Better user profile view checking
This commit is contained in:
parent
f7fb3f5cf7
commit
a22bc22538
|
|
@ -9,14 +9,6 @@ class TestUserURLs(TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
self.user = self.make_user()
|
self.user = self.make_user()
|
||||||
|
|
||||||
def test_list_reverse(self):
|
|
||||||
"""users:list should reverse to /users/."""
|
|
||||||
self.assertEqual(reverse('users:list'), '/users/')
|
|
||||||
|
|
||||||
def test_list_resolve(self):
|
|
||||||
"""/users/ should resolve to users:list."""
|
|
||||||
self.assertEqual(resolve('/users/').view_name, 'users:list')
|
|
||||||
|
|
||||||
def test_redirect_reverse(self):
|
def test_redirect_reverse(self):
|
||||||
"""users:redirect should reverse to /users/~redirect/."""
|
"""users:redirect should reverse to /users/~redirect/."""
|
||||||
self.assertEqual(reverse('users:redirect'), '/users/~redirect/')
|
self.assertEqual(reverse('users:redirect'), '/users/~redirect/')
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,11 @@
|
||||||
from django.test import RequestFactory
|
from django.test import RequestFactory
|
||||||
|
from django.http import Http404
|
||||||
|
|
||||||
from test_plus.test import TestCase
|
from test_plus.test import TestCase
|
||||||
|
|
||||||
from ..views import (
|
from ..views import (
|
||||||
UserRedirectView,
|
UserRedirectView,
|
||||||
|
UserDetailView,
|
||||||
UserUpdateView
|
UserUpdateView
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -12,9 +14,50 @@ class BaseUserTestCase(TestCase):
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
self.user = self.make_user()
|
self.user = self.make_user()
|
||||||
|
self.userTwo = self.make_user(username='username2')
|
||||||
self.factory = RequestFactory()
|
self.factory = RequestFactory()
|
||||||
|
|
||||||
|
|
||||||
|
class TestUserDetailView(BaseUserTestCase):
|
||||||
|
def setUp(self):
|
||||||
|
super(TestUserDetailView, self).setUp()
|
||||||
|
self.client.login(
|
||||||
|
username=self.user.username,
|
||||||
|
password=self.user.password) # defined in fixture or with factory in setUp()
|
||||||
|
|
||||||
|
def test_view_not_logged_in_404s(self):
|
||||||
|
self.client.logout()
|
||||||
|
response = self.client.get('/users/', {'username': self.user.username}, follow=True)
|
||||||
|
self.assertEqual(
|
||||||
|
response.status_code,
|
||||||
|
404
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_user_profile_does_not_exist_404s(self):
|
||||||
|
response = self.client.get('/users/', {'username': 'does-not-exist'}, follow=True)
|
||||||
|
self.assertEqual(
|
||||||
|
response.status_code,
|
||||||
|
404
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_view_anothers_profile_404s(self):
|
||||||
|
response = self.client.get(
|
||||||
|
'/users/',
|
||||||
|
{'username': self.userTwo.username},
|
||||||
|
follow=True)
|
||||||
|
self.assertEqual(
|
||||||
|
response.status_code,
|
||||||
|
404
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_view_users_own_profile_succeeds(self):
|
||||||
|
response = self.client.get('/users/%s' % self.user.username, follow=True)
|
||||||
|
self.assertEqual(
|
||||||
|
response.status_code,
|
||||||
|
200
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TestUserRedirectView(BaseUserTestCase):
|
class TestUserRedirectView(BaseUserTestCase):
|
||||||
|
|
||||||
def test_get_redirect_url(self):
|
def test_get_redirect_url(self):
|
||||||
|
|
|
||||||
|
|
@ -8,11 +8,6 @@ from . import views
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url('^access-cards/', include(access_card_patterns, namespace='rfid')),
|
url('^access-cards/', include(access_card_patterns, namespace='rfid')),
|
||||||
url(
|
|
||||||
regex=r'^$',
|
|
||||||
view=views.UserListView.as_view(),
|
|
||||||
name='list'
|
|
||||||
),
|
|
||||||
url(
|
url(
|
||||||
regex=r'^~redirect/$',
|
regex=r'^~redirect/$',
|
||||||
view=views.UserRedirectView.as_view(),
|
view=views.UserRedirectView.as_view(),
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
from __future__ import absolute_import, unicode_literals
|
from __future__ import absolute_import, unicode_literals
|
||||||
|
from django.http import Http404
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.views.generic import DetailView, ListView, RedirectView, UpdateView
|
from django.views.generic import DetailView, ListView, RedirectView, UpdateView
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
|
|
@ -18,6 +18,14 @@ class UserDetailView(LoginRequiredMixin, DetailView):
|
||||||
slug_field = 'username'
|
slug_field = 'username'
|
||||||
slug_url_kwarg = 'username'
|
slug_url_kwarg = 'username'
|
||||||
|
|
||||||
|
|
||||||
|
def get_object(self):
|
||||||
|
user = super(UserDetailView, self).get_object()
|
||||||
|
# Disallow users to view others profiles
|
||||||
|
if user.username == self.request.user.username:
|
||||||
|
return user
|
||||||
|
raise Http404()
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
# xxx will be available in the template as the related objects
|
# xxx will be available in the template as the related objects
|
||||||
context = super(UserDetailView, self).get_context_data(**kwargs)
|
context = super(UserDetailView, self).get_context_data(**kwargs)
|
||||||
|
|
@ -64,10 +72,3 @@ class UserUpdateView(LoginRequiredMixin, UpdateView):
|
||||||
blurb_model.save()
|
blurb_model.save()
|
||||||
|
|
||||||
return super(UserUpdateView, self).form_valid(form)
|
return super(UserUpdateView, self).form_valid(form)
|
||||||
|
|
||||||
|
|
||||||
class UserListView(LoginRequiredMixin, ListView):
|
|
||||||
model = User
|
|
||||||
# These next two lines tell the view to index lookups by username
|
|
||||||
slug_field = 'username'
|
|
||||||
slug_url_kwarg = 'username'
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue