mirror of
https://github.com/ae-utbm/sith.git
synced 2024-12-24 00:31:16 +00:00
Fix counter permissions issues
This commit is contained in:
parent
2e5e217842
commit
022c19c020
@ -527,7 +527,7 @@ class Counter(models.Model):
|
|||||||
if user.is_anonymous:
|
if user.is_anonymous:
|
||||||
return False
|
return False
|
||||||
mem = self.club.get_membership_for(user)
|
mem = self.club.get_membership_for(user)
|
||||||
if mem and mem.role >= 7:
|
if mem and mem.role >= settings.SITH_CLUB_ROLES_ID["Treasurer"]:
|
||||||
return True
|
return True
|
||||||
return user.is_in_group(pk=settings.SITH_GROUP_COUNTER_ADMIN_ID)
|
return user.is_in_group(pk=settings.SITH_GROUP_COUNTER_ADMIN_ID)
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ from freezegun import freeze_time
|
|||||||
from model_bakery import baker
|
from model_bakery import baker
|
||||||
|
|
||||||
from club.models import Club, Membership
|
from club.models import Club, Membership
|
||||||
from core.baker_recipes import board_user, old_subscriber_user, subscriber_user
|
from core.baker_recipes import board_user, subscriber_user
|
||||||
from core.models import Group, User
|
from core.models import Group, User
|
||||||
from counter.baker_recipes import product_recipe
|
from counter.baker_recipes import product_recipe
|
||||||
from counter.models import (
|
from counter.models import (
|
||||||
@ -67,7 +67,11 @@ class FullClickSetup:
|
|||||||
sub.subscription_end = localdate() - timedelta(days=89)
|
sub.subscription_end = localdate() - timedelta(days=89)
|
||||||
sub.save()
|
sub.save()
|
||||||
|
|
||||||
cls.customer_old_can_not_buy = old_subscriber_user.make()
|
cls.customer_old_can_not_buy = subscriber_user.make()
|
||||||
|
sub = cls.customer_old_can_not_buy.subscriptions.first()
|
||||||
|
sub.subscription_end = localdate() - timedelta(days=90)
|
||||||
|
sub.save()
|
||||||
|
|
||||||
cls.customer_can_not_buy = baker.make(User)
|
cls.customer_can_not_buy = baker.make(User)
|
||||||
|
|
||||||
cls.club_counter = baker.make(Counter, type="OFFICE")
|
cls.club_counter = baker.make(Counter, type="OFFICE")
|
||||||
@ -448,7 +452,7 @@ class TestCounterClick(FullClickSetup, TestCase):
|
|||||||
assert resp.status_code == 302
|
assert resp.status_code == 302
|
||||||
assert resp.url == resolve_url(self.counter)
|
assert resp.url == resolve_url(self.counter)
|
||||||
|
|
||||||
assert self.updated_amount(self.banned_counter_customer) == Decimal("10")
|
assert self.updated_amount(user) == Decimal("10")
|
||||||
|
|
||||||
def test_click_user_without_customer(self):
|
def test_click_user_without_customer(self):
|
||||||
self.login_in_bar()
|
self.login_in_bar()
|
||||||
@ -462,6 +466,81 @@ class TestCounterClick(FullClickSetup, TestCase):
|
|||||||
== 404
|
== 404
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_click_allowed_old_subscriber(self):
|
||||||
|
self.login_in_bar()
|
||||||
|
self.refill_user(self.customer_old_can_buy, 10)
|
||||||
|
assert (
|
||||||
|
self.submit_basket(
|
||||||
|
self.customer_old_can_buy,
|
||||||
|
[
|
||||||
|
BasketItem(self.snack.id, 2),
|
||||||
|
],
|
||||||
|
).status_code
|
||||||
|
== 302
|
||||||
|
)
|
||||||
|
|
||||||
|
assert self.updated_amount(self.customer_old_can_buy) == Decimal("7")
|
||||||
|
|
||||||
|
def test_click_wrong_counter(self):
|
||||||
|
self.login_in_bar()
|
||||||
|
self.refill_user(self.customer, 10)
|
||||||
|
assert (
|
||||||
|
self.submit_basket(
|
||||||
|
self.customer,
|
||||||
|
[
|
||||||
|
BasketItem(self.snack.id, 2),
|
||||||
|
],
|
||||||
|
counter=self.other_counter,
|
||||||
|
).status_code
|
||||||
|
== 302 # Redirect to counter main
|
||||||
|
)
|
||||||
|
|
||||||
|
# We want to test sending requests from another counter while
|
||||||
|
# we are currently registered to another counter
|
||||||
|
# so we connect to a counter and
|
||||||
|
# we create a new client, in order to check
|
||||||
|
# that using a client not logged to a counter
|
||||||
|
# where another client is logged still isn't authorized.
|
||||||
|
client = Client()
|
||||||
|
assert (
|
||||||
|
self.submit_basket(
|
||||||
|
self.customer,
|
||||||
|
[
|
||||||
|
BasketItem(self.snack.id, 2),
|
||||||
|
],
|
||||||
|
counter=self.counter,
|
||||||
|
client=client,
|
||||||
|
).status_code
|
||||||
|
== 302 # Redirect to counter main
|
||||||
|
)
|
||||||
|
|
||||||
|
assert self.updated_amount(self.customer) == Decimal("10")
|
||||||
|
|
||||||
|
def test_click_not_connected(self):
|
||||||
|
self.refill_user(self.customer, 10)
|
||||||
|
assert (
|
||||||
|
self.submit_basket(
|
||||||
|
self.customer,
|
||||||
|
[
|
||||||
|
BasketItem(self.snack.id, 2),
|
||||||
|
],
|
||||||
|
).status_code
|
||||||
|
== 302 # Redirect to counter main
|
||||||
|
)
|
||||||
|
|
||||||
|
assert (
|
||||||
|
self.submit_basket(
|
||||||
|
self.customer,
|
||||||
|
[
|
||||||
|
BasketItem(self.snack.id, 2),
|
||||||
|
],
|
||||||
|
counter=self.club_counter,
|
||||||
|
).status_code
|
||||||
|
== 403
|
||||||
|
)
|
||||||
|
|
||||||
|
assert self.updated_amount(self.customer) == Decimal("10")
|
||||||
|
|
||||||
def test_annotate_has_barman_queryset(self):
|
def test_annotate_has_barman_queryset(self):
|
||||||
"""Test if the custom queryset method `annotate_has_barman` works as intended."""
|
"""Test if the custom queryset method `annotate_has_barman` works as intended."""
|
||||||
counters = Counter.objects.annotate_has_barman(self.barmen)
|
counters = Counter.objects.annotate_has_barman(self.barmen)
|
||||||
|
@ -149,7 +149,7 @@ class CounterClick(CounterTabsMixin, CanViewMixin, SingleObjectMixin, FormView):
|
|||||||
current_tab = "counter"
|
current_tab = "counter"
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return super().get_queryset().exclude(type="EBOUTIC")
|
return super().get_queryset().exclude(type="EBOUTIC").annotate_is_open()
|
||||||
|
|
||||||
def get_form_kwargs(self):
|
def get_form_kwargs(self):
|
||||||
kwargs = super().get_form_kwargs()
|
kwargs = super().get_form_kwargs()
|
||||||
@ -167,13 +167,13 @@ class CounterClick(CounterTabsMixin, CanViewMixin, SingleObjectMixin, FormView):
|
|||||||
if not self.customer.can_buy or self.customer.user.is_banned_counter:
|
if not self.customer.can_buy or self.customer.user.is_banned_counter:
|
||||||
return redirect(obj) # Redirect to counter
|
return redirect(obj) # Redirect to counter
|
||||||
|
|
||||||
if obj.type != "BAR" and not request.user.is_authenticated:
|
if obj.type == "OFFICE" and not obj.club.has_rights_in_club(request.user):
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
|
|
||||||
if obj.type == "BAR" and (
|
if obj.type == "BAR" and (
|
||||||
"counter_token" not in request.session
|
not obj.is_open
|
||||||
|
or "counter_token" not in request.session
|
||||||
or request.session["counter_token"] != obj.token
|
or request.session["counter_token"] != obj.token
|
||||||
or len(obj.barmen_list) == 0
|
|
||||||
):
|
):
|
||||||
return redirect(obj) # Redirect to counter
|
return redirect(obj) # Redirect to counter
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user