wutta/wuttaweb
3
0
Fork 0
Code Issues Activity

fix: flush session when creating new object via MasterView

Browse source 
whoops guess that got missed in the refactor.

this also adds our first functional test!  to reproduce the problem
since unit tests didn't catch it.  unfortunately i'm still missing
something about how the functional TestApp is supposed to work, in
conjunction with the test DB etc.  seems to be acting strangely with
regard to permission checks especially...
This commit is contained in:
Lance Edgar 2025-12-28 22:48:36 -06:00
parent ac2d520bde
commit 3af8e8aaf2
6 changed files with 242 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

181
tests/views/test_users.py
View file

@ -8,7 +8,7 @@ import colander
from wuttaweb.grids import Grid
from wuttaweb.views import users as mod
from wuttaweb.testing import WebTestCase
from wuttaweb.testing import WebTestCase, FunctionalTestCase
class TestUserView(WebTestCase):
@ -471,3 +471,182 @@ class TestUserView(WebTestCase):
):
result = view.delete_api_token()
self.assertEqual(result, {"error": "API token not found"})
# TODO: this test seems to work fine on its own, but not in conjunction
# with the next class below. will have to sort this out before adding
# anymore functional tests probably. but it can wait for the moment.
# class TestListUsers(FunctionalTestCase):
# def setUp(self):
# super().setUp()
# model = self.app.model
# auth = self.app.get_auth_handler()
# # add 'fred' user
# self.fred = model.User(username="fred")
# auth.set_user_password(self.fred, "fredpass")
# self.session.add(self.fred)
# # add 'managers' role
# self.managers = model.Role(name="Managers")
# self.fred.roles.append(self.managers)
# self.session.add(self.managers)
# self.session.commit()
# def test_index(self):
# model = self.app.model
# auth = self.app.get_auth_handler()
# testapp = self.make_webtest()
# csrf = self.get_csrf_token(testapp)
# # cannot list users if not logged in
# res = testapp.get("/users/")
# self.assertEqual(res.status_code, 200)
# self.assertIn("Access Denied", res.text)
# self.assertIn("Login", res.text)
# self.assertNotIn("fred", res.text)
# # so we login
# res = testapp.post(
# "/login",
# params={
# "_csrf": csrf,
# "username": "fred",
# "password": "fredpass",
# },
# )
# self.assertEqual(res.status_code, 302)
# self.assertEqual(res.location, "http://localhost/")
# res = res.follow()
# self.assertEqual(res.status_code, 200)
# self.assertNotIn("Login", res.text)
# self.assertIn("fred", res.text)
# perms = self.session.query(model.Permission).all()
# self.assertEqual(len(perms), 0)
# self.assertFalse(auth.has_permission(self.session, self.fred, "users.list"))
# # but we still cannot list users, b/c no perm
# res = testapp.get("/users/")
# self.assertEqual(res.status_code, 200)
# self.assertIn("Access Denied", res.text)
# self.assertNotIn("Login", res.text)
# self.assertIn("fred", res.text)
# # so we grant the perm
# auth.grant_permission(self.managers, "users.list")
# self.session.commit()
# perms = self.session.query(model.Permission).all()
# # now we can list users
# res = testapp.get("/users/")
# self.assertEqual(res.status_code, 200)
# self.assertNotIn("Access Denied", res.text)
# self.assertNotIn("Login", res.text)
# self.assertIn("fred", res.text)
# testapp.get("/logout")
class TestCreateUser(FunctionalTestCase):
def setUp(self):
super().setUp()
model = self.app.model
auth = self.app.get_auth_handler()
# add 'fred' user
self.fred = model.User(username="fred")
auth.set_user_password(self.fred, "fredpass")
self.session.add(self.fred)
# add 'managers' role
self.managers = model.Role(name="Managers")
self.fred.roles.append(self.managers)
self.session.add(self.managers)
self.session.commit()
def test_create(self):
model = self.app.model
auth = self.app.get_auth_handler()
testapp = self.make_webtest()
csrf = self.get_csrf_token(testapp)
# cannot create user if not logged in
res = testapp.get("/users/new")
self.assertEqual(res.status_code, 200)
self.assertIn("Access Denied", res.text)
self.assertIn("Login", res.text)
self.assertNotIn("fred", res.text)
# so we login
res = testapp.post(
"/login",
params={
"_csrf": csrf,
"username": "fred",
"password": "fredpass",
},
)
self.assertEqual(res.status_code, 302)
self.assertEqual(res.location, "http://localhost/")
res = res.follow()
self.assertEqual(res.status_code, 200)
self.assertNotIn("Login", res.text)
self.assertIn("fred", res.text)
# but we still cannot create user, b/c no perm
res = testapp.get("/users/new")
self.assertEqual(res.status_code, 200)
self.assertIn("Access Denied", res.text)
self.assertNotIn("Login", res.text)
self.assertIn("fred", res.text)
# so we grant the perm; then we can create user
auth.grant_permission(self.managers, "users.list")
auth.grant_permission(self.managers, "users.create")
auth.grant_permission(self.managers, "users.view")
self.session.commit()
self.assertTrue(auth.has_permission(self.session, self.fred, "users.create"))
# first get the form
res = testapp.get("/users/new")
self.assertEqual(res.status_code, 200)
self.assertNotIn("Access Denied", res.text)
self.assertNotIn("Login", res.text)
self.assertIn("fred", res.text)
self.assertIn("Username", res.text)
# then post the form; user should be created
res = testapp.post(
"/users/new",
[
("_csrf", csrf),
("username", "barney"),
("__start__", "set_password:mapping"),
("set_password", "barneypass"),
("set_password-confirm", "barneypass"),
("__end__", "set_password:mapping"),
("first_name", "Barney"),
("last_name", "Rubble"),
("__start__", "roles:sequence"),
("checkbox", str(self.managers.uuid)),
("__end__", "roles:sequence"),
],
)
barney = self.session.query(model.User).filter_by(username="barney").first()
self.assertTrue(barney)
self.assertEqual(res.status_code, 302)
self.assertEqual(res.location, f"http://localhost/users/{barney.uuid}")
res = res.follow()
self.assertEqual(res.status_code, 200)
self.assertNotIn("Login", res.text)
self.assertIn("fred", res.text)
self.assertIn("Barney Rubble", res.text)
testapp.get("/logout")