Permission-check for templates accounts for all permission levels.

`user_can` function built for Jinja template contexts should check application, portfolio, and atat level permissions depending on what resources are available on `g`.
2019-05-06 11:33:33 -04:00
parent 3c1f4ac6df
commit 2d99b5cfc5
2 changed files with 59 additions and 12 deletions
--- a/tests/utils/test_context_processors.py
+++ b/tests/utils/test_context_processors.py
@@ -1,4 +1,8 @@
-from atst.utils.context_processors import get_resources_from_context
+import pytest
+
+from atst.domain.permission_sets import PermissionSets
+from atst.models import Permissions
+from atst.utils.context_processors import get_resources_from_context, user_can_view

 from tests.factories import *

@@ -22,3 +26,40 @@ def test_get_resources_from_context():
        portfolio,
        task_order,
    )
+
+
+@pytest.fixture
+def set_g(request_ctx):
+    def _set_g(attr, val):
+        setattr(request_ctx.g, attr, val)
+
+    yield _set_g
+
+    setattr(request_ctx.g, "application", None)
+    setattr(request_ctx.g, "portfolio", None)
+    setattr(request_ctx.g, "current_user", None)
+
+
+def test_user_can_view(set_g):
+    owner = UserFactory.create()
+    app_user = UserFactory.create()
+    rando = UserFactory.create()
+
+    portfolio = PortfolioFactory.create(owner=owner)
+    application = ApplicationFactory.create(portfolio=portfolio)
+    ApplicationRoleFactory.create(
+        user=app_user,
+        application=application,
+        permission_sets=PermissionSets.get_many([PermissionSets.VIEW_APPLICATION]),
+    )
+
+    set_g("portfolio", portfolio)
+    set_g("application", application)
+    set_g("current_user", owner)
+    assert user_can_view(Permissions.VIEW_APPLICATION)
+
+    set_g("current_user", app_user)
+    assert user_can_view(Permissions.VIEW_APPLICATION)
+
+    set_g("current_user", rando)
+    assert not user_can_view(Permissions.VIEW_APPLICATION)