdesk_settings
|
||||
from helpdesk.tests.helpers import (get_staff_user, reload_urlconf, User, update_user_settings, delete_user_settings, create_ticket)
|
||||
from helpdesk.models import Queue
|
||||
from helpdesk.tests.helpers import (get_staff_user, reload_urlconf, User, update_user_settings, delete_user_settings, create_ticket, print_response)
|
||||
|
||||
|
||||
class KBDisabledTestCase(TestCase):
|
||||
@ -86,28 +87,69 @@ class StaffUsersOnlyTestCase(StaffUserTestCaseMixin, TestCase):
|
||||
# Use default values
|
||||
HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE = False
|
||||
|
||||
def test_non_staff(self):
|
||||
"""Non-staff users are correctly identified"""
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
self.non_staff_user = User.objects.create_user(username='henry.wensleydale', password='gouda', email='wensleydale@example.com')
|
||||
|
||||
def test_staff_user_detection(self):
|
||||
"""Staff and non-staff users are correctly identified"""
|
||||
from helpdesk.decorators import is_helpdesk_staff
|
||||
|
||||
user = User.objects.create_user(username='henry.wensleydale', password='gouda', email='wensleydale@example.com')
|
||||
self.assertFalse(is_helpdesk_staff(self.non_staff_user))
|
||||
self.assertTrue(is_helpdesk_staff(get_staff_user()))
|
||||
|
||||
self.assertFalse(is_helpdesk_staff(user))
|
||||
|
||||
def test_staff_only(self):
|
||||
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||
only staff users should be able to access the dashboard.
|
||||
def test_staff_can_access_dashboard(self):
|
||||
"""When HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||
staff users should be able to access the dashboard.
|
||||
"""
|
||||
from helpdesk.decorators import is_helpdesk_staff
|
||||
|
||||
user = get_staff_user()
|
||||
|
||||
self.assertTrue(is_helpdesk_staff(user))
|
||||
|
||||
self.client.login(username=user.username, password='password')
|
||||
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
|
||||
self.assertTemplateUsed(response, 'helpdesk/dashboard.html')
|
||||
|
||||
def test_non_staff_cannot_access_dashboard(self):
|
||||
"""When HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||
non-staff users should not be able to access the dashboard.
|
||||
"""
|
||||
from helpdesk.decorators import is_helpdesk_staff
|
||||
|
||||
user = self.non_staff_user
|
||||
self.client.login(username=user.username, password=user.password)
|
||||
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
|
||||
self.assertTemplateUsed(response, 'helpdesk/registration/login.html')
|
||||
|
||||
def test_staff_rss(self):
|
||||
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||
staff users should be able to access rss feeds.
|
||||
"""
|
||||
user = get_staff_user()
|
||||
self.client.login(username=user.username, password='password')
|
||||
response = self.client.get(reverse('helpdesk:rss_unassigned'), follow=True)
|
||||
self.assertContains(response, 'Unassigned Open and Reopened tickets')
|
||||
|
||||
def test_non_staff_cannot_rss(self):
|
||||
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||
non-staff users should not be able to access rss feeds.
|
||||
"""
|
||||
user = self.non_staff_user
|
||||
self.client.login(username=user.username, password='password')
|
||||
queue = Queue.objects.create(
|
||||
title="Foo",
|
||||
slug="test_queue",
|
||||
)
|
||||
rss_urls = [
|
||||
reverse('helpdesk:rss_user', args=[user.username]),
|
||||
reverse('helpdesk:rss_user_queue', args=[user.username, 'test_queue']),
|
||||
reverse('helpdesk:rss_queue', args=['test_queue']),
|
||||
reverse('helpdesk:rss_unassigned'),
|
||||
reverse('helpdesk:rss_activity'),
|
||||
]
|
||||
for rss_url in rss_urls:
|
||||
response = self.client.get(rss_url, follow=True)
|
||||
self.assertTemplateUsed(response, 'helpdesk/registration/login.html')
|
||||
|
||||
|
||||
class CustomStaffUserTestCase(StaffUserTestCaseMixin, TestCase):
|
||||
@staticmethod
|
||||
|
@ -12,6 +12,7 @@ from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth import views as auth_views
|
||||
from django.views.generic import TemplateView
|
||||
|
||||
from helpdesk.decorators import helpdesk_staff_member_required
|
||||
from helpdesk import settings as helpdesk_settings
|
||||
from helpdesk.views import feeds, staff, public, kb
|
||||
|
||||
@ -162,23 +163,23 @@ urlpatterns += [
|
||||
|
||||
urlpatterns += [
|
||||
url(r'^rss/user/(?P<user_name>[^/]+)/$',
|
||||
login_required(feeds.OpenTicketsByUser()),
|
||||
helpdesk_staff_member_required(feeds.OpenTicketsByUser()),
|
||||
name='rss_user'),
|
||||
|
||||
url(r'^rss/user/(?P<user_name>[^/]+)/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
||||
login_required(feeds.OpenTicketsByUser()),
|
||||
helpdesk_staff_member_required(feeds.OpenTicketsByUser()),
|
||||
name='rss_user_queue'),
|
||||
|
||||
url(r'^rss/queue/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
||||
login_required(feeds.OpenTicketsByQueue()),
|
||||
helpdesk_staff_member_required(feeds.OpenTicketsByQueue()),
|
||||
name='rss_queue'),
|
||||
|
||||
url(r'^rss/unassigned/$',
|
||||
login_required(feeds.UnassignedTickets()),
|
||||
helpdesk_staff_member_required(feeds.UnassignedTickets()),
|
||||
name='rss_unassigned'),
|
||||
|
||||
url(r'^rss/recent_activity/$',
|
||||
login_required(feeds.RecentFollowUps()),
|
||||
helpdesk_staff_member_required(feeds.RecentFollowUps()),
|
||||
name='rss_activity'),
|
||||
]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user