aboutsummaryrefslogtreecommitdiffstats
path: root/ctrack/organisations/tests/test_views.py
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ctrack/organisations/tests/test_views.py36
1 files changed, 35 insertions, 1 deletions
diff --git a/ctrack/organisations/tests/test_views.py b/ctrack/organisations/tests/test_views.py
index 7f9da0a..ad0aad2 100644
--- a/ctrack/organisations/tests/test_views.py
+++ b/ctrack/organisations/tests/test_views.py
@@ -3,7 +3,9 @@ from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group, Permission
from django.test import RequestFactory
-from ctrack.organisations.tests.factories import OrganisationFactory
+from ctrack.caf.tests.factories import PersonFactory
+from ctrack.organisations.models import Mode, Submode
+from ctrack.organisations.tests.factories import OrganisationFactory, RoleFactory
from ctrack.organisations.views import IncidentReportCreateView
from ..views import OrganisationListView
@@ -61,3 +63,35 @@ def test_incident_report_create_view(stakeholder_user):
request.user = stakeholder_user
response = IncidentReportCreateView.as_view()(request, org.slug)
assert response.status_code == 200
+
+
+def test_only_member_of_cct_user_group_can_view_person_list(
+ stakeholder_user, org_with_people
+):
+ role = RoleFactory.create()
+ submode = Submode.objects.create(
+ descriptor="Light Rail", mode=Mode.objects.create(descriptor="Rail")
+ )
+ PersonFactory.create(
+ role=role,
+ predecessor=None,
+ organisation__submode=submode,
+ organisation=org_with_people,
+ )
+ PersonFactory.create(
+ role=role,
+ predecessor=None,
+ organisation__submode=submode,
+ organisation=org_with_people,
+ )
+ group = Group.objects.create(name="cct_user")
+
+ stakeholder_user.groups.add(group)
+ person_list_permission = Permission.objects.get(name="Can view person")
+ group.permissions.add(person_list_permission)
+
+ factory = RequestFactory()
+ request = factory.get(f"people/")
+
+ # They get this permisson via the cct_user group
+ assert stakeholder_user.has_perm("organisations.view_person")