|
2 | 2 |
|
3 | 3 | import os |
4 | 4 |
|
| 5 | +from django.contrib.auth import get_user_model |
5 | 6 | from django.urls import reverse |
6 | 7 |
|
7 | 8 | from InvenTree.helpers import InvenTreeTestCase |
@@ -41,3 +42,80 @@ def test_panels(self): |
41 | 42 | self.assertIn("<div id='detail-panels'>", content) |
42 | 43 |
|
43 | 44 | # TODO: In future, run the javascript and ensure that the panels get created! |
| 45 | + |
| 46 | + def test_settings_page(self): |
| 47 | + """Test that the 'settings' page loads correctly""" |
| 48 | + |
| 49 | + # Settings page loads |
| 50 | + url = reverse('settings') |
| 51 | + |
| 52 | + # Attempt without login |
| 53 | + self.client.logout() |
| 54 | + response = self.client.get(url) |
| 55 | + self.assertEqual(response.status_code, 302) |
| 56 | + |
| 57 | + # Login with default client |
| 58 | + self.client.login(username=self.username, password=self.password) |
| 59 | + |
| 60 | + response = self.client.get(url) |
| 61 | + self.assertEqual(response.status_code, 200) |
| 62 | + content = response.content.decode() |
| 63 | + |
| 64 | + user_panels = [ |
| 65 | + 'account', |
| 66 | + 'user-display', |
| 67 | + 'user-home', |
| 68 | + 'user-reports', |
| 69 | + ] |
| 70 | + |
| 71 | + staff_panels = [ |
| 72 | + 'server', |
| 73 | + 'login', |
| 74 | + 'barcodes', |
| 75 | + 'currencies', |
| 76 | + 'parts', |
| 77 | + 'stock', |
| 78 | + ] |
| 79 | + |
| 80 | + plugin_panels = [ |
| 81 | + 'plugin', |
| 82 | + ] |
| 83 | + |
| 84 | + # Default user has staff access, so all panels will be present |
| 85 | + for panel in user_panels + staff_panels + plugin_panels: |
| 86 | + self.assertIn(f"select-{panel}", content) |
| 87 | + self.assertIn(f"panel-{panel}", content) |
| 88 | + |
| 89 | + # Now create a user who does not have staff access |
| 90 | + pleb_user = get_user_model().objects.create_user( |
| 91 | + username='pleb', |
| 92 | + password='notstaff', |
| 93 | + ) |
| 94 | + |
| 95 | + pleb_user.groups.add(self.group) |
| 96 | + pleb_user.is_superuser = False |
| 97 | + pleb_user.is_staff = False |
| 98 | + pleb_user.save() |
| 99 | + |
| 100 | + self.client.logout() |
| 101 | + |
| 102 | + result = self.client.login( |
| 103 | + username='pleb', |
| 104 | + password='notstaff', |
| 105 | + ) |
| 106 | + |
| 107 | + self.assertTrue(result) |
| 108 | + |
| 109 | + response = self.client.get(url) |
| 110 | + self.assertEqual(response.status_code, 200) |
| 111 | + content = response.content.decode() |
| 112 | + |
| 113 | + # Normal user still has access to user-specific panels |
| 114 | + for panel in user_panels: |
| 115 | + self.assertIn(f"select-{panel}", content) |
| 116 | + self.assertIn(f"panel-{panel}", content) |
| 117 | + |
| 118 | + # Normal user does NOT have access to global or plugin settings |
| 119 | + for panel in staff_panels + plugin_panels: |
| 120 | + self.assertNotIn(f"select-{panel}", content) |
| 121 | + self.assertNotIn(f"panel-{panel}", content) |
0 commit comments