test non-public update by non-staff user is blocked

This commit is contained in:
Stefano Brentegani 2014-07-30 06:55:43 +02:00
parent b7e8ae5ee5
commit 14d7279844

View File

@ -1,9 +1,12 @@
from helpdesk.models import Queue, CustomField, Ticket
from django.test import TestCase from django.test import TestCase
from django.core import mail from django.core import mail
from django.test.client import Client from django.test.client import Client
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from helpdesk.models import Queue, CustomField, Ticket
from helpdesk.tests.helpers import create_ticket, get_staff_user, User
class TicketBasicsTestCase(TestCase): class TicketBasicsTestCase(TestCase):
def setUp(self): def setUp(self):
self.queue_public = Queue.objects.create(title='Queue 1', slug='q1', allow_public_submission=True, new_ticket_cc='new.public@example.com', updated_ticket_cc='update.public@example.com') self.queue_public = Queue.objects.create(title='Queue 1', slug='q1', allow_public_submission=True, new_ticket_cc='new.public@example.com', updated_ticket_cc='update.public@example.com')
@ -85,3 +88,24 @@ class TicketBasicsTestCase(TestCase):
self.assertEqual(last_redirect_url.split('?')[0], 'http://testserver%s' % reverse('helpdesk_public_view')) self.assertEqual(last_redirect_url.split('?')[0], 'http://testserver%s' % reverse('helpdesk_public_view'))
# Ensure only two e-mails were sent - submitter & updated. # Ensure only two e-mails were sent - submitter & updated.
self.assertEqual(email_count+2, len(mail.outbox)) self.assertEqual(email_count+2, len(mail.outbox))
class TicketUpdateTestCase(TestCase):
def setUp(self):
from helpdesk.tests.helpers import create_ticket
self.ticket = create_ticket()
self.update_url = reverse('helpdesk_update', kwargs={'ticket_id': self.ticket.pk})
def test_not_allowed(self):
data = {
'title': self.ticket.title,
'queue': self.ticket.queue.pk,
}
response = self.client.post(self.update_url, data=data)
self.assertRedirects(response, '%s?next=%s' % (reverse('login'), self.update_url))
user = User.objects.create_user(username='henry.wensleydale', password='gouda', email='wensleydale@example.com')
self.client.login(username=user.username, password='gouda')
response = self.client.post(self.update_url, data=data)
self.assertRedirects(response, '%s?next=%s' % (reverse('login'), self.update_url))