Ciantic/forbiddenviewtests.py

## forbiddenviewtests.py
# REPLACE urls parameter of the TestCase and create test.html in order to test
# this

from django.conf.urls.defaults import * #@UnusedWildImport
from django.contrib.auth.models import Permission, User
from django.http import HttpResponse
from django.test import TestCase
from django.test.client import Client
from django.views.generic.base import View, TemplateView

def login_required(request, *args, **kwargs):
    return request.user.is_authenticated()

def permission_required(perm):
    def has_perms(request, *args, **kwargs):
        return request.user.has_perm(perm)
    return has_perms


class ForbiddenView(View):
    """ForbiddenView

    Derived from *View* since python method resolution order can make unsafe
    ForbiddenMixin, see this test why: https://gist.github.com/808516

    """

    forbidden_checks = None
    """List of functions (request, *args, **kwargs) -> bool."""

    def dispatch(self, request, *args, **kwargs):
        if self.forbidden_checks:
            for checker in self.forbidden_checks:
                if not checker(request, *args, **kwargs):
                    return HttpResponse("Not for you man", status=403)
        return super(ForbiddenView, self).dispatch(request, *args, **kwargs)


class AuthedView(TemplateView, ForbiddenView):
    """Forbidden"""
    forbidden_checks = [login_required]
    template_name = "test.html"


class NonAuthedView(AuthedView):
    """Derived from Authed view

    But overriden to not have forbidden checks

    """
    forbidden_checks = None


class PermedView(AuthedView):
    forbidden_checks = [permission_required('auth.change_user')]


urlpatterns = patterns('',
    (r'^authed/$', AuthedView.as_view()),
    (r'^nonauthed/$', NonAuthedView.as_view()),
    (r'^permed/$', PermedView.as_view()),
)


class TestForbiddenMixin(TestCase):
    urls = 'pagesystem.tests.forbiddenmixin'

    def setUp(self):
        self.usr = User.objects.create(username='test', is_staff=True)
        self.usr.set_password('1234')
        self.usr.save()

        self.usr.user_permissions.add(Permission.objects.get_by_natural_key('change_user', 'auth', 'user'))

    def test_auth(self):
        c = Client()
        self.assertEqual(c.get("/authed/").status_code, 403)
        self.assertEqual(c.get("/nonauthed/").status_code, 200)
        self.assertEqual(c.get("/permed/").status_code, 403)

        c.login(username='test', password='1234')
        self.assertEqual(c.get("/authed/").content, 'ok')
        self.assertEqual(c.get("/nonauthed/").content, 'ok')
        self.assertEqual(c.get("/permed/").content, 'ok')
	# REPLACE urls parameter of the TestCase and create test.html in order to test
	# this

	from django.conf.urls.defaults import * #@UnusedWildImport
	from django.contrib.auth.models import Permission, User
	from django.http import HttpResponse
	from django.test import TestCase
	from django.test.client import Client
	from django.views.generic.base import View, TemplateView

	def login_required(request, args, *kwargs):
	return request.user.is_authenticated()

	def permission_required(perm):
	def has_perms(request, args, *kwargs):
	return request.user.has_perm(perm)
	return has_perms


	class ForbiddenView(View):
	"""ForbiddenView

	Derived from View since python method resolution order can make unsafe
	ForbiddenMixin, see this test why: https://gist.github.com/808516

	"""

	forbidden_checks = None
	"""List of functions (request, args, *kwargs) -> bool."""

	def dispatch(self, request, args, *kwargs):
	if self.forbidden_checks:
	for checker in self.forbidden_checks:
	if not checker(request, args, *kwargs):
	return HttpResponse("Not for you man", status=403)
	return super(ForbiddenView, self).dispatch(request, args, *kwargs)



	class AuthedView(TemplateView, ForbiddenView):
	"""Forbidden"""
	forbidden_checks = [login_required]
	template_name = "test.html"


	class NonAuthedView(AuthedView):
	"""Derived from Authed view

	But overriden to not have forbidden checks

	"""
	forbidden_checks = None


	class PermedView(AuthedView):
	forbidden_checks = [permission_required('auth.change_user')]


	urlpatterns = patterns('',
	(r'^authed/$', AuthedView.as_view()),
	(r'^nonauthed/$', NonAuthedView.as_view()),
	(r'^permed/$', PermedView.as_view()),
	)


	class TestForbiddenMixin(TestCase):
	urls = 'pagesystem.tests.forbiddenmixin'

	def setUp(self):
	self.usr = User.objects.create(username='test', is_staff=True)
	self.usr.set_password('1234')
	self.usr.save()

	self.usr.user_permissions.add(Permission.objects.get_by_natural_key('change_user', 'auth', 'user'))

	def test_auth(self):
	c = Client()
	self.assertEqual(c.get("/authed/").status_code, 403)
	self.assertEqual(c.get("/nonauthed/").status_code, 200)
	self.assertEqual(c.get("/permed/").status_code, 403)

	c.login(username='test', password='1234')
	self.assertEqual(c.get("/authed/").content, 'ok')
	self.assertEqual(c.get("/nonauthed/").content, 'ok')
	self.assertEqual(c.get("/permed/").content, 'ok')