Merge pull request #954 from ae-utbm/fix-subscription

fix access to the subscription page

core/models.py

@@ -530,10 +530,8 @@ class User(AbstractBaseUser):
 
     @cached_property
     def can_create_subscription(self) -> bool:
-        from club.models import Membership
+        return self.is_root or (
-
+            self.memberships.board()
-        return (
-            Membership.objects.board()
             .ongoing()
             .filter(club_id__in=settings.SITH_CAN_CREATE_SUBSCRIPTIONS)
             .exists()

subscription/tests/test_new_susbcription.py

@@ -90,13 +90,20 @@ def test_form_new_user(settings: SettingsWrapper):
 
 @pytest.mark.django_db
 @pytest.mark.parametrize(
-    "user_factory", [lambda: baker.make(User, is_superuser=True), board_user.make]
+    ("user_factory", "status_code"),
+    [
+        (lambda: baker.make(User, is_superuser=True), 200),
+        (board_user.make, 200),
+        (subscriber_user.make, 403),
+    ],
 )
-def test_load_page(client: Client, user_factory: Callable[[], User]):
+def test_page_access(
-    """Just check the page doesn't crash."""
+    client: Client, user_factory: Callable[[], User], status_code: int
+):
+    """Check that only authorized users may access this page."""
     client.force_login(user_factory())
     res = client.get(reverse("subscription:subscription"))
-    assert res.status_code == 200
+    assert res.status_code == status_code
 
 
 @pytest.mark.django_db