mirror of
https://github.com/Nebucatnetzer/network_inventory.git
synced 2024-06-27 03:35:11 +02:00
limit backup_view access
This commit is contained in:
parent
be6c5dab7f
commit
7a6fbe4d7b
|
@ -5,6 +5,8 @@ from django.test import Client
|
||||||
|
|
||||||
from helper import in_content, not_in_content
|
from helper import in_content, not_in_content
|
||||||
|
|
||||||
|
from inventory.models import Customer
|
||||||
|
|
||||||
pytestmark=pytest.mark.django_db
|
pytestmark=pytest.mark.django_db
|
||||||
|
|
||||||
def test_customer_backup_table_not_logged_in():
|
def test_customer_backup_table_not_logged_in():
|
||||||
|
@ -29,4 +31,16 @@ def test_customer_backup_table_no_backup(create_admin_user):
|
||||||
client = Client()
|
client = Client()
|
||||||
client.login(username="novartis-admin", password="password")
|
client.login(username="novartis-admin", password="password")
|
||||||
response = client.get('/customer/' + str(customer.id) + '/backups/')
|
response = client.get('/customer/' + str(customer.id) + '/backups/')
|
||||||
assert response.status_code == 200 and not_in_content(response, "Novartis PC")
|
assert response.status_code == 200
|
||||||
|
|
||||||
|
|
||||||
|
def test_customer_backup_table_no_permission(create_admin_user):
|
||||||
|
fixture = create_admin_user()
|
||||||
|
customer = Customer.objects.create(name='Nestle')
|
||||||
|
client = Client()
|
||||||
|
client.login(username="novartis-admin", password="password")
|
||||||
|
computer = mixer.blend('inventory.Computer', customer=customer)
|
||||||
|
backup = mixer.blend('inventory.Backup', computer=computer)
|
||||||
|
response = client.get('/customer/' + str(customer.id) + '/backups/')
|
||||||
|
assert response.status_code == 403
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ from django_tables2.views import SingleTableMixin
|
||||||
|
|
||||||
from django_filters.views import FilterView
|
from django_filters.views import FilterView
|
||||||
|
|
||||||
from .decorators import computer_view_permission
|
from .decorators import computer_view_permission, customer_view_permission
|
||||||
from .models import (Device, Computer, ComputerRamRelation,
|
from .models import (Device, Computer, ComputerRamRelation,
|
||||||
ComputerDiskRelation, ComputerCpuRelation,
|
ComputerDiskRelation, ComputerCpuRelation,
|
||||||
ComputerSoftwareRelation, Customer, Net, RaidInComputer,
|
ComputerSoftwareRelation, Customer, Net, RaidInComputer,
|
||||||
|
@ -97,6 +97,7 @@ def net_detail_view(request, pk):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@customer_view_permission
|
||||||
def backups_table_view(request, pk):
|
def backups_table_view(request, pk):
|
||||||
computers = Computer.objects.filter(customer=pk)
|
computers = Computer.objects.filter(customer=pk)
|
||||||
table = BackupsTable(Backup.objects.filter(computer__in=computers))
|
table = BackupsTable(Backup.objects.filter(computer__in=computers))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user