diff --git a/impersonate/tests.py b/impersonate/tests.py index 7ce503c2dd97ba78597f6ff6e4393132753573f6..1c0f2dbccf49264fcce8fa5af62f69357fc48eb5 100644 --- a/impersonate/tests.py +++ b/impersonate/tests.py @@ -1,3 +1,29 @@ +from __future__ import annotations from django.test import TestCase +from django.urls import reverse +from backend.unittest import PersonFixtureMixin -# Create your tests here. + +class TestPermissions(PersonFixtureMixin, TestCase): + @classmethod + def __add_extra_tests__(cls): + non_fd = ["pending", "dc", "dc_ga", "dm", "dm_ga", "dd_nu", "dd_u", "dd_e", "dd_r", "activeam", "oldam"] + fd = ["fd", "dam"] + + for visitor in [None] + non_fd: + for visited in non_fd + fd: + cls._add_method(cls._test_impersonate_fail, visitor, visited) + + for visitor in fd: + for visited in non_fd + fd: + cls._add_method(cls._test_impersonate_success, visitor, visited) + + def _test_impersonate_success(self, visitor, visited): + client = self.make_test_client(visitor) + response = client.post(reverse("impersonate"), data={"pk": self.persons[visited].pk, "next": "/"}) + self.assertRedirectMatches(response, "^/$") + + def _test_impersonate_fail(self, visitor, visited): + client = self.make_test_client(visitor) + response = client.post(reverse("impersonate"), data={"pk": self.persons[visited].pk}) + self.assertPermissionDenied(response) diff --git a/impersonate/views.py b/impersonate/views.py index 8e940395a5579b56f6321542d6285df01796f128..eab368c6d6562732e352636e7e23132151c3a65d 100644 --- a/impersonate/views.py +++ b/impersonate/views.py @@ -21,7 +21,10 @@ class Impersonate(View): messages.add_message(request, messages.INFO, _("Impersonation canceled")) user = effective_user else: - user = User.objects.get(pk=pk) + try: + user = User.objects.get(pk=pk) + except User.DoesNotExist: + raise PermissionDenied request.session["impersonate"] = user.pk messages.info(request, _("Impersonating {}").format(user)) diff --git a/restricted/tests/test_permissions.py b/restricted/tests/test_permissions.py index 64f5a06225b5849d83cad3a004059d5809fd2600..62ba503fe6fc0026c06367bd50f3fb10bc17adef 100644 --- a/restricted/tests/test_permissions.py +++ b/restricted/tests/test_permissions.py @@ -1,3 +1,4 @@ +from __future__ import annotations from django.test import TestCase from django.urls import reverse from backend.unittest import PersonFixtureMixin @@ -7,33 +8,12 @@ import json class TestPermissions(PersonFixtureMixin, TestCase): @classmethod def __add_extra_tests__(cls): - non_fd = ["pending", "dc", "dc_ga", "dm", "dm_ga", "dd_nu", "dd_u", "dd_e", "dd_r", "activeam", "oldam"] - fd = ["fd", "dam"] - - for visitor in [None] + non_fd: - for visited in non_fd + fd: - cls._add_method(cls._test_impersonate_fail, visitor, visited) - - for visitor in fd: - for visited in non_fd + fd: - cls._add_method(cls._test_impersonate_success, visitor, visited) - for visitor in None, "pending", "dc", "dc_ga", "dm", "dm_ga", "dd_e", "dd_r": cls._add_method(cls._test_export_fail, visitor) for visitor in "dd_nu", "dd_u", "activeam", "oldam", "fd", "dam": cls._add_method(cls._test_export_success, visitor) - def _test_impersonate_success(self, visitor, visited): - client = self.make_test_client(visitor) - response = client.get(reverse("impersonate", kwargs={"key": self.persons[visited].lookup_key})) - self.assertRedirectMatches(response, "^/$") - - def _test_impersonate_fail(self, visitor, visited): - client = self.make_test_client(visitor) - response = client.get(reverse("impersonate", kwargs={"key": self.persons[visited].lookup_key})) - self.assertPermissionDenied(response) - def _test_export_success(self, visitor): self.persons.dc.email = "private@example.org"