forked from extern/django-helpdesk
Merge pull request #636 from auto-mat/rss-permissions
Only staff users should be given access to the RSS feeds
This commit is contained in:
commit
e373d5b9d8
@ -5,7 +5,8 @@ from django.urls import reverse
|
|||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
|
|
||||||
from helpdesk import settings as helpdesk_settings
|
from helpdesk import settings as helpdesk_settings
|
||||||
from helpdesk.tests.helpers import (get_staff_user, reload_urlconf, User, update_user_settings, delete_user_settings, create_ticket)
|
from helpdesk.models import Queue
|
||||||
|
from helpdesk.tests.helpers import (get_staff_user, reload_urlconf, User, update_user_settings, delete_user_settings, create_ticket, print_response)
|
||||||
|
|
||||||
|
|
||||||
class KBDisabledTestCase(TestCase):
|
class KBDisabledTestCase(TestCase):
|
||||||
@ -86,28 +87,69 @@ class StaffUsersOnlyTestCase(StaffUserTestCaseMixin, TestCase):
|
|||||||
# Use default values
|
# Use default values
|
||||||
HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE = False
|
HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE = False
|
||||||
|
|
||||||
def test_non_staff(self):
|
def setUp(self):
|
||||||
"""Non-staff users are correctly identified"""
|
super().setUp()
|
||||||
|
self.non_staff_user = User.objects.create_user(username='henry.wensleydale', password='gouda', email='wensleydale@example.com')
|
||||||
|
|
||||||
|
def test_staff_user_detection(self):
|
||||||
|
"""Staff and non-staff users are correctly identified"""
|
||||||
from helpdesk.decorators import is_helpdesk_staff
|
from helpdesk.decorators import is_helpdesk_staff
|
||||||
|
|
||||||
user = User.objects.create_user(username='henry.wensleydale', password='gouda', email='wensleydale@example.com')
|
self.assertFalse(is_helpdesk_staff(self.non_staff_user))
|
||||||
|
self.assertTrue(is_helpdesk_staff(get_staff_user()))
|
||||||
|
|
||||||
self.assertFalse(is_helpdesk_staff(user))
|
def test_staff_can_access_dashboard(self):
|
||||||
|
"""When HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||||
def test_staff_only(self):
|
staff users should be able to access the dashboard.
|
||||||
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
|
||||||
only staff users should be able to access the dashboard.
|
|
||||||
"""
|
"""
|
||||||
from helpdesk.decorators import is_helpdesk_staff
|
from helpdesk.decorators import is_helpdesk_staff
|
||||||
|
|
||||||
user = get_staff_user()
|
user = get_staff_user()
|
||||||
|
|
||||||
self.assertTrue(is_helpdesk_staff(user))
|
|
||||||
|
|
||||||
self.client.login(username=user.username, password='password')
|
self.client.login(username=user.username, password='password')
|
||||||
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
|
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
|
||||||
self.assertTemplateUsed(response, 'helpdesk/dashboard.html')
|
self.assertTemplateUsed(response, 'helpdesk/dashboard.html')
|
||||||
|
|
||||||
|
def test_non_staff_cannot_access_dashboard(self):
|
||||||
|
"""When HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||||
|
non-staff users should not be able to access the dashboard.
|
||||||
|
"""
|
||||||
|
from helpdesk.decorators import is_helpdesk_staff
|
||||||
|
|
||||||
|
user = self.non_staff_user
|
||||||
|
self.client.login(username=user.username, password=user.password)
|
||||||
|
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
|
||||||
|
self.assertTemplateUsed(response, 'helpdesk/registration/login.html')
|
||||||
|
|
||||||
|
def test_staff_rss(self):
|
||||||
|
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||||
|
staff users should be able to access rss feeds.
|
||||||
|
"""
|
||||||
|
user = get_staff_user()
|
||||||
|
self.client.login(username=user.username, password='password')
|
||||||
|
response = self.client.get(reverse('helpdesk:rss_unassigned'), follow=True)
|
||||||
|
self.assertContains(response, 'Unassigned Open and Reopened tickets')
|
||||||
|
|
||||||
|
def test_non_staff_cannot_rss(self):
|
||||||
|
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is False,
|
||||||
|
non-staff users should not be able to access rss feeds.
|
||||||
|
"""
|
||||||
|
user = self.non_staff_user
|
||||||
|
self.client.login(username=user.username, password='password')
|
||||||
|
queue = Queue.objects.create(
|
||||||
|
title="Foo",
|
||||||
|
slug="test_queue",
|
||||||
|
)
|
||||||
|
rss_urls = [
|
||||||
|
reverse('helpdesk:rss_user', args=[user.username]),
|
||||||
|
reverse('helpdesk:rss_user_queue', args=[user.username, 'test_queue']),
|
||||||
|
reverse('helpdesk:rss_queue', args=['test_queue']),
|
||||||
|
reverse('helpdesk:rss_unassigned'),
|
||||||
|
reverse('helpdesk:rss_activity'),
|
||||||
|
]
|
||||||
|
for rss_url in rss_urls:
|
||||||
|
response = self.client.get(rss_url, follow=True)
|
||||||
|
self.assertTemplateUsed(response, 'helpdesk/registration/login.html')
|
||||||
|
|
||||||
|
|
||||||
class CustomStaffUserTestCase(StaffUserTestCaseMixin, TestCase):
|
class CustomStaffUserTestCase(StaffUserTestCaseMixin, TestCase):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -12,6 +12,7 @@ from django.contrib.auth.decorators import login_required
|
|||||||
from django.contrib.auth import views as auth_views
|
from django.contrib.auth import views as auth_views
|
||||||
from django.views.generic import TemplateView
|
from django.views.generic import TemplateView
|
||||||
|
|
||||||
|
from helpdesk.decorators import helpdesk_staff_member_required
|
||||||
from helpdesk import settings as helpdesk_settings
|
from helpdesk import settings as helpdesk_settings
|
||||||
from helpdesk.views import feeds, staff, public, kb
|
from helpdesk.views import feeds, staff, public, kb
|
||||||
|
|
||||||
@ -162,23 +163,23 @@ urlpatterns += [
|
|||||||
|
|
||||||
urlpatterns += [
|
urlpatterns += [
|
||||||
url(r'^rss/user/(?P<user_name>[^/]+)/$',
|
url(r'^rss/user/(?P<user_name>[^/]+)/$',
|
||||||
login_required(feeds.OpenTicketsByUser()),
|
helpdesk_staff_member_required(feeds.OpenTicketsByUser()),
|
||||||
name='rss_user'),
|
name='rss_user'),
|
||||||
|
|
||||||
url(r'^rss/user/(?P<user_name>[^/]+)/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
url(r'^rss/user/(?P<user_name>[^/]+)/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
||||||
login_required(feeds.OpenTicketsByUser()),
|
helpdesk_staff_member_required(feeds.OpenTicketsByUser()),
|
||||||
name='rss_user_queue'),
|
name='rss_user_queue'),
|
||||||
|
|
||||||
url(r'^rss/queue/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
url(r'^rss/queue/(?P<queue_slug>[A-Za-z0-9_-]+)/$',
|
||||||
login_required(feeds.OpenTicketsByQueue()),
|
helpdesk_staff_member_required(feeds.OpenTicketsByQueue()),
|
||||||
name='rss_queue'),
|
name='rss_queue'),
|
||||||
|
|
||||||
url(r'^rss/unassigned/$',
|
url(r'^rss/unassigned/$',
|
||||||
login_required(feeds.UnassignedTickets()),
|
helpdesk_staff_member_required(feeds.UnassignedTickets()),
|
||||||
name='rss_unassigned'),
|
name='rss_unassigned'),
|
||||||
|
|
||||||
url(r'^rss/recent_activity/$',
|
url(r'^rss/recent_activity/$',
|
||||||
login_required(feeds.RecentFollowUps()),
|
helpdesk_staff_member_required(feeds.RecentFollowUps()),
|
||||||
name='rss_activity'),
|
name='rss_activity'),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user