almet/la-chariotte
1
0
Fork 0
mirror of https://framagit.org/la-chariotte/la-chariotte.git synced 2025-05-01 11:22:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Orga View only accessible by orga user

Browse source
This commit is contained in:
Laetitia Getti 2023-04-19 17:48:01 +02:00
parent 2fdc1b6862
commit 1edd6322f4
4 changed files with 78 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
la_chariotte/order/templates/order/grouped_order_detail.html
View file

@ -11,7 +11,19 @@
<p>Organisateur·ice : {{ grouped_order.orga }}</p>
<p>Date de livraison : {{ grouped_order.delivery_date }}</p>
les produits disponibles pour cette commande groupée :
{% if not user.is_authenticated %}
<p>Vous êtes l'organisateur·ice de cette commande groupée ?
<a href="{% url 'order:grouped_order_orga' grouped_order.id %}">
Connectez-vous pour accéder à la page de gestion</a>
</p>
{% endif %}
{% if user == grouped_order.orga %}
<a href="{% url 'order:grouped_order_orga' grouped_order.id %}">
Page de gestion de la comande groupée</a>
{% endif %}
<p>les produits disponibles pour cette commande groupée : </p>
<ul>
{% for item in grouped_order.item_set.all %}

2
la_chariotte/order/templates/order/grouped_order_orga.html
View file

@ -29,6 +29,6 @@
{% endfor %}
</ul>
<a href={% url 'order:order' grouped_order.id %}>Retour à la page de commande</a>
<a href={% url 'order:grouped_order_detail' grouped_order.id %}>Retour à la page de commande</a>
</body>
</html>

57
la_chariotte/order/tests/test_views.py
View file

@ -287,3 +287,60 @@ class TestGroupedOrderDetailView:
assert item.ordered_nb == 1
order = Order.objects.first()
assert order.ordered_items.count() == 1
class TestGroupedOrderOrgaView:
def test_user_not_logged_redirect(self, client, other_user):
"""
A user that is not logged cannot see the GroupedOrderOrgaView. They get redirected to the login view
"""
grouped_order = create_grouped_order(
days_before_delivery_date=5,
days_before_deadline=2,
name="gr order test",
orga_user=other_user,
)
orga_view_url = reverse(
"order:grouped_order_orga",
kwargs={
"pk": grouped_order.pk,
},
)
assert auth.get_user(client).is_anonymous
response = client.get(orga_view_url)
assert response.status_code == 302
assert response.url.startswith(reverse("login"))
assert response.url.endswith(
reverse(
"order:grouped_order_orga",
kwargs={
"pk": grouped_order.pk,
},
)
)
def test_user_not_orga_redirect(self, client_log, other_user):
"""
A user that is not orga cannot see the GroupedOrderOrgaView.
They get a 403 forbidden error
"""
grouped_order = create_grouped_order(
days_before_delivery_date=5,
days_before_deadline=2,
name="gr order test",
orga_user=other_user,
)
orga_view_url = reverse(
"order:grouped_order_orga",
kwargs={
"pk": grouped_order.pk,
},
)
detail_view_url = reverse(
"order:grouped_order_detail",
kwargs={
"pk": grouped_order.pk,
},
)
response = client_log.get(orga_view_url)
assert response.status_code == 403

9
la_chariotte/order/views.py
View file

@ -1,4 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.http import HttpResponseRedirect
from django.shortcuts import get_object_or_404, render
from django.urls import reverse, reverse_lazy
@ -58,11 +58,16 @@ class GroupedOrderDetailView(generic.DetailView):
context_object_name = "grouped_order"
class GroupedOrderOrgaView(generic.DetailView):
class GroupedOrderOrgaView(UserPassesTestMixin, generic.DetailView):
"""Overview of a grouped order, for the organizer"""
model = GroupedOrder
template_name = "order/grouped_order_orga.html"
context_object_name = "grouped_order"
def test_func(self):
"""Accessible only if the requesting user is the grouped order organizer"""
return self.get_object().orga == self.request.user
def order(