From f0d3c954ea216351c4c6018dd17e132fc4a63ee2 Mon Sep 17 00:00:00 2001 From: Matthew Lemon Date: Wed, 27 May 2020 20:58:50 +0100 Subject: permissions set for OrganisationListView --- ctrack/organisations/views.py | 6 ++---- ctrack/users/tests/test_views.py | 10 ++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py index 1bccd3e..b929de4 100644 --- a/ctrack/organisations/views.py +++ b/ctrack/organisations/views.py @@ -41,11 +41,9 @@ class OrganisationCreate(LoginRequiredMixin, CreateView): return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug}) -class OrganisationListView(LoginRequiredMixin, UserPassesTestMixin, ListView): +class OrganisationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView): model = Organisation - - def test_func(self): - return self.request.user.is_staff + permission_required = "organisations.view_organisation" def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) diff --git a/ctrack/users/tests/test_views.py b/ctrack/users/tests/test_views.py index 6cbe9b6..ebc38d8 100644 --- a/ctrack/users/tests/test_views.py +++ b/ctrack/users/tests/test_views.py @@ -1,4 +1,5 @@ import pytest +from django.contrib.auth.models import Permission from django.test import RequestFactory from ctrack.core.views import home_page @@ -156,3 +157,12 @@ def test_user_received_persmission_denied_when_accessing_disallowed_page( assert request.user.is_staff is False response = OrganisationListView.as_view()(request) assert response.status_code == 403 + + +def test_user_gets_403(django_user_model, client, stakeholder): + user = django_user_model.objects.create_user(username="toss", password="knob") + user.stakeholder = stakeholder + user.save() + client.login(username="toss", password="knob") + response = client.get(path="https://localhost:8000/organisations") + assert response.status_code == 403 -- cgit v1.2.3