Skip to content

Commit 7ec8488

Browse files
voneidenvoneiden
committed
fix: allow financial admins to create and edit merchants and accounts
refs: LINK-2453
1 parent 560210b commit 7ec8488

File tree

2 files changed

+146
-2
lines changed

2 files changed

+146
-2
lines changed

helevents/admin.py

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,23 @@
1212
from .models import User
1313

1414

15-
class WebStoreMerchantInline(admin.StackedInline):
15+
class FinancialAdminPermissionMixin:
16+
def has_add_permission(self, request, obj=None):
17+
if super().has_add_permission(request, obj):
18+
return True
19+
if obj and request.user.is_financial_admin_of(obj):
20+
return True
21+
return False
22+
23+
def has_change_permission(self, request, obj=None):
24+
if super().has_change_permission(request, obj):
25+
return True
26+
if obj and request.user.is_financial_admin_of(obj):
27+
return True
28+
return False
29+
30+
31+
class WebStoreMerchantInline(FinancialAdminPermissionMixin, admin.StackedInline):
1632
model = WebStoreMerchant
1733
extra = 0
1834
min_num = 0
@@ -28,7 +44,7 @@ def get_readonly_fields(self, request, obj=None):
2844
return ["created_by", "last_modified_by", "merchant_id"]
2945

3046

31-
class WebStoreAccountInline(admin.StackedInline):
47+
class WebStoreAccountInline(FinancialAdminPermissionMixin, admin.StackedInline):
3248
model = WebStoreAccount
3349
extra = 0
3450
min_num = 0

helevents/tests/test_webstore_admin.py

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
import pytest
2+
from django.contrib.admin.sites import AdminSite
3+
from django.contrib.auth import get_user_model
4+
from django.test import RequestFactory
5+
6+
from events.tests.factories import OrganizationFactory
7+
from helevents.admin import WebStoreAccountInline, WebStoreMerchantInline
8+
from registrations.models import WebStoreAccount, WebStoreMerchant
9+
10+
11+
@pytest.fixture
12+
def organization():
13+
return OrganizationFactory()
14+
15+
16+
@pytest.fixture
17+
def financial_admin_request(organization):
18+
user = get_user_model().objects.create(
19+
username="financial_admin",
20+
is_staff=True,
21+
)
22+
organization.financial_admin_users.add(user)
23+
req = RequestFactory().get("/")
24+
req.user = user
25+
return req
26+
27+
28+
@pytest.fixture
29+
def admin_request(organization):
30+
user = get_user_model().objects.create(
31+
username="admin",
32+
is_staff=True,
33+
)
34+
organization.admin_users.add(user)
35+
req = RequestFactory().get("/")
36+
req.user = user
37+
return req
38+
39+
40+
@pytest.fixture
41+
def merchant_inline():
42+
return WebStoreMerchantInline(WebStoreMerchant, AdminSite())
43+
44+
45+
@pytest.fixture
46+
def account_inline():
47+
return WebStoreAccountInline(WebStoreAccount, AdminSite())
48+
49+
50+
@pytest.mark.django_db
51+
def test_financial_admin_can_add_merchant(
52+
financial_admin_request, organization, merchant_inline
53+
):
54+
assert (
55+
merchant_inline.has_add_permission(financial_admin_request, organization)
56+
is True
57+
)
58+
59+
60+
@pytest.mark.django_db
61+
def test_financial_admin_can_change_merchant(
62+
financial_admin_request, organization, merchant_inline
63+
):
64+
assert (
65+
merchant_inline.has_change_permission(financial_admin_request, organization)
66+
is True
67+
)
68+
69+
70+
@pytest.mark.django_db
71+
def test_financial_admin_cannot_delete_merchant(
72+
financial_admin_request, organization, merchant_inline
73+
):
74+
assert (
75+
merchant_inline.has_delete_permission(financial_admin_request, organization)
76+
is False
77+
)
78+
79+
80+
@pytest.mark.django_db
81+
def test_admin_only_cannot_add_merchant(admin_request, organization, merchant_inline):
82+
assert merchant_inline.has_add_permission(admin_request, organization) is False
83+
84+
85+
@pytest.mark.django_db
86+
def test_admin_only_cannot_change_merchant(
87+
admin_request, organization, merchant_inline
88+
):
89+
assert merchant_inline.has_change_permission(admin_request, organization) is False
90+
91+
92+
@pytest.mark.django_db
93+
def test_financial_admin_can_add_account(
94+
financial_admin_request, organization, account_inline
95+
):
96+
assert (
97+
account_inline.has_add_permission(financial_admin_request, organization) is True
98+
)
99+
100+
101+
@pytest.mark.django_db
102+
def test_financial_admin_can_change_account(
103+
financial_admin_request, organization, account_inline
104+
):
105+
assert (
106+
account_inline.has_change_permission(financial_admin_request, organization)
107+
is True
108+
)
109+
110+
111+
@pytest.mark.django_db
112+
def test_financial_admin_cannot_delete_account(
113+
financial_admin_request, organization, account_inline
114+
):
115+
assert (
116+
account_inline.has_delete_permission(financial_admin_request, organization)
117+
is False
118+
)
119+
120+
121+
@pytest.mark.django_db
122+
def test_admin_only_cannot_add_account(admin_request, organization, account_inline):
123+
assert account_inline.has_add_permission(admin_request, organization) is False
124+
125+
126+
@pytest.mark.django_db
127+
def test_admin_only_cannot_change_account(admin_request, organization, account_inline):
128+
assert account_inline.has_change_permission(admin_request, organization) is False

0 commit comments

Comments
 (0)