Commit f30020ee authored by Joost Rijneveld's avatar Joost Rijneveld
Browse files

Merge branch 'event_organisers_part2' into 'master'

Fix the ModelAdmin change permissions

See merge request !440
parents 0e21c0e6 154546b2
......@@ -71,10 +71,12 @@ class EventAdmin(DoNextModelAdmin):
def has_change_permission(self, request, event=None):
try:
if not request.user.is_superuser and event is not None:
if (not request.user.is_superuser and event is not None and
event.organiser is not None):
committees = request.user.member.get_committees().filter(
Q(pk=event.organiser.pk)).count()
return committees > 0
if committees == 0:
return False
except Member.DoesNotExist:
pass
return super().has_change_permission(request, event)
......
......@@ -72,6 +72,60 @@ class AdminTest(TestCase):
response = self.client.get('/events/admin/1/')
self.assertEqual(200, response.status_code)
def test_modeladmin_change_no_organiser_allowed(self):
response = self.client.get('/admin/events/event/1/change/')
self.assertEqual(200, response.status_code)
def test_modeladmin_change_organiser_allowed(self):
"""Test the ModelAdmin change page
If I'm an organiser I should be allowed access
"""
self.event.organiser = self.committee
CommitteeMembership.objects.create(
member=self.member,
committee=self.committee)
self.event.save()
response = self.client.get('/admin/events/event/1/change/')
self.assertEqual(200, response.status_code)
def test_modeladmin_change_organiser_no_permissions_denied(self):
"""Test the ModelAdmin change page
If I'm an organiser, but don't have perms I should not
be allowed access
"""
self._remove_event_permission()
self.event.organiser = self.committee
CommitteeMembership.objects.create(
member=self.member,
committee=self.committee)
self.event.save()
response = self.client.get('/admin/events/event/1/change/')
self.assertEqual(403, response.status_code)
def test_modeladmin_change_superuser_allowed(self):
"""Test the ModelAdmin change page
If I'm an organiser I should be allowed access
"""
self.event.organiser = self.committee
self.event.save()
self.member.user.is_superuser = True
self.member.user.save()
response = self.client.get('/admin/events/event/1/change/')
self.assertEqual(200, response.status_code)
def test_modeladmin_change_organiser_denied(self):
"""Test the ModelAdmin change page
If I'm not an organiser I should not be allowed access
"""
self.event.organiser = self.committee
self.event.save()
response = self.client.get('/admin/events/event/1/change/')
self.assertEqual(403, response.status_code)
class RegistrationTest(TestCase):
"""Tests for registration view"""
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment