limit backup_view access
This commit is contained in:
parent
be6c5dab7f
commit
7a6fbe4d7b
|
@ -5,6 +5,8 @@ from django.test import Client
|
|||
|
||||
from helper import in_content, not_in_content
|
||||
|
||||
from inventory.models import Customer
|
||||
|
||||
pytestmark=pytest.mark.django_db
|
||||
|
||||
def test_customer_backup_table_not_logged_in():
|
||||
|
@ -29,4 +31,16 @@ def test_customer_backup_table_no_backup(create_admin_user):
|
|||
client = Client()
|
||||
client.login(username="novartis-admin", password="password")
|
||||
response = client.get('/customer/' + str(customer.id) + '/backups/')
|
||||
assert response.status_code == 200 and not_in_content(response, "Novartis PC")
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_customer_backup_table_no_permission(create_admin_user):
|
||||
fixture = create_admin_user()
|
||||
customer = Customer.objects.create(name='Nestle')
|
||||
client = Client()
|
||||
client.login(username="novartis-admin", password="password")
|
||||
computer = mixer.blend('inventory.Computer', customer=customer)
|
||||
backup = mixer.blend('inventory.Backup', computer=computer)
|
||||
response = client.get('/customer/' + str(customer.id) + '/backups/')
|
||||
assert response.status_code == 403
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ from django_tables2.views import SingleTableMixin
|
|||
|
||||
from django_filters.views import FilterView
|
||||
|
||||
from .decorators import computer_view_permission
|
||||
from .decorators import computer_view_permission, customer_view_permission
|
||||
from .models import (Device, Computer, ComputerRamRelation,
|
||||
ComputerDiskRelation, ComputerCpuRelation,
|
||||
ComputerSoftwareRelation, Customer, Net, RaidInComputer,
|
||||
|
@ -97,6 +97,7 @@ def net_detail_view(request, pk):
|
|||
|
||||
|
||||
@login_required
|
||||
@customer_view_permission
|
||||
def backups_table_view(request, pk):
|
||||
computers = Computer.objects.filter(customer=pk)
|
||||
table = BackupsTable(Backup.objects.filter(computer__in=computers))
|
||||
|
|
Loading…
Reference in New Issue