need to fix permission denied 403 tests

3 files changed, 15 insertions, 9 deletions

diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index 7a1d105..1bccd3e 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -1,6 +1,10 @@
 from typing import Any, Dict
 
-from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.auth.mixins import (
+    LoginRequiredMixin,
+    PermissionRequiredMixin,
+    UserPassesTestMixin,
+)
 from django.db import transaction
 from django.urls import reverse_lazy
 from django.views.generic import CreateView, DetailView, ListView
@@ -37,10 +41,11 @@ class OrganisationCreate(LoginRequiredMixin, CreateView):
         return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug})
 
 
-class OrganisationListView(PermissionRequiredMixin, LoginRequiredMixin, ListView):
+class OrganisationListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
     model = Organisation
-    raise_exeption = True
-    permission_denied_message = "Sorry. You are not authorised to view that page."
+
+    def test_func(self):
+        return self.request.user.is_staff
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
diff --git a/ctrack/templates/403.html b/ctrack/templates/403.html
index 77db8ae..abce90a 100644
--- a/ctrack/templates/403.html
+++ b/ctrack/templates/403.html
@@ -5,5 +5,7 @@
 {% block content %}
 <h1>Forbidden (403)</h1>
 
+<p>Sorry. You do not have persmission to view this page.</p>
+
 <p>CSRF verification failed. Request aborted.</p>
 {% endblock content %}
diff --git a/ctrack/users/tests/test_views.py b/ctrack/users/tests/test_views.py
index ae7fbd7..6cbe9b6 100644
--- a/ctrack/users/tests/test_views.py
+++ b/ctrack/users/tests/test_views.py
@@ -2,6 +2,7 @@ import pytest
 from django.test import RequestFactory
 
 from ctrack.core.views import home_page
+from ctrack.organisations.views import OrganisationListView
 from ctrack.users.models import User
 from ctrack.users.views import UserDetailView, UserRedirectView, UserUpdateView
 
@@ -145,15 +146,13 @@ def test_stakeholder_user_is_not_staff(django_user_model, stakeholder):
 
 
 def test_user_received_persmission_denied_when_accessing_disallowed_page(
-    django_user_model, request_factory, stakeholder
+    django_user_model, request_factory, stakeholder,
 ):
     user = django_user_model.objects.create_user(username="toss", password="knob")
     user.stakeholder = stakeholder
     user.save()
-    assert user.has_perm("ctrack.organisations.view_organisation") is True
-    user.user_permissions.clear()
-    assert user.has_perm("ctrack.organisations.view_organisation") is False
     request = request_factory.get("/organisations")
     request.user = user
-    response = home_page(request)
+    assert request.user.is_staff is False
+    response = OrganisationListView.as_view()(request)
     assert response.status_code == 403