feat: add permission checks for menus, view routes

2024-08-14 21:20:00 -05:00 · 2024-08-14 21:20:00 -05:00 · e3942ce65e
commit e3942ce65e
parent 675b51cac2
11 changed files with 537 additions and 40 deletions
--- a/tests/views/test_roles.py
+++ b/tests/views/test_roles.py
@ -31,6 +31,42 @@ class TestRoleView(WebTestCase):
        view.configure_grid(grid)
        self.assertTrue(grid.is_linked('name'))

+    def test_is_editable(self):
+        model = self.app.model
+        auth = self.app.get_auth_handler()
+        blokes = model.Role(name="Blokes")
+        self.session.add(blokes)
+        self.session.commit()
+        view = self.make_view()
+
+        admin = auth.get_role_administrator(self.session)
+        authed = auth.get_role_authenticated(self.session)
+        anon = auth.get_role_anonymous(self.session)
+
+        # editable by default
+        self.assertTrue(view.is_editable(blokes))
+
+        # built-in roles not editable by default
+        self.assertFalse(view.is_editable(admin))
+        self.assertFalse(view.is_editable(authed))
+        self.assertFalse(view.is_editable(anon))
+
+        # reset
+        del self.request.user_permissions
+
+        barney = model.User(username='barney')
+        self.session.add(barney)
+        barney.roles.append(blokes)
+        auth.grant_permission(blokes, 'roles.edit_builtin')
+        self.session.commit()
+
+        # user with perms can edit *some* built-in
+        self.request.user = barney
+        self.assertTrue(view.is_editable(authed))
+        self.assertTrue(view.is_editable(anon))
+        # nb. not this one yet
+        self.assertFalse(view.is_editable(admin))
+
    def test_is_deletable(self):
        model = self.app.model
        auth = self.app.get_auth_handler()