mirror of
https://framagit.org/la-chariotte/la-chariotte.git
synced 2025-05-01 19:32:26 +02:00
Orga View only accessible by orga user
This commit is contained in:
Laetitia Getti
parent
2fdc1b6862
commit
1edd6322f4
4 changed files with 78 additions and 4 deletions
|
|
@ -11,7 +11,19 @@
|
||||||
<p>Organisateur·ice : {{ grouped_order.orga }}</p>
|
<p>Organisateur·ice : {{ grouped_order.orga }}</p>
|
||||||
<p>Date de livraison : {{ grouped_order.delivery_date }}</p>
|
<p>Date de livraison : {{ grouped_order.delivery_date }}</p>
|
||||||
|
|
||||||
les produits disponibles pour cette commande groupée :
|
{% if not user.is_authenticated %}
|
||||||
|
<p>Vous êtes l'organisateur·ice de cette commande groupée ?
|
||||||
|
<a href="{% url 'order:grouped_order_orga' grouped_order.id %}">
|
||||||
|
Connectez-vous pour accéder à la page de gestion</a>
|
||||||
|
</p>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if user == grouped_order.orga %}
|
||||||
|
<a href="{% url 'order:grouped_order_orga' grouped_order.id %}">
|
||||||
|
Page de gestion de la comande groupée</a>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
<p>les produits disponibles pour cette commande groupée : </p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
{% for item in grouped_order.item_set.all %}
|
{% for item in grouped_order.item_set.all %}
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,6 @@
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<a href={% url 'order:order' grouped_order.id %}>Retour à la page de commande</a>
|
<a href={% url 'order:grouped_order_detail' grouped_order.id %}>Retour à la page de commande</a>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
|
|
@ -287,3 +287,60 @@ class TestGroupedOrderDetailView:
|
||||||
assert item.ordered_nb == 1
|
assert item.ordered_nb == 1
|
||||||
order = Order.objects.first()
|
order = Order.objects.first()
|
||||||
assert order.ordered_items.count() == 1
|
assert order.ordered_items.count() == 1
|
||||||
|
|
||||||
|
|
||||||
|
class TestGroupedOrderOrgaView:
|
||||||
|
def test_user_not_logged_redirect(self, client, other_user):
|
||||||
|
"""
|
||||||
|
A user that is not logged cannot see the GroupedOrderOrgaView. They get redirected to the login view
|
||||||
|
"""
|
||||||
|
grouped_order = create_grouped_order(
|
||||||
|
days_before_delivery_date=5,
|
||||||
|
days_before_deadline=2,
|
||||||
|
name="gr order test",
|
||||||
|
orga_user=other_user,
|
||||||
|
)
|
||||||
|
orga_view_url = reverse(
|
||||||
|
"order:grouped_order_orga",
|
||||||
|
kwargs={
|
||||||
|
"pk": grouped_order.pk,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
assert auth.get_user(client).is_anonymous
|
||||||
|
response = client.get(orga_view_url)
|
||||||
|
assert response.status_code == 302
|
||||||
|
assert response.url.startswith(reverse("login"))
|
||||||
|
assert response.url.endswith(
|
||||||
|
reverse(
|
||||||
|
"order:grouped_order_orga",
|
||||||
|
kwargs={
|
||||||
|
"pk": grouped_order.pk,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_user_not_orga_redirect(self, client_log, other_user):
|
||||||
|
"""
|
||||||
|
A user that is not orga cannot see the GroupedOrderOrgaView.
|
||||||
|
They get a 403 forbidden error
|
||||||
|
"""
|
||||||
|
grouped_order = create_grouped_order(
|
||||||
|
days_before_delivery_date=5,
|
||||||
|
days_before_deadline=2,
|
||||||
|
name="gr order test",
|
||||||
|
orga_user=other_user,
|
||||||
|
)
|
||||||
|
orga_view_url = reverse(
|
||||||
|
"order:grouped_order_orga",
|
||||||
|
kwargs={
|
||||||
|
"pk": grouped_order.pk,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
detail_view_url = reverse(
|
||||||
|
"order:grouped_order_detail",
|
||||||
|
kwargs={
|
||||||
|
"pk": grouped_order.pk,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
response = client_log.get(orga_view_url)
|
||||||
|
assert response.status_code == 403
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from django.shortcuts import get_object_or_404, render
|
from django.shortcuts import get_object_or_404, render
|
||||||
from django.urls import reverse, reverse_lazy
|
from django.urls import reverse, reverse_lazy
|
||||||
|
|
@ -58,11 +58,16 @@ class GroupedOrderDetailView(generic.DetailView):
|
||||||
context_object_name = "grouped_order"
|
context_object_name = "grouped_order"
|
||||||
|
|
||||||
|
|
||||||
class GroupedOrderOrgaView(generic.DetailView):
|
class GroupedOrderOrgaView(UserPassesTestMixin, generic.DetailView):
|
||||||
"""Overview of a grouped order, for the organizer"""
|
"""Overview of a grouped order, for the organizer"""
|
||||||
|
|
||||||
model = GroupedOrder
|
model = GroupedOrder
|
||||||
template_name = "order/grouped_order_orga.html"
|
template_name = "order/grouped_order_orga.html"
|
||||||
|
context_object_name = "grouped_order"
|
||||||
|
|
||||||
|
def test_func(self):
|
||||||
|
"""Accessible only if the requesting user is the grouped order organizer"""
|
||||||
|
return self.get_object().orga == self.request.user
|
||||||
|
|
||||||
|
|
||||||
def order(
|
def order(
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue